From 4cbda90d1f1ac5fc6bcf4795486497f8190fdbcc Mon Sep 17 00:00:00 2001
From: Nachtfalke <nachtfalkeaw@web.de>
Date: Tue, 10 Jan 2012 22:22:49 +0100
Subject: Update config/freeradius2/freeradius.inc

---
 config/freeradius2/freeradius.inc | 429 +++++++++++++++++++++++++++++++++++---
 1 file changed, 395 insertions(+), 34 deletions(-)

(limited to 'config/freeradius2')

diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index a15aba8e..3be0faa0 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -170,17 +170,27 @@ function freeradius_settings_resync() {
 	
 	// For more details look at "freeradius_sqlconf_resync"
 	$sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0];
-	$varsqlconfincludeenable = ($sqlconf['varsqlconfincludeenable']?$sqlconf['varsqlconfincludeenable']:'Disable');
 		
-	// Dis-/Enable SQL in "instatiate" section in "freeradius_settings_resync" and radiusd.conf
-	if ($sqlconf['varsqlconfincludeenable'] == 'Enable') {
+	// Dis-/Enable SQL in "instatiate" section in "freeradius_settings_resync" and radiusd.conf SQL SERVER 2
+	if ($sqlconf['varsqlconf2includeenable'] == 'on') {
+		$varsqlconf2instantiate = 'sql2';
+	}
+	else {
+		$varsqlconf2instantiate = '### sql2 DISABLED ###';
+	}
+	
+	$varsqlconf2failover = ($varsettings['varsqlconf2failover']?$varsettings['varsqlconf2failover']:'redundant');
+	
+	// Dis-/Enable SQL in "instatiate" section in "freeradius_settings_resync" and radiusd.conf SQL SERVER 1
+	if ($sqlconf['varsqlconfincludeenable'] == 'on') {
 		$varsqlconfinclude = '$INCLUDE sql.conf';
 		$varsqlconfincludecounter = '$INCLUDE sql/mysql/counter.conf';
-		$varsqlconfinstantiate = 'sql';
+		$varsqlconfinstantiate = "$varsqlconf2failover {" . "\n\t\tsql" . "\n\t\t$varsqlconf2instantiate" . "\n\t}";
 	}
 	else {
 		$varsqlconfinclude = '#$INCLUDE sql.conf';
 		$varsqlconfincludecounter = '#$INCLUDE sql/mysql/counter.conf';
+		$varsqlconf2failover = '';
 		$varsqlconfinstantiate = '#sql';
 	}
 
@@ -799,7 +809,7 @@ function freeradius_sqlconf_resync() {
 
 	$sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0];
 	
-	// Variables: SQL
+	// Variables: SQL DATABASE 1
 	$varsqlconfdatabase = ($sqlconf['varsqlconfdatabase']?$sqlconf['varsqlconfdatabase']:'mysql');
 	$varsqlconfserver = ($sqlconf['varsqlconfserver']?$sqlconf['varsqlconfserver']:'localhost');
 	$varsqlconfport = ($sqlconf['varsqlconfport']?$sqlconf['varsqlconfport']:'3306');
@@ -826,6 +836,34 @@ function freeradius_sqlconf_resync() {
 	
 	// Additional changes were made in "freeradius_settings_resync"
 
+	// Variables: SQL DATABASE 2
+	$varsqlconf2database = ($sqlconf['varsqlconf2database']?$sqlconf['varsqlconf2database']:'mysql');
+	$varsqlconf2server = ($sqlconf['varsqlconf2server']?$sqlconf['varsqlconf2server']:'localhost');
+	$varsqlconf2port = ($sqlconf['varsqlconf2port']?$sqlconf['varsqlconf2port']:'3306');
+	$varsqlconf2login = ($sqlconf['varsqlconf2login']?$sqlconf['varsqlconf2login']:'radius');
+	$varsqlconf2password = ($sqlconf['varsqlconf2password']?$sqlconf['varsqlconf2password']:'radpass');
+	$varsqlconf2radiusdb = ($sqlconf['varsqlconf2radiusdb']?$sqlconf['varsqlconf2radiusdb']:'radius');
+	$varsqlconf2accttable1 = ($sqlconf['varsqlconf2accttable1']?$sqlconf['varsqlconf2accttable1']:'radacct');
+	$varsqlconf2accttable2 = ($sqlconf['varsqlconf2accttable2']?$sqlconf['varsqlconf2accttable2']:'radacct');
+	$varsqlconf2postauthtable = ($sqlconf['varsqlconf2postauthtable']?$sqlconf['varsqlconf2postauthtable']:'radpostauth');
+	$varsqlconf2authchecktable = ($sqlconf['varsqlconf2authchecktable']?$sqlconf['varsqlconf2authchecktable']:'radcheck');
+	$varsqlconf2authreplytable = ($sqlconf['varsqlconf2authreplytable']?$sqlconf['varsqlconf2authreplytable']:'radreply');
+	$varsqlconf2groupchecktable = ($sqlconf['varsqlconf2groupchecktable']?$sqlconf['varsqlconf2groupchecktable']:'radgroupcheck');
+	$varsqlconf2groupreplytable = ($sqlconf['varsqlconf2groupreplytable']?$sqlconf['varsqlconf2groupreplytable']:'radgroupreply');
+	$varsqlconf2usergrouptable = ($sqlconf['varsqlconf2usergrouptable']?$sqlconf['varsqlconf2usergrouptable']:'radusergroup');
+	$varsqlconf2readgroups = ($sqlconf['varsqlconf2readgroups']?$sqlconf['varsqlconf2readgroups']:'yes');
+	$varsqlconf2deletestalesessions = ($sqlconf['varsqlconf2deletestalesessions']?$sqlconf['varsqlconf2deletestalesessions']:'yes');
+	$varsqlconf2sqltrace = ($sqlconf['varsqlconf2sqltrace']?$sqlconf['varsqlconf2sqltrace']:'no');
+	$varsqlconf2numsqlsocks = ($sqlconf['varsqlconf2numsqlsocks']?$sqlconf['varsqlconf2numsqlsocks']:'5');
+	$varsqlconf2connectfailureretrydelay = ($sqlconf['varsqlconf2connectfailureretrydelay']?$sqlconf['varsqlconf2connectfailureretrydelay']:'60');
+	$varsqlconf2lifetime = ($sqlconf['varsqlconf2lifetime']?$sqlconf['varsqlconf2lifetime']:'0');
+	$varsqlconf2maxqueries = ($sqlconf['varsqlconf2maxqueries']?$sqlconf['varsqlconf2maxqueries']:'0');
+	$varsqlconf2readclients = ($sqlconf['varsqlconf2readclients']?$sqlconf['varsqlconf2readclients']:'yes');
+	$varsqlconf2nastable = ($sqlconf['varsqlconf2nastable']?$sqlconf['varsqlconf2nastable']:'nas');
+	
+	// Additional changes were made in "freeradius_settings_resync"
+	
+	
 	$conf .= <<<EOD
 
