From 833ecef10a0e8492142faa9daf0a75ede9a86db6 Mon Sep 17 00:00:00 2001 From: Charlie Root Date: Sat, 10 Dec 2011 21:12:14 +0000 Subject: adding features and syntax --- config/freeradius2/freeradius.inc | 326 +++++++++++++++++------------- config/freeradius2/freeradius.xml | 11 +- config/freeradius2/freeradiusclients.xml | 156 ++++++++++---- config/freeradius2/freeradiussettings.xml | 204 ++++++++++--------- 4 files changed, 430 insertions(+), 267 deletions(-) mode change 100644 => 100755 config/freeradius2/freeradius.xml diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 2408e91c..d5e49883 100755 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -6,10 +6,9 @@ define('RADDB', '/usr/local/etc/raddb'); function freeradius_deinstall_command() { exec("cd /var/db/pkg && pkg_delete `ls | grep freeradius`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep python`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep perl`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep libltdl`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep gdbm`"); + exec("rm -rf /usr/local/etc/raddb/"); + exec("rm -rf /var/log/raddb/"); + exec("rm -rf /var/log/radacct/"); } function freeradius_install_command() { @@ -26,7 +25,8 @@ function freeradius_install_command() { exec("chown -R root:wheel /usr/local/etc/raddb"); exec("chown -R root:wheel /usr/local/lib/freeradius-2.1.12"); - exec("chown -R root:wheel /var/run/radiusd"); + exec("chown -R root:wheel /var/log/raddb"); + exec("chown -R root:wheel /var/log/radacct"); closedir($handle); @@ -44,22 +44,23 @@ function freeradius_install_command() { function freeradius_settings_resync() { global $config; - $settings = $config['installedpackages']['freeradiussettings']['config'][0]; - $iface = ($settings['interface'] ? $settings['interface'] : 'LAN'); - $iface = convert_friendly_interface_to_real_interface_name($iface); - $iface_ip = find_interface_ip($iface); - $interface_ip = $settings['interface_ip']; - $port = ($settings['port'] != '' ? $settings['port'] : 0); - $radiuslogging = $settings['radiuslogging']; - $radiuslogbadpass = $settings['radiuslogbadpass']; - $radiusloggoodpass = $settings['radiusloggoodpass']; - $max_requests_var = $settings['max_requests_var']; - $max_request_time_var = $settings['max_request_time_var']; - $cleanup_delay_var = $settings['cleanup_delay_var']; - $logdir_var = $settings['logdir_var']; - - // FreeRADIUS's configuration is huge - // This is the standard default config file, trimmed down a bit. Somebody might want to implement more options. It should be as simple as editing this, then also providing the settings in each file that was included here (or maybe just put the config inlined here). + $conf = ''; + + // Definition variables for freeradiussettings + $varsettings = $config['installedpackages']['freeradiussettings']['config'][0]; + $varsettingsmaxrequesttime = $varsettings['varsettingsmaxrequesttime']; + $varsettingscleanupdelay = $varsettings['varsettingscleanupdelay']; + $varsettingsmaxrequests = $varsettings['varsettingsmaxrequests']; + $varsettingslogdir = $varsettings['varsettingslogdir']; + $varsettingsstrippednames = $varsettings['varsettingsstrippednames']; + $varsettingsauth = $varsettings['varsettingsauth']; + $varsettingsauthbadpass = $varsettings['varsettingsauthbadpass']; + $varsettingsauthgoodpass = $varsettings['varsettingsauthgoodpass']; + $varsettingshostnamelookups = $varsettings['varsettingshostnamelookups']; + $varsettingsallowcoredumps = $varsettings['varsettingsallowcoredumps']; + $varsettingsregularexpressions = $varsettings['varsettingsregularexpressions']; + $varsettingsextendedexpressions = $varsettings['varsettingsextendedexpressions']; + $conf = << '') { - $head .=", Simultaneous-Use := $multiconnect"; - } - if ($userexpiration <> '') { - $head .=", Expiration := ".'"'.$userexpiration.'"'; - } - if ($subnetmask<> '') { - $head .=", Framed-IP-Netmask = $subnetmask"; - } - if ($gateway<> '') { - $head .=", Framed-Route = $gateway"; - } - if ($onlinetime <> '') { - $head .=", Login-Time := ". '"' . $onlinetime .'"'; - } - if ($ip <> '') { - if ($atrib <> '') { $atrib .=","; } - $atrib .="\r\n\tFramed-IP-Address = $ip"; - } - if ($sessiontime <> '') { - if ($atrib <> '') { $atrib .=","; } - $atrib .="\r\n\tSession-Timeout := $sessiontime"; - } - if ($vlanid <> '') { - if ($atrib <> '') { $atrib .