From 305b6bc81017b208476caa68c9adde83c48bd1ff Mon Sep 17 00:00:00 2001 From: Nachtfalke Date: Tue, 17 Jan 2012 22:18:29 +0100 Subject: Update config/freeradius2/freeradius.inc --- config/freeradius2/freeradius.inc | 160 ++++++++++++++++++++++++++++++++++---- 1 file changed, 146 insertions(+), 14 deletions(-) (limited to 'config/freeradius2') diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index bc89178a..f3a28e54 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -390,7 +390,7 @@ if (is_array($arrusers) && !empty($arrusers)) { // Variables for users file defined parameters $varusersusername = $users['varusersusername']; $varuserspassword = $users['varuserspassword']; - $varuserssimultaneousconnect = ($users['varuserssimultaneousconnect']?$users['varuserssimultaneousconnect']:'1'); + $varuserssimultaneousconnect = ($users['varuserssimultaneousconnect']?$users['varuserssimultaneousconnect']:''); $varusersframedipaddress = $users['varusersframedipaddress']; $varusersframedipnetmask = $users['varusersframedipnetmask']; $varusersframedroute = $users['varusersframedroute']; @@ -404,6 +404,8 @@ if (is_array($arrusers) && !empty($arrusers)) { $varuserspointoftimebytesinput = $users['varuserspointoftimebytesinput']; $varusersamountofbytesoutput = ($users['varusersamountofbytesoutput']?$users['varusersamountofbytesoutput']:''); $varuserspointoftimebytesoutput = $users['varuserspointoftimebytesoutput']; + $varusersmaxbandwidthup = ($users['varusersmaxbandwidthup']?$users['varusersmaxbandwidthup']:''); + $varusersmaxbandwidthdown = ($users['varusersmaxbandwidthdown']?$users['varusersmaxbandwidthdown']:''); // Clear variables for next user foreach additional options TOP $varuserstopadditionaloptions = ''; @@ -491,6 +493,14 @@ if (is_array($arrusers) && !empty($arrusers)) { if ($varusersreplyitem != '') { $varusersreplyitem .=","; } $varusersreplyitem .= "\n\tTunnel-Type = VLAN,\n\tTunnel-Medium-Type = IEEE-802,\n\tTunnel-Private-Group-ID = " . '"' . $varusersvlanid . '"'; } + if ($varusersmaxbandwidthup != '') { + if ($varusersreplyitem != '') { $varusersreplyitem .=","; } + $varusersreplyitem .= "\n\tWISPr-Bandwidth-Max-Up := $varusersmaxbandwidthup"; + } + if ($varusersmaxbandwidthdown != '') { + if ($varusersreplyitem != '') { $varusersreplyitem .=","; } + $varusersreplyitem .= "\n\tWISPr-Bandwidth-Max-Down := $varusersmaxbandwidthdown"; + } if ($varusersadditionaloptionsreplyitems != '') { if ($varusersreplyitem != '') { $varusersreplyitem .=","; } $varusersreplyitem .= "\n\t$varusersadditionaloptionsreplyitems"; @@ -523,18 +533,140 @@ function freeradius_authorizedmacs_resync() { global $config; $conf = ''; - $arrmacs = $config['installedpackages']['freeradiusauthorizedmacs']['config']; if (is_array($arrmacs) && !empty($arrmacs)) { foreach ($arrmacs as $macs) { - // Variables for macs file defined parameters - $varmacaddress = $macs['varmacaddress']; - $varmacaddress = "$varmacaddress" . "\n"; + // Variables for authorized_macs file defined parameters + $varmacsaddress = $macs['varmacsaddress']; + // We don't need a password but we need this field to make syntac correct for CHECK-ITEMS + $varmacspassword = $macs['varmacsaddress']; + + $varmacssimultaneousconnect = ($macs['varmacssimultaneousconnect']?$macs['varmacssimultaneousconnect']:''); + $varmacsframedipaddress = $macs['varmacsframedipaddress']; + $varmacsframedipnetmask = $macs['varmacsframedipnetmask']; + $varmacsframedroute = $macs['varmacsframedroute']; + $varmacsexpiration = $macs['varmacsexpiration']; + $varmacssessiontimeout = $macs['varmacssessiontimeout']; + $varmacslogintime = $macs['varmacslogintime']; + $varmacsvlanid = $macs['varmacsvlanid']; + $varmacsamountoftime = ($macs['varmacsamountoftime']?$macs['varmacsamountoftime']:''); + $varmacspointoftime = $macs['varmacspointoftime']; + $varmacsamountofbytesinput = ($macs['varmacsamountofbytesinput']?$macs['varmacsamountofbytesinput']:''); + $varmacspointoftimebytesinput = $macs['varmacspointoftimebytesinput']; + $varmacsamountofbytesoutput = ($macs['varmacsamountofbytesoutput']?$macs['varmacsamountofbytesoutput']:''); + $varmacspointoftimebytesoutput = $macs['varmacspointoftimebytesoutput']; + $varmacsmaxbandwidthup = ($macs['varmacsmaxbandwidthup']?$macs['varmacsmaxbandwidthup']:''); + $varmacsmaxbandwidthdown = ($macs['varmacsmaxbandwidthdown']?$macs['varmacsmaxbandwidthdown']:''); + + // Clear variables for next mac foreach additional options TOP + $varmacstopadditionaloptions = ''; + $varmacsadditionaloptionstop = ''; + + if(!empty($macs['varmacstopadditionaloptions'])) { + $varmacstopadditionaloptions = explode("|", ($macs['varmacstopadditionaloptions'])); + foreach ($varmacstopadditionaloptions as $toptmp) { + $varmacsadditionaloptionstop .= $toptmp . "\n"; + } + } + + // Clear variables for next mac foreach additional options: CHECK-ITEMS + $varmacscheckitemsadditionaloptions = ''; + $varmacsadditionaloptionscheckitems = ''; + + if(!empty($macs['varmacscheckitemsadditionaloptions'])) { + $varmacscheckitemsadditionaloptions = explode("|", ($macs['varmacscheckitemsadditionaloptions'])); + $varmacsadditionaloptionscheckitems .