 sql {
@@ -857,6 +895,35 @@ sql {
 	\$INCLUDE sql/\${database}/dialup.conf
 }
 
+sql sql2 {
+	database = "$varsqlconf2database"
+	driver = "rlm_sql_\${database}"
+	server = "$varsqlconf2server"
+	port = $varsqlconf2port
+	login = "$varsqlconf2login"
+	password = "$varsqlconf2password"
+	radius_db = "$varsqlconf2radiusdb"
+	acct_table1 = "$varsqlconf2accttable1"
+	acct_table2 = "$varsqlconf2accttable2"
+	postauth_table = "$varsqlconf2postauthtable"
+	authcheck_table = "$varsqlconf2authchecktable"
+	authreply_table = "$varsqlconf2authreplytable"
+	groupcheck_table = "$varsqlconf2groupchecktable"
+	groupreply_table = "$varsqlconf2groupreplytable"
+	usergroup_table = "$varsqlconf2usergrouptable"
+	read_groups = $varsqlconf2readgroups
+	deletestalesessions = $varsqlconf2deletestalesessions
+	sqltrace = $varsqlconf2sqltrace
+	sqltracefile = \${logdir}/sqltrace.sql
+	num_sql_socks = $varsqlconf2numsqlsocks
+	connect_failure_retry_delay = $varsqlconf2connectfailureretrydelay
+	lifetime = $varsqlconf2lifetime
+	max_queries = $varsqlconf2maxqueries
+	readclients = $varsqlconf2readclients
+	nas_table = "$varsqlconf2nastable"
+	\$INCLUDE sql/\${database}/dialup.conf
+}
+
 EOD;
 
 	$filename = RADDB . '/sql.conf';
@@ -878,60 +945,123 @@ function freeradius_serverdefault_resync() {
 	
 	// Get Variables from freeradiusmodulesldap.xml
 	$arrmodulesldap = $config['installedpackages']['freeradiusmodulesldap']['config'][0];
+	// failover/loadbalancing mode
+	$varmodulesldap2failover = ($arrmodulesldap['varmodulesldap2failover']?$arrmodulesldap['varmodulesldap2failover']:'redundant');
+	
+	// If unchecked then disable authorize ldap2
+	if (!$arrmodulesldap['varmodulesldap2enableauthorize']) {
+	$varmodulesldap2enableauthorize = '### ldap2 disabled ###';
+	}
+	else {
+	$varmodulesldap2enableauthorize = 'ldap2';
+	}
 	
-	// If unchecked then disable authorize
+	// If unchecked then disable authorize ldap1
 	if (!$arrmodulesldap['varmodulesldapenableauthorize']) {
 	$varmodulesldapenableauthorize = '### ldap ###';
 	}
 	else {
-	$varmodulesldapenableauthorize = 'ldap';
+	$varmodulesldapenableauthorize = '';
+	$varmodulesldapenableauthorize .= "$varmodulesldap2failover {";
+	$varmodulesldapenableauthorize .= "\n\t\tldap";
+		// this line adds ldap2 when activated
+	$varmodulesldapenableauthorize .= "\n\t\t$varmodulesldap2enableauthorize";
+	$varmodulesldapenableauthorize .= "\n\t}";
 	}
 	
-	// If unchecked then disable authenticate
+	// If unchecked then disable authenticate for ldap1
+	if (!$arrmodulesldap['varmodulesldap2enableauthenticate']) {
+	$varmodulesldap2enableauthenticate = "### ldap2 disabled ###";
+	}
+	else {
+	$varmodulesldap2enableauthenticate = "ldap2";
+	}
+	
+	// If unchecked then disable authenticate ldap2
 	if (!$arrmodulesldap['varmodulesldapenableauthenticate']) {
-	$varmodulesldapenableauthenticate = "#Auth-Type LDAP {" . "\n\t\t\t#ldap" . "\n\t#}";
+	$varmodulesldapenableauthenticate = "#Auth-Type LDAP {" . "\n\t\t\t#ldap" . "\n\t\t\t$varmodulesldap2enableauthenticate" . "\n\t#}";
 	}
 	else {
-	$varmodulesldapenableauthenticate = "Auth-Type LDAP {" . "\n\t\t\tldap" . "\n\t}";
+	$varmodulesldapenableauthenticate = "Auth-Type LDAP {" . "\n\t\t\tldap" . "\n\t\t\t$varmodulesldap2enableauthenticate" . "\n\t}";
 	}
-		
-	// Get Variables from freeradiussqlconf.xml
+	
+
+	
+	// Get Variables from freeradiussqlconf.xml for DATABASE 1
 	$sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0];
 	$varsqlconfenableauthorize = ($sqlconf['varsqlconfenableauthorize']?$sqlconf['varsqlconfenableauthorize']:'Disable');
 	$varsqlconfenableaccounting = ($sqlconf['varsqlconfenableaccounting']?$sqlconf['varsqlconfenableaccounting']:'Disable');
 	$varsqlconfenablesession = ($sqlconf['varsqlconfenablesession']?$sqlconf['varsqlconfenablesession']:'Disable');
-	$varsqlconfenablepostauth = ($sqlconf['varsqlconfenablepostauth']?$sqlconf['varsqlconfenablepostauth']:'Disable');	
+	$varsqlconfenablepostauth = ($sqlconf['varsqlconfenablepostauth']?$sqlconf['varsqlconfenablepostauth']:'Disable');
+	
+	// Get Variables from freeradiussqlconf.xml for DATABASE 2
+	$varsqlconf2enableauthorize = ($sqlconf['varsqlconf2enableauthorize']?$sqlconf['varsqlconf2enableauthorize']:'Disable');
+	$varsqlconf2enableaccounting = ($sqlconf['varsqlconf2enableaccounting']?$sqlconf['varsqlconf2enableaccounting']:'Disable');
+	$varsqlconf2enablesession = ($sqlconf['varsqlconf2enablesession']?$sqlconf['varsqlconf2enablesession']:'Disable');
+	$varsqlconf2enablepostauth = ($sqlconf['varsqlconf2enablepostauth']?$sqlconf['varsqlconf2enablepostauth']:'Disable');
+	
+	// authorize section DATABASE 2
+	if ($sqlconf['varsqlconf2enableauthorize'] == 'Enable') {
+		$varsqlconf2authorize = 'sql2';
+	}
+	else {
+		$varsqlconf2authorize = '### sql2 DISABLED ###';
+	}
+	// accounting section DATABASE 2
+	if ($sqlconf['varsqlconf2enableaccounting'] == 'Enable') {
+		$varsqlconf2accounting = 'sql2';
+	}
+	else {
+		$varsqlconf2accounting = '### sql2 DISABLED ###';
+	}
+	// session section DATABASE 2
+	if ($sqlconf['varsqlconf2enablesession'] == 'Enable') {
+		$varsqlconf2session = 'sql2';
+	}
+	else {
+		$varsqlconf2session = '### sql2 DISABLED ###';
+	}
+	// post-auth section DATABASE 2
+	if ($sqlconf['varsqlconf2enablepostauth'] == 'Enable') {
+		$varsqlconf2postauth = 'sql2';
+	}
+	else {
+		$varsqlconf2postauth = '### sql2 DISABLED ###';
+	}	
+	
+	// Failover mode
+	$varsqlconf2failover = ($sqlconf['varsqlconf2failover']?$sqlconf['varsqlconf2failover']:'redundant');
 
