From ca138ce6072599a7c2488bea0826222971f06bfb Mon Sep 17 00:00:00 2001 From: Nachtfalke Date: Sun, 8 Jan 2012 02:35:30 +0100 Subject: - fixed: logging output - added: activated time correction for NAS which send a start-packet instead of a "start-time" packet. - fixed: changed order of EAP and PLAIN MAC AUTH module to reduce confusion when reading file --- config/freeradius2/freeradius.inc | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 7168f00a..ecf21a5e 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -77,13 +77,13 @@ function freeradius_install_command() { // creating a backup file of the original policy.conf no matter if user checked this or not if (!file_exists("/usr/local/etc/raddb/policy.conf.backup")) { - log_error("FreeRADIUS: Creating backup of the original file to {$filepolicyconfbackup}"); + log_error("FreeRADIUS: Creating backup of the original file to /usr/local/etc/raddb/policy.conf.backup"); copy("/usr/local/etc/raddb/policy.conf", "/usr/local/etc/raddb/policy.conf.backup"); } // creating a backup file of the original /modules/files no matter if user checked this or not if (!file_exists("/usr/local/etc/raddb/files.backup")) { - log_error("FreeRADIUS: Creating backup of the original file to {$filemodulesfilesbackup}"); + log_error("FreeRADIUS: Creating backup of the original file to /usr/local/etc/raddb/files.backup"); copy("/usr/local/etc/raddb/modules/files", "/usr/local/etc/raddb/files.backup"); } @@ -907,20 +907,17 @@ function freeradius_serverdefault_resync() { // If unchecked we need the normal EAP section. if (!$varsettings['varsettingsenablemacauth']) { - $varplainmacauthenable = ''; - $varplainmacauthenable .= "eap {"; - $varplainmacauthenable .= "\n\tok = return"; - $varplainmacauthenable .= "\n\t}"; + $varplainmacauthenable = '##### AUTHORIZE FOR PLAIN MAC-AUTH IS DISABLED #####'; - $varplainmacpreacctenable = ''; - $varplainmacpreacctenable .= '##### ACCOUNTING FOR PLAIN MAC-AUTH DISABLED #####'; + $varplainmacpreacctenable = '##### ACCOUNTING FOR PLAIN MAC-AUTH DISABLED #####'; } // If checked we need to check if it is plain mac or eap else { $varplainmacauthenable = ''; - $varplainmacauthenable .= "\t### FIRST check MAC address in authorized_macs and if that fails proceed with other checks below in else-section ###"; - $varplainmacauthenable .= "\n\t# if cleaning up the Calling-Station-Id..."; + $varplainmacauthenable .= "### FIRST check MAC address in authorized_macs and if that fails proceed with other checks below in else-section ###"; + $varplainmacauthenable .= "\n\t### if cleaning up the Calling-Station-Id...###"; $varplainmacauthenable .= "\n\trewrite_calling_station_id"; + $varplainmacauthenable .= "\n\t"; $varplainmacauthenable .= "\n\t# now check against the authorized_macs file"; $varplainmacauthenable .= "\n\tauthorized_macs"; $varplainmacauthenable .= "\n\tif (ok) {"; @@ -1026,6 +1023,10 @@ authorize { # 'raddb/huntgroups' files. preprocess + # + # + $varplainmacauthenable + # # If you want to have a log of authentication requests, # un-comment the following line, and the 'detail auth_log' @@ -1093,8 +1094,11 @@ authorize { # for the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # + # - $varplainmacauthenable + eap { + ok = return + } # # Pull crypt'd passwords from /etc/passwd or /etc/shadow, @@ -1288,10 +1292,9 @@ preacct { # The start time is: NOW - delay - session_length # -# update request { -# FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" -# } - + update request { + FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" + } # # Ensure that we have a semi-unique identifier for every -- cgit v1.2.3