= ''; + foreach ($varmacscheckitemsadditionaloptions as $checkitemtmp) { + $varmacsadditionaloptionscheckitems .= $checkitemtmp; + } + } + + // Clear variables for next mac foreach additional options: REPLY-ITEMS + $varmacsreplyitemsadditionaloptions = ''; + $varmacsadditionaloptionsreplyitems = ''; + + if(!empty($macs['varmacsreplyitemsadditionaloptions'])) { + $varmacsreplyitemsadditionaloptions = explode("|", ($macs['varmacsreplyitemsadditionaloptions'])); + $varmacsadditionaloptionsreplyitems .= ''; + foreach ($varmacsreplyitemsadditionaloptions as $replyitemtmp) { + $varmacsadditionaloptionsreplyitems .= $replyitemtmp . "\n\t"; + } + } + + // Empty variable + $varmacscheckitem = ''; + $varmacsreplyitem = ''; + + // Add the mac attributes to each mac address. + $varmacscheckitem = "$varmacsaddress" . " Cleartext-Password := " . '"' . $varmacspassword .'"'; + + // Add additional CHECK-ITEMS here. Different formatting in "authorized_macs" file needed. + if ($varmacssimultaneousconnect != '') { + $varmacscheckitem .= ", Simultaneous-Use := " . '"' . $varmacssimultaneousconnect . '"'; + } + if ($varmacsexpiration != '') { + $varmacscheckitem .= ", Expiration := " . '"' . $varmacsexpiration . '"'; + } + if ($varmacslogintime != '') { + $varmacscheckitem .= ", Login-Time := " . '"' . $varmacslogintime . '"'; + } + if ($varmacsamountoftime != '') { + $varmacscheckitem .= ", Max-" . "$varmacspointoftime" . "-Session := " . "$varmacsamountoftime"; + } + if ($varmacsamountofbytesinput != '') { + $varmacscheckitem .= ", Max-" . "$varmacspointoftimebytesinput" . "-Input := " . "$varmacsamountofbytesinput"; + } + if ($varmacsamountofbytesoutput != '') { + $varmacscheckitem .= ", Max-" . "$varmacspointoftimebytesoutput" . "-Output := " . "$varmacsamountofbytesoutput"; + } + if ($varmacsadditionaloptionscheckitems != '') { + $varmacscheckitem .= ", $varmacsadditionaloptionscheckitems"; + } + + // Add additional REPLY-ITEMS here. Different formatting in "authorized_macs" file needed. + if ($varmacsframedipaddress != '') { + if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } + $varmacsreplyitem .= "\n\tFramed-IP-Address = $varmacsframedipaddress"; + } + if ($varmacsframedipnetmask != '') { + if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } + $varmacsreplyitem .= "\n\tFramed-IP-Netmask = $varmacsframedipnetmask"; + } + if ($varmacsframedroute != '') { + if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } + $varmacsreplyitem .= "\n\tFramed-Route = " . '"' . $varmacsframedroute . '"'; + } + if ($varmacssessiontimeout != '') { + if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } + $varmacsreplyitem .= "\n\tSession-Timeout := $varmacssessiontimeout"; + } + if ($varmacsvlanid != '') { + if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } + $varmacsreplyitem .= "\n\tTunnel-Type = VLAN,\n\tTunnel-Medium-Type = IEEE-802,\n\tTunnel-Private-Group-ID = " . '"' . $varmacsvlanid . '"'; + } + if ($varmacsmaxbandwidthup != '') { + if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } + $varmacsreplyitem .= "\n\tWISPr-Bandwidth-Max-Up := $varmacsmaxbandwidthup"; + } + if ($varmacsmaxbandwidthdown != '') { + if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } + $varmacsreplyitem .= "\n\tWISPr-Bandwidth-Max-Down := $varmacsmaxbandwidthdown"; + } + if ($varmacsadditionaloptionsreplyitems != '') { + if ($varmacsreplyitem != '') { $varmacsreplyitem .=","; } + $varmacsreplyitem .= "\n\t$varmacsadditionaloptionsreplyitems"; + } + + // Cosmetic fix - This is just to make a blank new line after each macs entry + $varmacsreplyitem .= "\n\n"; + $conf .= << Date: Tue, 17 Jan 2012 22:18:53 +0100 Subject: Update config/freeradius2/freeradiusauthorizedmacs.xml --- config/freeradius2/freeradiusauthorizedmacs.xml | 217 +++++++++++++++++++++++- 1 file changed, 213 insertions(+), 4 deletions(-) (limited to 'config/freeradius2') diff --git a/config/freeradius2/freeradiusauthorizedmacs.xml b/config/freeradius2/freeradiusauthorizedmacs.xml index 021f8772..7abd26f5 100644 --- a/config/freeradius2/freeradiusauthorizedmacs.xml +++ b/config/freeradius2/freeradiusauthorizedmacs.xml @@ -166,7 +166,31 @@ MAC Address - varmacaddress + varmacsaddress + + + Simult. Connections + varmacssimultaneousconnect + + + IP Address + varmacsframedipaddress + + + Expiration Date + varmacsexpiration + + + Session Timeout + varmacssessiontimeout + + + Possible Login Times + varmacslogintime + + + VLAN ID + varmacsvlanid Description @@ -180,17 +204,202 @@ MAC Address - varmacaddress - + varmacsaddress + input + + Number of simultaneous connections + varmacssimultaneousconnect + + + input + + + NETWORK CONFIGURATION + listtopic + + + IP Address + varmacsframedipaddress + Framed-IP-Address must be supported by NAS.