-	// authorize section
-	if (($sqlconf['varsqlconfincludeenable'] == 'Enable') && ($sqlconf['varsqlconfenableauthorize'] == 'Enable')) {
-	$varsqlconfauthorize = 'sql';
+	// authorize section DATABASE 1
+	if (($sqlconf['varsqlconfincludeenable'] == 'on') && ($sqlconf['varsqlconfenableauthorize'] == 'Enable')) {
+		$varsqlconfauthorize = "$varsqlconf2failover {" . "\n\t\t\tsql" . "\n\t\t\t$varsqlconf2authorize" . "\n\t}";
 	}
 	else {
-	$varsqlconfauthorize = '#sql';
+		$varsqlconfauthorize = '### sql DISABLED ###';
 	}
 	
-	// accounting section
-	if (($sqlconf['varsqlconfincludeenable'] == 'Enable') && ($sqlconf['varsqlconfenableaccounting'] == 'Enable')) {
-	$varsqlconfaccounting = 'sql';
+	// accounting section DATABASE 1
+	if (($sqlconf['varsqlconfincludeenable'] == 'on') && ($sqlconf['varsqlconfenableaccounting'] == 'Enable')) {
+		$varsqlconfaccounting = "$varsqlconf2failover {" . "\n\t\t\tsql" . "\n\t\t\t$varsqlconf2accounting" . "\n\t}";
 	}
 	else {
-	$varsqlconfaccounting = '#sql';
+		$varsqlconfaccounting = '### sql DISABLED ###';
 	}
 	
-	// session section
-	if (($sqlconf['varsqlconfincludeenable'] == 'Enable') && ($sqlconf['varsqlconfenablesession'] == 'Enable')) {
-	$varsqlconfsession = 'sql';
+	// session section DATABASE 1
+	if (($sqlconf['varsqlconfincludeenable'] == 'on') && ($sqlconf['varsqlconfenablesession'] == 'Enable')) {
+		$varsqlconfsession = "$varsqlconf2failover {" . "\n\t\t\tsql" . "\n\t\t\t$varsqlconf2session" . "\n\t}";
 	}
 	else {
-	$varsqlconfsession = 'radutmp';
+		$varsqlconfsession = 'radutmp';
 	}
 
-	// post-auth section
-	if (($sqlconf['varsqlconfincludeenable'] == 'Enable') && ($sqlconf['varsqlconfenablepostauth'] == 'Enable')) {
-	$varsqlconfpostauth = 'sql';
+	// post-auth section DATABASE 1
+	if (($sqlconf['varsqlconfincludeenable'] == 'on') && ($sqlconf['varsqlconfenablepostauth'] == 'Enable')) {
+		$varsqlconfpostauth = "$varsqlconf2failover {" . "\n\t\t\tsql" . "\n\t\t\t$varsqlconf2postauth" . "\n\t}";
 	}
 	else {
-	$varsqlconfpostauth = '#sql';
+		$varsqlconfpostauth = '### sql DISABLED ###';
 	}
 	
 	// Changing authorize section for plain mac auth
@@ -1161,6 +1291,7 @@ authorize {
 	#
 	#  The ldap module will set Auth-Type to LDAP if it has not
 	#  already been set
+	
 	$varmodulesldapenableauthorize
 
 	#
@@ -2404,9 +2535,10 @@ function freeradius_modulesldap_resync() {
 	$arrmodulesldap = $config['installedpackages']['freeradiusmodulesldap']['config'][0];
 	
 	// Enable and Disable LDAP for "authorize" and "authenticate" will be done in "freeradius_serverdefault_resync"
+	// redundatnt-load-balancing will there be done, too
 	
 	
-	// Variables for General Configuration
+	// Variables for General Configuration ldap1
 	$varmodulesldapserver = ($arrmodulesldap['varmodulesldapserver']?$arrmodulesldap['varmodulesldapserver']:'ldap.your.domain');
 	$varmodulesldapidentity = ($arrmodulesldap['varmodulesldapidentity']?$arrmodulesldap['varmodulesldapidentity']:'cn=admin,o=My Org,c=UA');
 	$varmodulesldappassword = ($arrmodulesldap['varmodulesldappassword']?$arrmodulesldap['varmodulesldappassword']:'mypass');
@@ -2418,10 +2550,22 @@ function freeradius_modulesldap_resync() {
 	$varmodulesldaptimelimit = ($arrmodulesldap['varmodulesldaptimelimit']?$arrmodulesldap['varmodulesldaptimelimit']:'3');
 	$varmodulesldapnettimeout = ($arrmodulesldap['varmodulesldapnettimeout']?$arrmodulesldap['varmodulesldapnettimeout']:'1');
 	
+	// Variables for General Configuration ldap2
+	$varmodulesldap2server = ($arrmodulesldap['varmodulesldap2server']?$arrmodulesldap['varmodulesldap2server']:'ldap.your.domain');
+	$varmodulesldap2identity = ($arrmodulesldap['varmodulesldap2identity']?$arrmodulesldap['varmodulesldap2identity']:'cn=admin,o=My Org,c=UA');
+	$varmodulesldap2password = ($arrmodulesldap['varmodulesldap2password']?$arrmodulesldap['varmodulesldap2password']:'mypass');
+	$varmodulesldap2basedn = ($arrmodulesldap['varmodulesldap2basedn']?$arrmodulesldap['varmodulesldap2basedn']:'o=My Org,c=UA');
+	$varmodulesldap2filter = ($arrmodulesldap['varmodulesldap2filter']?$arrmodulesldap['varmodulesldap2filter']:'(uid=%{%{Stripped-User-Name}:-%{User-Name}})');
+	$varmodulesldap2basefilter = ($arrmodulesldap['varmodulesldap2basefilter']?$arrmodulesldap['varmodulesldap2basefilter']:'(objectclass=radiusprofile)');
+	$varmodulesldap2ldapconnectionsnumber = ($arrmodulesldap['varmodulesldap2ldapconnectionsnumber']?$arrmodulesldap['varmodulesldap2ldapconnectionsnumber']:'5');
+	$varmodulesldap2timeout = ($arrmodulesldap['varmodulesldap2timeout']?$arrmodulesldap['varmodulesldap2timeout']:'4');
+	$varmodulesldap2timelimit = ($arrmodulesldap['varmodulesldap2timelimit']?$arrmodulesldap['varmodulesldap2timelimit']:'3');
+	$varmodulesldap2nettimeout = ($arrmodulesldap['varmodulesldap2nettimeout']?$arrmodulesldap['varmodulesldap2nettimeout']:'1');	
+	
 	// Variables for TLS / Certificates - will be added later
 
 
-	// Miscellaneous Configuration + MS Active Directory Compatibility
+	// Miscellaneous Configuration + MS Active Directory Compatibility ldap1
 	$varmodulesldapmsadcompatibilityenable = ($arrmodulesldap['varmodulesldapmsadcompatibilityenable']?$arrmodulesldap['varmodulesldapmsadcompatibilityenable']:'Disable');
 	if ($arrmodulesldap['varmodulesldapmsadcompatibilityenable'] == 'Disable') {
 		$varmodulesldapmsadcompatibility = '### MS Active Directory Compatibility is disabled ###';
@@ -2429,8 +2573,17 @@ function freeradius_modulesldap_resync() {
 	else {
 		$varmodulesldapmsadcompatibility = 'chase_referrals = yes' . "\n\trebind = yes";
 	}
+	
+	// Miscellaneous Configuration + MS Active Directory Compatibility ldap2
+	$varmodulesldap2msadcompatibilityenable = ($arrmodulesldap['varmodulesldap2msadcompatibilityenable']?$arrmodulesldap['varmodulesldap2msadcompatibilityenable']:'Disable');
+	if ($arrmodulesldap['varmodulesldap2msadcompatibilityenable'] == 'Disable') {
+		$varmodulesldap2msadcompatibility = '### MS Active Directory Compatibility is disabled ###';
+	}
+	else {
+		$varmodulesldap2msadcompatibility = 'chase_referrals = yes' . "\n\trebind = yes";
+	}
 