=","; } - $atrib .="\r\n\tTunnel-Type = VLAN,\r\n\tTunnel-Medium-Type = IEEE-802,\r\n\tTunnel-Private-Group-ID = \"$vlanid\""; - } - if ($additionaloptions <> '') { - if ($atrib <> '') { $atrib .=","; } - $atrib .="\r\n\t$additionaloptions"; - } +$conf = ''; +$users = $config['installedpackages']['freeradius']['config']; +if (is_array($users)) { + foreach ($users as $user) { + $username = $user['username']; + $password = $user['password']; + $multiconnect = $user['multiconnect']; + $ip = $user['ip']; + $subnetmask = $user['subnetmask']; + $gateway = $user['gateway']; + $userexpiration=$user['expiration']; + $sessiontime=$user['sessiontime']; + $onlinetime=$user['onlinetime']; + $vlanid=$user['vlanid']; + $additionaloptions=$user['additionaloptions']; + $atrib=''; + $head="$username User-Password == ".'"'.$password.'"'; + if ($multiconnect <> '') { + $head .=", Simultaneous-Use := $multiconnect"; + } + if ($userexpiration <> '') { + $head .=", Expiration := ".'"'.$userexpiration.'"'; + } + if ($subnetmask<> '') { + $head .=", Framed-IP-Netmask = $subnetmask"; + } + if ($gateway<> '') { + $head .=", Framed-Route = $gateway"; + } + if ($onlinetime <> '') { + $head .=", Login-Time := ". '"' . $onlinetime .'"'; + } + if ($ip <> '') { + if ($atrib <> '') { $atrib .=","; } + $atrib .="\r\n\tFramed-IP-Address = $ip"; + } + if ($sessiontime <> '') { + if ($atrib <> '') { $atrib .=","; } + $atrib .="\r\n\tSession-Timeout := $sessiontime"; + } + if ($vlanid <> '') { + if ($atrib <> '') { $atrib .=","; } + $atrib .="\r\n\tTunnel-Type = VLAN,\r\n\tTunnel-Medium-Type = IEEE-802,\r\n\tTunnel-Private-Group-ID = \"$vlanid\""; + } + if ($additionaloptions <> '') { + if ($atrib <> '') { $atrib .=","; } + $atrib .="\r\n\t$additionaloptions"; + } $conf .= << +?> \ No newline at end of file diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml old mode 100644 new mode 100755 index 79787e56..40685657 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -69,9 +69,13 @@ - Clients + NAS / Clients /pkg.php?xml=freeradiusclients.xml + + Interfaces + /pkg.php?xml=freeradiusinterfaces.xml + Settings /pkg_edit.php?xml=freeradiussettings.xml&id=0 @@ -126,6 +130,11 @@ 0775 http://www.pfsense.org/packages/config/freeradius2/freeradiussettings.xml + + /usr/local/pkg/ + 0775 + http://www.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml + /usr/local/pkg/ 0775 diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml index ce6abfdb..6719c6b4 100755 --- a/config/freeradius2/freeradiusclients.xml +++ b/config/freeradius2/freeradiusclients.xml @@ -2,8 +2,8 @@ - - + - - Describe your package here - Describe your package requirements here - Currently there are no FAQ items provided. + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. freeradiusclients none FreeRADIUS: Clients /usr/local/pkg/freeradius.inc - - Users - /pkg.php?xml=freeradius.xml - - - Clients - /pkg.php?xml=freeradiusclients.xml + + Users + /pkg.php?xml=freeradius.xml + + + NAS / Clients + /pkg.php?xml=freeradiusclients.xml - - - Settings - /pkg_edit.php?xml=freeradiussettings.xml&id=0 - - + + + Interfaces + /pkg.php?xml=freeradiusinterfaces.xml + + + Settings + /pkg_edit.php?xml=freeradiussettings.xml&id=0 + + - Client - client + Client IP Address + varclientip - Shortname - shortname + Client IP Version + varclientipversion + + + Client Shortname + varclientshortname + + + Client Protocol + varclientproto + + + Client NAS Type + varclientnastype + + + Require Message Authenticator + varrequiremessageauthenticator + + + Max Connections + varclientmaxconnections Description @@ -80,30 +104,92 @@ - Client - client - Enter the client's IP address. + Client IP Address + varclientip + Enter the IP address of the client. This is in general the IP of the NAS (switch,accesspoint). input - Shortname - shortname - Enter the client's shortname. + Client IP Version + varclientipversion + select + ipaddr + + + + + + + + Client Shortname + varclientshortname + Enter shortname of the client. This is in general the IP of the NAS (switch,accesspoint). input - Shared Secret - sharedsecret - Enter the client's shared secret here + Client Shared Secret + varclientsharedsecret + Enter the shared secret of the client here. This is the shared secret (password) which the NAS (switch or accesspoint) needs to communicate with the RADIUS