+ If you want this MAC address to be assigned a specific IP address from radius, enter the IP address here.
+ Continuous IP address is available with "+" suffix (e.g. 192.168.1.5+). Could be useful for simultaneous connections.

+ IMPORTANT: You must enter an IP address here if you checked "RADIUS issued IP" on VPN PPTP or VPN PPPoE configuration.]]> + input + + + Subnet Mask + varmacsframedipnetmask + Framed-IP-Netmask must be supported by NAS. (e.g. 255.255.255.0)]]> + input + + + Gateway + varmacsframedroute + Framed-Route must be supported by NAS. Format is: Subnet Gateway Metric (e.g. 192.168.10.0 192.168.10.1 1).]]> + input + + + VLAN ID + varmacsvlanid + + Must be supported by the NAS.
+ This setting can be used for a NAS that supports the following RADIUS parameters:

+ + Tunnel-Type = VLAN
+ Tunnel-Medium-Type = IEEE-802
+ Tunnel-Private-Group-ID = "THIS IS YOUR INPUT"]]> + input + + + TIME CONFIGURATION + listtopic + + + Expiration Date + varmacsexpiration + + input + + + Session Timeout + varmacssessiontimeout + + input + + + Possible Login Times + varmacslogintime + + Every time string contains a day (Mo,Tu,We,Th,Fr,Sa,Su) or all weekdays which is from monday till friday (Wk).