-	// When disabled we put this in the file but commented (#) like in the default installation
+	// When disabled we put this in the file but commented (#) like in the default installation ldap1
 	if (!$arrmodulesldap['varmodulesldapdmiscenable']) {
 		$varmodulesldapdefaultprofile = '### default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" ###';
 		$varmodulesldapprofileattribute = '### profile_attribute = "radiusProfileDn" ###';
@@ -2446,8 +2599,24 @@ function freeradius_modulesldap_resync() {
 		$varmodulesldapaccessattr = "access_attr = " . '"' . "$varmodulesldapaccessattr" . '"';
 	}
 
+	// When disabled we put this in the file but commented (#) like in the default installation ldap2
+	if (!$arrmodulesldap['varmodulesldap2dmiscenable']) {
+		$varmodulesldap2defaultprofile = '### default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" ###';
+		$varmodulesldap2profileattribute = '### profile_attribute = "radiusProfileDn" ###';
+		$varmodulesldap2accessattr = '### access_attr = "dialupAccess" ###';
+	}
+	// When enabled we put in the default values so there is no empty entry if there is not input from GUI
+	else {
+		$varmodulesldap2defaultprofile = ($arrmodulesldap['varmodulesldap2defaultprofile']?$arrmodulesldap['varmodulesldap2defaultprofile']:'cn=radprofile,ou=dialup,o=My Org,c=UA');
+		$varmodulesldap2defaultprofile = "default_profile = " . '"' . "$varmodulesldap2defaultprofile" . '"';
+		$varmodulesldap2profileattribute = ($arrmodulesldap['varmodulesldap2profileattribute']?$arrmodulesldap['varmodulesldap2profileattribute']:'radiusProfileDn');
+		$varmodulesldap2profileattribute = "profile_attribute = " . '"' . "$varmodulesldap2profileattribute" . '"';
+		$varmodulesldap2accessattr = ($arrmodulesldap['varmodulesldap2accessattr']?$arrmodulesldap['varmodulesldap2accessattr']:'dialupAccess');
+		$varmodulesldap2accessattr = "access_attr = " . '"' . "$varmodulesldap2accessattr" . '"';
+	}	
+	
 	// Group membership checking
-	// When disabled we put this in the file but commented (#) like in the default installation
+	// When disabled we put this in the file but commented (#) like in the default installation ldap1
 	if (!$arrmodulesldap['varmodulesldapgroupenable']) {
 		$varmodulesldapgroupnameattribute = '### groupname_attribute = cn ###';
 		$varmodulesldapgroupmembershipfilter = '### groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))" ###';
@@ -2473,12 +2642,45 @@ function freeradius_modulesldap_resync() {
 		$varmodulesldapaccessattrusedforallow = ($arrmodulesldap['varmodulesldapaccessattrusedforallow']?$arrmodulesldap['varmodulesldapaccessattrusedforallow']:'yes');	
 		$varmodulesldapaccessattrusedforallow = "access_attr_used_for_allow = $varmodulesldapaccessattrusedforallow";
 	}
+	
+	// Group membership checking
+	// When disabled we put this in the file but commented (#) like in the default installation ldap2
+	if (!$arrmodulesldap['varmodulesldap2groupenable']) {
+		$varmodulesldap2groupnameattribute = '### groupname_attribute = cn ###';
+		$varmodulesldap2groupmembershipfilter = '### groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))" ###';
+		$varmodulesldap2groupmembershipattribute = '### groupmembership_attribute = radiusGroupName ###';
+		$varmodulesldap2comparecheckitems = '### compare_check_items = yes ###';
+		$varmodulesldap2doxlat = '### do_xlat = yes ###';
+		$varmodulesldap2accessattrusedforallow = '### access_attr_used_for_allow = yes ###';
+	}
 
-	// Keepalive variables
+	// When enabled we put in the default values so there is no empty entry if there is not input from GUI
+	else {
+		$varmodulesldap2groupnameattribute = ($arrmodulesldap['varmodulesldap2groupnameattribute']?$arrmodulesldap['varmodulesldap2groupnameattribute']:'cn');
+		$varmodulesldap2groupnameattribute = "groupname_attribute = $varmodulesldap2groupnameattribute";
+		$varmodulesldap2groupmembershipfilter = ($arrmodulesldap['varmodulesldap2groupmembershipfilter']?$arrmodulesldap['varmodulesldap2groupmembershipfilter']:'(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))');
+		$varmodulesldap2groupmembershipfilter = "groupmembership_filter = " . '"' . "$varmodulesldap2groupmembershipfilter" . '"';
+		$varmodulesldap2groupmembershipattribute = ($arrmodulesldap['varmodulesldap2groupmembershipattribute']?$arrmodulesldap['varmodulesldap2groupmembershipattribute']:'radiusGroupName');
+		$varmodulesldap2groupmembershipattribute = "groupmembership_attribute = $varmodulesldap2groupmembershipattribute";
+		
+		$varmodulesldap2comparecheckitems = ($arrmodulesldap['varmodulesldap2comparecheckitems']?$arrmodulesldap['varmodulesldap2comparecheckitems']:'yes');
+		$varmodulesldap2comparecheckitems = "compare_check_items = $varmodulesldap2comparecheckitems";
+		$varmodulesldap2doxlat = ($arrmodulesldap['varmodulesldap2doxlat']?$arrmodulesldap['varmodulesldap2doxlat']:'yes');
+		$varmodulesldap2doxlat = "do_xlat = $varmodulesldap2doxlat";
+		$varmodulesldap2accessattrusedforallow = ($arrmodulesldap['varmodulesldap2accessattrusedforallow']?$arrmodulesldap['varmodulesldap2accessattrusedforallow']:'yes');	
+		$varmodulesldap2accessattrusedforallow = "access_attr_used_for_allow = $varmodulesldap2accessattrusedforallow";
+	}	
+
+	// Keepalive variables ldap1
 	$varmodulesldapkeepaliveidle = ($arrmodulesldap['varmodulesldapkeepaliveidle']?$arrmodulesldap['varmodulesldapkeepaliveidle']:'60');
 	$varmodulesldapkeepaliveprobes = ($arrmodulesldap['varmodulesldapkeepaliveprobes']?$arrmodulesldap['varmodulesldapkeepaliveprobes']:'3');
 	$varmodulesldapkeepaliveinterval = ($arrmodulesldap['varmodulesldapkeepaliveinterval']?$arrmodulesldap['varmodulesldapkeepaliveinterval']:'3');
 