server. password + + Client Protocol + varclientproto + Enter the protocol the client uses. (Default: udp) + select + udp + + + + + + + + Client NAS Type + varclientnastype + Enter the NAS type of the client. This is used by checkrad.pl for simultaneous use checks. (Default: other) + select + other + + + + + + + + + + + + + + + + + Require Message Authenticator + varrequiremessageauthenticator + RFC5080 requires Message-Authenticator in Access-Request. But older NAS (switches or accesspoints) do not include that. (Default: no) + select + no + + + + + + + Max Connections + varclientmaxconnections + Takes only effect if you use TCP as protocol. This is the mirror of "Max Requests Server" from "Settings" tab. (Default 16) + input + 16 + Description description - Enter the description of the user here + Enter any description you like for this client. input @@ -113,4 +199,4 @@ freeradius_clients_resync(); - + \ No newline at end of file diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index 0ea8ae50..bab82e72 100755 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -2,8 +2,8 @@ - - + - - Describe your package here - Describe your package requirements here - Currently there are no FAQ items provided. + ]]> + + Describe your package here + Describe your package requirements here + Currently there are no FAQ items provided. freeradiussettings none FreeRADIUS: Settings pkg_edit.php?xml=freeradiussettings.xml&id=0 /usr/local/pkg/freeradius.inc - - Users - /pkg.php?xml=freeradius.xml - - - Clients - /pkg.php?xml=freeradiusclients.xml - - - Settings - /pkg_edit.php?xml=freeradiussettings.xml&id=0 + + Users + /pkg.php?xml=freeradius.xml + + + NAS / Clients + /pkg.php?xml=freeradiusclients.xml + + + Interfaces + /pkg.php?xml=freeradiusinterfaces.xml + + + Settings + /pkg_edit.php?xml=freeradiussettings.xml&id=0 - - + + - Listening Interface(s) - interface_ip - Enter the desired listening interface IP here ( 192.168.1.0 ) or use "*" (without "") for any interface. - input - * - + Logging Destination of RADIUS + varsettingslogdir + Choose the destination where freeRADIUS should log. Logging must be enabled.(Default: radius.log) + select + files + + + + + + - Port - port - Enter the port the RADIUS server will listen on. Leave blank to default to the system default, i.e., 1812. - input - 1812 + RADIUS Logging + varsettingsauth + Choose if you want to enable logging. (Default: Disabled) + select + no + + + + + + + Log Bad Authentication Attempts + varsettingsauthbadpass + Choose if you want to log bad authentication attempts. Logging must be enabled. (Default: no) + select + no + + + + + + + Log good authentication attempts? + varsettingsauthgoodpass + Choose if you want to log good authentication attempts. Logging must be enabled. (Default: no) + select + no + + + + - Maximum requests server - max_requests_var - The maximum number of requests the RADIUS server can handle. Default is 1024. It should be 256 * number of clients e.g.: 4 Switches * 256 = 1024. + Log Stripped Names + varsettingsstrippednames + Choose if you want to log the full User-Name attribute as it was found in the request. Logging must be enabled. (Default: no) + select + no + + + + + + + Maximum Requests Server + varsettingsmaxrequests + The maximum number of requests the server could handle at a time until "Cleanup Delay" deletes them. Useful range 256 * NAS. If it is set to low it will make the server busy. A higher value is better (but increased RAM usage) but it shouldn't be higher than 1000 * NAS. (Default: 1024) input 1024 - Max request time - max_request_time_var - The maximum time (in seconds) to handle a request. Default is 30. Useful range of values: 5 to 120. + Max Request Timeout + varsettingsmaxrequesttime + The maximum time to handle a request in seconds. (Default: 30) input 30 - Cleanup delay - cleanup_delay_var - The time to wait (in seconds) before cleaning up a reply which was sent to the NAS. Default is 5. Useful range of values: 2 to 10. + Cleanup Delay + varsettingscleanupdelay + The time to wait before cleaning up a reply which was sent to the NAS in seconds. (Default: 5) input 5 - Radius Logging Destination - logdir_var - Logging to "syslog" or "/var/log/radius.log" ? + NAS Hostname Lookup + varsettingshostnamelookups + Log the names of NAS instead of IP addresses. Turning this on can