+ Wk0855-2305,Sa,Su2230-0230

+ This means weekdays after 8:55 AM and before 11:05 PM | any time on saturday | sunday after 10:30 PM and before 02:30 AM.]]> + input + + + Amount of Time + varmacsamountoftime + + input + + + Time Period + varmacspointoftime + + select + daily + + + + + + + + + TRAFFIC AND BANDWIDTH + listtopic + + + Amount of Upload Traffic + varmacsamountofbytesinput + bytes. There is a bug in CaptivePortal which counts the traffic six times faster than in reality. So if a MAC address should have 1MB of traffic you must calculate 6+1MB and enter here: 6000000.]]> + input + + + Time Period + varmacspointoftimebytesinput + + select + daily + + + + + + + + + Amount of Download Traffic + varmacsamountofbytesoutput + bytes. There is a bug in CaptivePortal which counts the traffic six times faster than in reality. So if a MAC address should have 1MB of traffic you must calculate 6+1MB and enter here: 6000000.]]> + input + + + Time Period + varmacspointoftimebytesoutput + + select + daily + + + + + + + + + Maximum Download Bandwidth + varmacsmaxbandwidthdown + bits per second).]]> + input + + + Maximum Upload Bandwidth + varmacsmaxbandwidthup + bits per second).]]> + input + + + MISCELLANEOUS CONFIGURATION + listtopic + Description description - + input + + Additional RADIUS Attributes on the TOP of this entry + varmacstopadditionaloptions + + You may append custom RADIUS options to this MAC address account. If the syntax needs it, you have to set quotes and commas.
+ To put a command in a new line use a vertical bar (|).

+ Example: DEFAULT Auth-Type = System

+ IMPORTANT: If you don't format this field correctly freeRADIUS will not start because of syntax errors.
+ Verify your changes by checking authorized_macs file (View config -> macs).]]> + textarea + 4 + 75 + + + Additional RADIUS Attributes (CHECK-ITEM). + varmacscheckitemsadditionaloptions + + You may append custom RADIUS options to this MAC address account. If the syntax needs it, you have to set quotes and commas.
+ To put a command in a new line use a vertical bar (|).

+ Example: Max-Daily-Session := 36000

+ IMPORTANT: If you don't format this field correctly freeRADIUS will not start because of syntax errors.
+ Verify your changes by checking authorized_macs file (View config -> macs).]]> + textarea + 4 + 75 + + + Additional RADIUS Attributes (REPLY-ITEM). + varmacsreplyitemsadditionaloptions + + You may append custom RADIUS options to this MAC address account. If the syntax needs it, you have to set quotes and commas.
+ To put a command in a new line use a vertical bar (|).

+ Example: Service-Type == Login-User,|Login-Service == Telnet,|Login-IP-Host == 192.168.1.2

+ IMPORTANT: If you don't format this field correctly freeRADIUS will not start because of syntax errors.
+ Verify your changes by checking authorized_macs file (View config -> macs).]]> + textarea + 4 + 75 + freeradius_authorizedmacs_resync(); -- cgit v1.2.3 From 62f6d35157be47b813cdd535908d751d2448b787 Mon Sep 17 00:00:00 2001 From: Nachtfalke Date: Tue, 17 Jan 2012 22:19:18 +0100 Subject: Update config/freeradius2/freeradius.xml --- config/freeradius2/freeradius.xml | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'config/freeradius2') diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index 97259310..aab6e29b 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -220,8 +220,7 @@ Number of simultaneous connections varuserssimultaneousconnect - 1 - + input @@ -286,10 +285,6 @@ This means weekdays after 8:55 AM and before 11:05 PM | any time on saturday | sunday after 10:30 PM and before 02:30 AM.]]> input - - AMOUNT OF TIME AND TRAFFIC - listtopic - Amount of Time varusersamountoftime @@ -309,10 +304,14 @@ + + TRAFFIC AND BANDWIDTH + listtopic + Amount of Upload Traffic varusersamountofbytesinput - + bytes. There is a bug in CaptivePortal which counts the traffic six times faster than in reality. So if a user should have 1MB of traffic you must calculate 6+1MB and enter here: 6000000.]]> input @@ -331,7 +330,7 @@ Amount of Download Traffic varusersamountofbytesoutput - + bytes. There is a bug in CaptivePortal which counts the traffic six times faster than in reality. So if a user should have 1MB of traffic you must calculate 6+1MB and enter here: 6000000.]]> input @@ -347,6 +346,18 @@ + + Maximum Download Bandwidth + varusersmaxbandwidthdown + bits per second).]]> + input + + + Maximum Upload Bandwidth + varusersmaxbandwidthup + bits per second).]]> + input + MISCELLANEOUS CONFIGURATION listtopic -- cgit v1.2.3