+	// Keepalive variables ldap2
+	$varmodulesldap2keepaliveidle = ($arrmodulesldap['varmodulesldap2keepaliveidle']?$arrmodulesldap['varmodulesldap2keepaliveidle']:'60');
+	$varmodulesldap2keepaliveprobes = ($arrmodulesldap['varmodulesldap2keepaliveprobes']?$arrmodulesldap['varmodulesldap2keepaliveprobes']:'3');
+	$varmodulesldap2keepaliveinterval = ($arrmodulesldap['varmodulesldap2keepaliveinterval']?$arrmodulesldap['varmodulesldap2keepaliveinterval']:'3');
+	
 $conf .= <<<EOD
 
 # -*- text -*-
@@ -2667,6 +2869,165 @@ ldap {
 		interval = $varmodulesldapkeepaliveinterval
 	}
 }
+
+ldap ldap2{
+	#
+	#  Note that this needs to match the name in the LDAP
+	#  server certificate, if you're using ldaps.
+	server = "$varmodulesldap2server"
+	identity = "$varmodulesldap2identity"
+	password = $varmodulesldap2password
+	basedn = "$varmodulesldap2basedn"
+	filter = "$varmodulesldap2filter"
+	base_filter = "$varmodulesldap2basefilter"
+
+	#  How many connections to keep open to the LDAP server.
+	#  This saves time over opening a new LDAP socket for
+	#  every authentication request.
+	ldap_connections_number = $varmodulesldap2ldapconnectionsnumber
+
+	# seconds to wait for LDAP query to finish. default: 20
+	timeout = $varmodulesldap2timeout
+
+	#  seconds LDAP server has to process the query (server-side
+	#  time limit). default: 20
+	#
+	#  LDAP_OPT_TIMELIMIT is set to this value.
+	timelimit = $varmodulesldap2timelimit
+
+	#
+	#  seconds to wait for response of the server. (network
+	#   failures) default: 10
+	#
+	#  LDAP_OPT_NETWORK_TIMEOUT is set to this value.
+	net_timeout = $varmodulesldap2nettimeout
+
+	#
+	#  This subsection configures the tls related items
+	#  that control how FreeRADIUS connects to an LDAP
+	#  server.  It contains all of the "tls_*" configuration
+	#  entries used in older versions of FreeRADIUS.  Those
+	#  configuration entries can still be used, but we recommend
+	#  using these.
+	#
+	tls {
+		# Set this to 'yes' to use TLS encrypted connections
+		# to the LDAP database by using the StartTLS extended
+		# operation.
+		#			
+		# The StartTLS operation is supposed to be
+		# used with normal ldap connections instead of
+		# using ldaps (port 689) connections
+		start_tls = no
+
+		# cacertfile	= /path/to/cacert.pem
+		# cacertdir		= /path/to/ca/dir/
+		# certfile		= /path/to/radius.crt
+		# keyfile		= /path/to/radius.key
+		# randfile		= /path/to/rnd
+
+		#  Certificate Verification requirements.  Can be:
+		#    "never" (don't even bother trying)
+		#    "allow" (try, but don't fail if the cerificate
+		#		can't be verified)
+		#    "demand" (fail if the certificate doesn't verify.)
+		#
+		#	The default is "allow"
+		# require_cert	= "demand"
+	}
+
+	$varmodulesldap2defaultprofile
+	$varmodulesldap2profileattribute
+	$varmodulesldap2accessattr
+
+	# Mapping of RADIUS dictionary attributes to LDAP
+	# directory attributes.
+	dictionary_mapping = \${confdir}/ldap.attrmap
+	################## THE BELOW IS NOT COMPILED WITH FREERADIUS #################################
+	#  Set password_attribute = nspmPassword to get the
+	#  user's password from a Novell eDirectory
+	#  backend. This will work ONLY IF FreeRADIUS has been
+	#  built with the --with-edir configure option.
+	#
+	#  See also the following links:
+	#
+	#  http://www.novell.com/coolsolutions/appnote/16745.html
+	#  https://secure-support.novell.com/KanisaPlatform/Publishing/558/3009668_f.SAL_Public.html
+	#
+	#  Novell may require TLS encrypted sessions before returning
+	#  the user's password.
+	#
+	# password_attribute = userPassword
+
+	#  Un-comment the following to disable Novell
+	#  eDirectory account policy check and intruder
+	#  detection. This will work *only if* FreeRADIUS is
+	#  configured to build with --with-edir option.
+	#
+	edir_account_policy_check = no
+	################## THE ABOVE IS NOT COMPILED WITH FREERADIUS #################################
+	#
+	#  Group membership checking.  Disabled by default.
+	#
+	$varmodulesldap2groupnameattribute
+	$varmodulesldap2groupmembershipfilter
+	$varmodulesldap2groupmembershipattribute
+
+	$varmodulesldap2comparecheckitems
+	$varmodulesldap2doxlat
+	$varmodulesldap2accessattrusedforallow
+
+	#
+	#  The following two configuration items are for Active Directory
+	#  compatibility.  If you see the helpful "operations error"
+	#  being returned to the LDAP module, uncomment the next
+	#  two lines.
+	#
+
+	$varmodulesldap2msadcompatibility
+
+	#
+	#  By default, if the packet contains a User-Password,
+	#  and no other module is configured to handle the
+	#  authentication, the LDAP module sets itself to do
+	#  LDAP bind for authentication.
+	#
+	#  THIS WILL ONLY WORK FOR PAP AUTHENTICATION.
+	#
+	#  THIS WILL NOT WORK FOR CHAP, MS-CHAP, or 802.1x (EAP). 
+	#
+	#  You can disable this behavior by setting the following
+	#  configuration entry to "no".
+	#
+	#  allowed values: {no, yes}
+	# set_auth_type = yes
+
+	#  ldap_debug: debug flag for LDAP SDK
+	#  (see OpenLDAP documentation).  Set this to enable
+	#  huge amounts of LDAP debugging on the screen.
+	#  You should only use this if you are an LDAP expert.
+	#
+	#	default: 0x0000 (no debugging messages)
+	#	Example:(LDAP_DEBUG_FILTER+LDAP_DEBUG_CONNS)
+	#ldap_debug = 0x0028 
+
+	#
+	#  Keepalive configuration.  This MAY NOT be supported by your
+	#  LDAP library.  If these configuration entries appear in the
+	#  output of "radiusd -X", then they are supported.  Otherwise,
+	#  they are unsupported, and changing them will do nothing.
+	#
+	keepalive {
+		# LDAP_OPT_X_KEEPALIVE_IDLE
+		idle = $varmodulesldap2keepaliveidle
+
+		# LDAP_OPT_X_KEEPALIVE_PROBES
+		probes = $varmodulesldap2keepaliveprobes
+
+		# LDAP_OPT_X_KEEPALIVE_INTERVAL
+		interval = $varmodulesldap2keepaliveinterval
+	}
+}
 EOD;
 
 	$filename = RADDB . '/modules/ldap';
-- 
cgit v1.2.3


From e079490f37a5ad472336758b78c882daedd7a60e Mon Sep 17 00:00:00 2001
From: Nachtfalke <nachtfalkeaw@web.de>
Date: Tue, 10 Jan 2012 22:23:20 +0100
Subject: Update config/freeradius2/freeradiussqlconf.xml

---
 config/freeradius2/freeradiussqlconf.xml | 284 +++++++++++++++++++++++++++++--
 1 file changed, 273 insertions(+), 11 deletions(-)