result in lock ups of the RADIUS Server. (Default: no) select - /var/log + no - - + + - + - Radius Logging - radiuslogging - Enable logging? + Allow Core Dumps + varsettingsallowcoredumps + Only turn this on if you need to debug the RADIUS server! (Default: no) select no - - + + - + - Log bad authentication attempts? - radiuslogbadpass - Specifies whether to log bad authentication attempts to the radius.log file. Radius Logging must be enabled for this to work. + Regular Expressions + varsettingsregularexpressions + Allows regular expressions. (Default: yes) select - no + yes - - + + - Log good authentication attempts? - radiusloggoodpass - Specifies whether to log good authentication attempts to the radius.log file. Radius Logging must be enabled for this to work. + Extended Expressions + varsettingsextendedexpressions + Allows extended expressions. (Default: yes) select - no + yes - - + + - + freeradius_settings_resync(); @@ -177,4 +199,4 @@ freeradius_settings_resync(); - + \ No newline at end of file -- cgit v1.2.3 From 4812023220220d7ede2d88daf62ebd81ae18fadb Mon Sep 17 00:00:00 2001 From: Nachtfalke Date: Sat, 10 Dec 2011 22:19:04 +0100 Subject: bump version --- pkg_config.8.xml.amd64 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 637cd1bf..6f046a47 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -801,11 +801,11 @@ freeradius2 http://www.freeradius.org/ - freeRADIUS 2.1.12 - The package is based on freeradius 1.1.8 package.
+ freeRADIUS 2.1.12
DO NOT USE ON PRODUCTION SYSTEMS AND NOT TOGETHER WITH freeradius. Both packages are using the same config files]]>
http://forum.pfsense.org/index.php/topic,43675.0.html System - 2.1.12 pkg v0.3 + 2.1.12 pkg v0.8 Alpha 2.0 Nachtfalke -- cgit v1.2.3 From d5cf6873da63b72bba53b3bfd1bb69a7614eca5f Mon Sep 17 00:00:00 2001 From: Nachtfalke Date: Sat, 10 Dec 2011 22:19:54 +0100 Subject: bump version --- pkg_config.8.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 31aad164..0ae10e34 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -759,11 +759,11 @@ freeradius2 http://www.freeradius.org/ - freeRADIUS 2.1.12 - The package is based on freeradius 1.1.8 package.
+ freeRADIUS 2.1.12
DO NOT USE ON PRODUCTIVE SYSTEMS AND NOT TOGETHER WITH freeradius. Both packages are using the same config files]]>
http://forum.pfsense.org/index.php/topic,43675.0.html System - 2.1.12 pkg v0.3 + 2.1.12 pkg v0.8 Alpha 2.0 Nachtfalke -- cgit v1.2.3 From 3f30e413c180abab2c09ee1d318938b1e14186e6 Mon Sep 17 00:00:00 2001 From: Charlie Root Date: Sat, 10 Dec 2011 21:22:50 +0000 Subject: adding additional xml --- config/freeradius2/freeradiusinterfaces.xml | 151 ++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) create mode 100755 config/freeradius2/freeradiusinterfaces.xml diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml new file mode 100755 index 00000000..f2de1008 --- /dev/null +++ b/config/freeradius2/freeradiusinterfaces.xml @@ -0,0 +1,151 @@ + + + + + + . + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + + Describe your package here. + Describe your package requirements here + Currently there are no FAQ items provided. + freeradiusinterfaces + none + FreeRADIUS: Interfaces + /usr/local/pkg/freeradius.inc + + + Users + /pkg.php?xml=freeradius.xml + + + NAS / Clients + /pkg.php?xml=freeradiusclients.xml + + + Interfaces + /pkg.php?xml=freeradiusinterfaces.xml + + + + Settings + /pkg_edit.php?xml=freeradiussettings.xml&id=0 + + + + + Listening Interface + varinterfaceip + + + Port + varinterfaceport + + + Interface Type + varinterfacetype + + + IP Version + varinterfaceipversion + + + Description + description + + + + + Listening Interface + varinterfaceip + Enter the IP address of the listening interface. e.g. 192.168.100.1 (Default: *) + input + * + + + + Port + varinterfaceport + Enter the port number of the listening interface. e.g. 1812 (Default: 1812) + input + 1812 + + + + Interface Type + varinterfacetype + Enter the type of the listening interface. (Default: auth) + select + auth + + + + + + + + + + + + IP Version + varinterfaceipversion + Enter the IP version of the listening interface. (Default: IPv4) + select + ipaddr + + + + + + + + Description + description + Enter any description you like for this interface. + input + + + + freeradius_settings_resync(); + + + freeradius_settings_resync(); + + -- cgit v1.2.3