(limited to 'config/freeradius2')

diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml
index a5bc4d2e..6851711c 100644
--- a/config/freeradius2/freeradiussqlconf.xml
+++ b/config/freeradius2/freeradiussqlconf.xml
@@ -98,20 +98,16 @@
 	</tabs>
 	<fields>
 		<field>
-			<name>Enable SQL Database</name>
+			<name>ENABLE SQL DATABASE - SERVER 1</name>
 			<type>listtopic</type>
 		</field>
 		<field>
 			<fielddescr>Enable SQL Support</fielddescr>
 			<fieldname>varsqlconfincludeenable</fieldname>
-			<description><![CDATA[Enable this if you like to connect freeRADIUS to a SQL database. (Default: Disable)<br>
+			<description><![CDATA[Enable this if you like to connect freeRADIUS to a SQL database. (Default: unchecked)<br>
 								You <b>must enable at least</b> one of the following options: Authorization, Accounting, Session, Post-Auth.]]></description>
-			<type>select</type>
-			<default_value>Disable</default_value>
-					<options>
-						<option><name>Disbale</name><value>Disable</value></option>
-						<option><name>Enable</name><value>Enable</value></option>
-					</options>
+			<type>checkbox</type>
+			<enablefields>varsqlconf2failover,varsqlconf2includeenable,varsqlconfenableauthorize,varsqlconfenableaccounting,varsqlconfenablesession,varsqlconfenablepostauth,varsqlconfdatabase,varsqlconfserver,varsqlconfport,varsqlconflogin,varsqlconfpassword,varsqlconfradiusdb,varsqlconfaccttable1,varsqlconfaccttable2,varsqlconfpostauthtable,varsqlconfauthchecktable,varsqlconfauthreplytable,varsqlconfgroupchecktable,varsqlconfgroupreplytable,varsqlconfusergrouptable,varsqlconfreadgroups,varsqlconfdeletestalesessions,varsqlconfsqltrace,varsqlconfnumsqlsocks,varsqlconfconnectfailureretrydelay,varsqlconflifetime,varsqlconfmaxqueries,varsqlconfreadclients,varsqlconfnastable</enablefields>
 		</field>
 		<field>
 			<fielddescr>Enable SQL Authorization</fielddescr>
@@ -162,7 +158,7 @@
 					</options>
 		</field>
 		<field>
-			<name>SQL Database Configuration</name>
+			<name>SQL DATABASE CONFIGURATION - SERVER 1</name>
 			<type>listtopic</type>
 		</field>
 		<field>
@@ -173,8 +169,6 @@
 			<default_value>mysql</default_value>
 					<options>
 						<option><name>MySQL</name><value>mysql</value></option>
-						<option><name>MsSQL</name><value>mssql</value></option>
-						<option><name>Oracle</name><value>oracle</value></option>
 						<option><name>PostgreSQL</name><value>postgresql</value></option>
 					</options>
 		</field>
@@ -352,6 +346,274 @@
 			<type>input</type>
 			<default_value>nas</default_value>
 		</field>
+		<field>
+			<name>ENABLE REDUNDANT SQL DATABASE SUPPORT</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Choose Failover/Loadbalancing Mode</fielddescr>
+			<fieldname>varsqlconf2failover</fieldname>
+			<description><![CDATA[Choose the interaction of the two SQL databases: (Default: redundant)<br><br>
+								<b>redundant:</b> If server 1 fails failover to server 2<br>
+								<b>load-balance:</b> The load is balanced 50:50 to both databases<br>
+								<b>redundant-load-balance:</b> The load is balanced 50:50 to both databases. If one is down the other does 100%.]]></description>
+			<type>select</type>
+			<default_value>redundant</default_value>
+					<options>
+						<option><name>Redundant</name><value>redundant</value></option>
+						<option><name>Load-Balance</name><value>load-balance</value></option>
+						<option><name>Redundant-Load-Balance</name><value>redundant-load-balance</value></option>
+					</options>
+		</field>
+		<field>
+			<name>ENABLE SQL DATABASE - SERVER 2</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Enable SQL Support</fielddescr>
+			<fieldname>varsqlconf2includeenable</fieldname>
+			<description><![CDATA[Enable this if you like to connect freeRADIUS to a SQL database. (Default: unchecked)<br>
+								You <b>must enable at least</b> one of the following options: Authorization, Accounting, Session, Post-Auth.]]></description>
+			<type>checkbox</type>
+			<enablefields>varsqlconf2enableauthorize,varsqlconf2enableaccounting,varsqlconf2enablesession,varsqlconf2enablepostauth,varsqlconf2database,varsqlconf2server,varsqlconf2port,varsqlconf2login,varsqlconf2password,varsqlconf2radiusdb,varsqlconf2accttable1,varsqlconf2accttable2,varsqlconf2postauthtable,varsqlconf2authchecktable,varsqlconf2authreplytable,varsqlconf2groupchecktable,varsqlconf2groupreplytable,varsqlconf2usergrouptable,varsqlconf2readgroups,varsqlconf2deletestalesessions,varsqlconf2sqltrace,varsqlconf2numsqlsocks,varsqlconf2connectfailureretrydelay,varsqlconf2lifetime,varsqlconf2maxqueries,varsqlconf2readclients,varsqlconf2nastable</enablefields>
+		</field>
+		<field>
+			<fielddescr>Enable SQL Authorization</fielddescr>
+			<fieldname>varsqlconf2enableauthorize</fieldname>
+			<description><![CDATA[Enable this if usernames and passwords are stored on a SQL database.<br>
+								SQL support must be enabled for this to work. (Default: Disable)]]></description>
+			<type>select</type>
+			<default_value>Disable</default_value>
+					<options>
+						<option><name>Disbale</name><value>Disable</value></option>
+						<option><name>Enable</name><value>Enable</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Enable SQL Accounting</fielddescr>
+			<fieldname>varsqlconf2enableaccounting</fieldname>
+			<description><![CDATA[Enable this if accounting packets should be logged to a SQL database.<br>
+								SQL support must be enabled for this to work. (Default: Disable)]]></description>
+			<type>select</type>
+			<default_value>Disable</default_value>
+					<options>
+						<option><name>Disbale</name><value>Disable</value></option>
+						<option><name>Enable</name><value>Enable</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Enable SQL Session</fielddescr>
+			<fieldname>varsqlconf2enablesession</fieldname>
+			<description><![CDATA[Enable this to use the "rlm_sql" module (fast) to check for simultaneous connections instead of "radutmp" (slow).<br>
+								SQL support must be enabled for this to work. (Default: Disable)]]></description>
+			<type>select</type>
+			<default_value>Disable</default_value>
+					<options>
+						<option><name>Disbale</name><value>Disable</value></option>
+						<option><name>Enable</name><value>Enable</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Enable SQL Post-Auth</fielddescr>
+			<fieldname>varsqlconf2enablepostauth</fieldname>
+			<description><![CDATA[Enable this if you like to store post-authentication data on a SQL database.<br>
+								SQL support must be enabled for this to work. (Default: Disable)]]></description>
+			<type>select</type>
+			<default_value>Disable</default_value>
+					<options>
+						<option><name>Disbale</name><value>Disable</value></option>
+						<option><name>Enable</name><value>Enable</value></option>
+					</options>
+		</field>
+		<field>
+			<name>SQL DATABASE CONFIGURATION - SERVER 2</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Database Type</fielddescr>
+			<fieldname>varsqlconf2database</fieldname>
+			<description><![CDATA[Choose the database type. (Default: mysql)]]></description>
+			<type>select</type>
+			<default_value>mysql</default_value>
+					<options>
+						<option><name>MySQL</name><value>mysql</value></option>
+						<option><name>PostgreSQL</name><value>postgresql</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Server IP Address</fielddescr>
+			<fieldname>varsqlconf2server</fieldname>
+			<description><![CDATA[Enter the IP address of the database server (Default: localhost)]]></description>
+			<type>input</type>
+			<default_value>localhost</default_value>
+		</field>
+		<field>
+			<fielddescr>Server Port Address</fielddescr>
+			<fieldname>varsqlconf2port</fieldname>
+			<description><![CDATA[Enter the port address of the database server (Default: 3306)]]></description>
+			<type>input</type>
+			<default_value>3306</default_value>
+		</field>
+		<field>
+			<fielddescr>Database Username</fielddescr>
+			<fieldname>varsqlconf2login</fieldname>
+			<description><![CDATA[Enter the username of the database server (Default: radius)]]></description>
+			<type>input</type>
+			<default_value>radius</default_value>
+		</field>
+		<field>
+			<fielddescr>Database Password</fielddescr>
+			<fieldname>varsqlconf2password</fieldname>
+			<description><![CDATA[Enter the password of the database server (Default: radpass)]]></description>
+			<type>password</type>
+			<default_value>radpass</default_value>
+		</field>
+		<field>
+			<fielddescr>Database Table Configuration</fielddescr>
+			<fieldname>varsqlconf2radiusdb</fieldname>
+			<description><![CDATA[Choose database table configuration: (Default: radius) <br>
+									For all <b>except</b> Oracle choose:  <b>radius</b> <br>
+									For Oracle change and paste the following line according your environment:<br>
+									<b>(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=your_sid)))</b>]]></description>
+			<type>input</type>
+			<default_value>radius</default_value>
+		</field>
+		<field>
+			<fielddescr>Accounting Table 1 (Start)</fielddescr>
+			<fieldname>varsqlconf2accttable1</fieldname>
+			<description><![CDATA[This is the accounting "Start" table. If you want to log "Start" and "Stop" to the same table choose the same name for both. (Default: radacct)]]></description>
+			<type>input</type>
+			<default_value>radacct</default_value>
+		</field>
+		<field>
+			<fielddescr>Accounting Table 2 (Stop)</fielddescr>
+			<fieldname>varsqlconf2accttable2</fieldname>
+			<description><![CDATA[This is the accounting "Stop" table. If you want to log "Stop" and "Stop" to the same table choose the same name for both. (Default: radacct)]]></description>
+			<type>input</type>
+			<default_value>radacct</default_value>
+		</field>
+		<field>
+			<fielddescr>Post Auth Table</fielddescr>
+			<fieldname>varsqlconf2postauthtable</fieldname>
+			<description><![CDATA[Choose Post Auth Table. (Default: radpostauth)]]></description>
+			<type>input</type>
+			<default_value>radpostauth</default_value>
+		</field>
+		<field>
+			<fielddescr>Auth Check Table</fielddescr>
+			<fieldname>varsqlconf2authchecktable</fieldname>
+			<description><![CDATA[Choose Auth Check Table. (Default: radcheck)]]></description>
+			<type>input</type>
+			<default_value>radcheck</default_value>
+		</field>
+		<field>
+			<fielddescr>Auth Reply Table</fielddescr>
+			<fieldname>varsqlconf2authreplytable</fieldname>
+			<description><![CDATA[Choose Auth Reply Table. (Default: radreply)]]></description>
+			<type>input</type>
+			<default_value>radreply</default_value>
+		</field>
+		<field>
+			<fielddescr>Group Check Table</fielddescr>
+			<fieldname>varsqlconf2groupchecktable</fieldname>
+			<description><![CDATA[Choose Group Check Table. (Default: radgroupcheck)]]></description>
+			<type>input</type>
+			<default_value>radgroupcheck</default_value>
+		</field>
+		<field>
+			<fielddescr>Group Reply Table</fielddescr>
+			<fieldname>varsqlconf2groupreplytable</fieldname>
+			<description><![CDATA[Choose Group Check Table. (Default: radgroupreply)]]></description>
+			<type>input</type>
+			<default_value>radgroupreply</default_value>
+		</field>
+		<field>
+			<fielddescr>User Group Table</fielddescr>
+			<fieldname>varsqlconf2usergrouptable</fieldname>
+			<description><![CDATA[Choose Group Check Table. (Default: radusergroup)]]></description>
+			<type>input</type>
+			<default_value>radusergroup</default_value>
+		</field>
+		<field>
+			<fielddescr>Read the Group Tables</fielddescr>
+			<fieldname>varsqlconf2readgroups</fieldname>
+			<description><![CDATA[If set to <b>yes</b> (default) we read the group tables.<br>
+								If set to <b>no</b> the user <b>must</b> have Fall-Through = Yes in the radreply table]]></description>
+			<type>select</type>
+			<default_value>yes</default_value>
+					<options>
+						<option><name>Yes</name><value>yes</value></option>
+						<option><name>No</name><value>no</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Delete Stale Sessions</fielddescr>
+			<fieldname>varsqlconf2deletestalesessions</fieldname>
+			<description><![CDATA[Remove stale session if checkrad does not see a double login. (Default: yes)]]></description>
+			<type>select</type>
+			<default_value>yes</default_value>
+					<options>
+						<option><name>Yes</name><value>yes</value></option>
+						<option><name>No</name><value>no</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Print all SQL Statements</fielddescr>
+			<fieldname>varsqlconf2sqltrace</fieldname>
+			<description><![CDATA[Print all SQL statements when in debug mode. (Default: no)]]></description>
+			<type>select</type>
+			<default_value>no</default_value>
+					<options>
+						<option><name>Yes</name><value>yes</value></option>
+						<option><name>No</name><value>no</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Number of SQL Connections</fielddescr>
+			<fieldname>varsqlconf2numsqlsocks</fieldname>
+			<description><![CDATA[Number of SQL connections to make to the server. (Default: 5)]]></description>
+			<type>input</type>
+			<default_value>5</default_value>
+		</field>
+		<field>
+			<fielddescr>Failed Database Connection Delay</fielddescr>
+			<fieldname>varsqlconf2connectfailureretrydelay</fieldname>
+			<description><![CDATA[Number of seconds btween a retry after a failed database connection. (Default: 60)]]></description>
+			<type>input</type>
+			<default_value>60</default_value>
+		</field>
+		<field>
+			<fielddescr>SQL Socket Lifetime</fielddescr>
+			<fieldname>varsqlconf2lifetime</fieldname>
+			<description><![CDATA[If you are having network issues such as TCP sessions expiring, you may need to set the socket lifetime.  If set to non-zero, any open connections will be closed X seconds after they were first opened. (Default: 0)]]></description>
+			<type>input</type>
+			<default_value>0</default_value>
+		</field>
+		<field>
+			<fielddescr>SQL Socket Maximum Queries</fielddescr>
+			<fieldname>varsqlconf2maxqueries</fieldname>
+			<description><![CDATA[If you have issues with SQL sockets lasting too long, you can limit the number of queries performed over one socket. After X queries, the socket will be closed. Use 0 for no limit. (Default: 0)]]></description>
+			<type>input</type>
+			<default_value>0</default_value>
+		</field>
+		<field>
+			<fielddescr>Read Clients from Database</fielddescr>
+			<fieldname>varsqlconf2readclients</fieldname>
+			<description><![CDATA[Set to <b>yes</b> to read radius clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description>
+			<type>select</type>
+			<default_value>yes</default_value>
+					<options>
+						<option><name>Yes</name><value>yes</value></option>
+						<option><name>No</name><value>no</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>RADIUS Client Table</fielddescr>
+			<fieldname>varsqlconf2nastable</fieldname>
+			<description><![CDATA[Choose the table to keep RADIUS client info. (Default: nas)]]></description>
+			<type>input</type>
+			<default_value>nas</default_value>
+		</field>
 	</fields>
 	<custom_delete_php_command>
 		freeradius_sqlconf_resync();
-- 
cgit v1.2.3


From 2f70074833769eac35d0e349fac6bb83271bc929 Mon Sep 17 00:00:00 2001
From: Nachtfalke <nachtfalkeaw@web.de>
Date: Tue, 10 Jan 2012 22:23:43 +0100
Subject: Update config/freeradius2/freeradiusmodulesldap.xml

---
 config/freeradius2/freeradiusmodulesldap.xml | 277 ++++++++++++++++++++++++++-
 1 file changed, 271 insertions(+), 6 deletions(-)

(limited to 'config/freeradius2')

diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml
index 06a990e7..cf7f5b33 100644
--- a/config/freeradius2/freeradiusmodulesldap.xml
+++ b/config/freeradius2/freeradiusmodulesldap.xml
@@ -98,7 +98,7 @@
 	</tabs>
 	<fields>
 		<field>
-			<name>ENABLE LDAP SUPPORT</name>
+			<name>ENABLE LDAP SUPPORT - SERVER 1</name>
 			<type>listtopic</type>
 		</field>		
 		<field>
@@ -106,6 +106,7 @@
 			<fieldname>varmodulesldapenableauthorize</fieldname>
 			<description><![CDATA[This enables LDAP in authorize section. The ldap module will set Auth-Type to LDAP if it has not already been set. (Default: unchecked)]]></description>
 			<type>checkbox</type>
+			<enablefields>varmodulesldap2enableauthenticate,varmodulesldapkeepaliveinterval,varmodulesldapkeepaliveprobes,varmodulesldapkeepaliveidle,varmodulesldapmsadcompatibilityenable,varmodulesldapnettimeout,varmodulesldaptimelimit,varmodulesldaptimeout,varmodulesldapldapconnectionsnumber,varmodulesldapbasefilter,varmodulesldapfilter,varmodulesldapbasedn,varmodulesldappassword,varmodulesldapidentity,varmodulesldapserver,varmodulesldap2enableauthorize,varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields>
 		</field>
 		<field>
 			<fielddescr>Enable LDAP For Authentication</fielddescr>
@@ -114,7 +115,7 @@
 			<type>checkbox</type>
 		</field>
 		<field>
-			<name>GENERAL CONFIGURATION</name>
+			<name>GENERAL CONFIGURATION - SERVER 1</name>
 			<type>listtopic</type>
 		</field>
 		<field>
@@ -198,7 +199,7 @@
 			<default_value>1</default_value>
 		</field>
 		<field>
-			<name>MISCELLANEOUS CONFIGURATION</name>
+			<name>MISCELLANEOUS CONFIGURATION - SERVER 1</name>
 			<type>listtopic</type>
 		</field>
 		<field>
@@ -213,7 +214,7 @@
 					</options>
 		</field>
 		<field>
-			<fielddescr>Enable Misc Configuration</fielddescr>
+			<fielddescr>Enable Misc Configuration - SERVER 1</fielddescr>
 			<fieldname>varmodulesldapdmiscenable</fieldname>
 			<description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description>
 			<type>checkbox</type>
@@ -244,7 +245,7 @@
 			<default_value>dialupAccess</default_value>
 		</field>
 		<field>
-			<name>Group Membership Options</name>
+			<name>Group Membership Options - SERVER 1</name>
 			<type>listtopic</type>
 		</field>
 		<field>
@@ -312,7 +313,7 @@
 					</options>
 		</field>
 		<field>
-			<name>KEEPALIVE CONFIGURATION</name>
+			<name>KEEPALIVE CONFIGURATION - SERVER 1</name>
 			<type>listtopic</type>
 		</field>
 		<field>
@@ -339,6 +340,270 @@
 			<size>80</size>
 			<default_value>3</default_value>
 		</field>
+		
+		
+		<field>
+			<name>ENABLE REDUNDANT LDAP SERVER SUPPORT</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Choose Failover/Loadbalancing Mode</fielddescr>
+			<fieldname>varmodulesldap2failover</fieldname>
+			<description><![CDATA[Choose the interaction of the two LDAP servers: (Default: redundant)<br><br>
+								<b>redundant:</b> If server 1 fails failover to server 2<br>
+								<b>load-balance:</b> The load is balanced 50:50 to both servers<br>
+								<b>redundant-load-balance:</b> The load is balanced 50:50 to both servers. If one is down the other does 100%.]]></description>
+			<type>select</type>
+			<default_value>redundant</default_value>
+					<options>
+						<option><name>Redundant</name><value>redundant</value></option>
+						<option><name>Load-Balance</name><value>load-balance</value></option>
+						<option><name>Redundant-Load-Balance</name><value>redundant-load-balance</value></option>
+					</options>
+		</field>
+		<field>
+			<name>ENABLE LDAP SUPPORT - SERVER 2</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Enable LDAP For Authorization</fielddescr>
+			<fieldname>varmodulesldap2enableauthorize</fieldname>
+			<description><![CDATA[This enables LDAP in authorize section. The ldap module will set Auth-Type to LDAP if it has not already been set. (Default: unchecked)]]></description>
+			<type>checkbox</type>
+			<enablefields>varmodulesldap2enableauthenticate,varmodulesldap2server,varmodulesldap2identity,varmodulesldap2password,varmodulesldap2basedn,varmodulesldap2filter,varmodulesldap2basefilter,varmodulesldap2ldapconnectionsnumber,varmodulesldap2timeout,varmodulesldap2timelimit,varmodulesldap2nettimeout,varmodulesldap2msadcompatibilityenable,varmodulesldap2dmiscenable,varmodulesldap2groupenable,varmodulesldap2keepaliveidle,varmodulesldap2keepaliveprobes,varmodulesldap2keepaliveinterval</enablefields>
+		</field>
+		<field>
+			<fielddescr>Enable LDAP For Authentication</fielddescr>
+			<fieldname>varmodulesldap2enableauthenticate</fieldname>
+			<description><![CDATA[This enables LDAP in authenticate section. Note that this means "check plain-text password against the ldap database", which means that EAP won't work, as it does not supply a plain-text password.]]></description>
+			<type>checkbox</type>
+		</field>
+		<field>
+			<name>GENERAL CONFIGURATION - SERVER 2</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Server</fielddescr>
+			<fieldname>varmodulesldap2server</fieldname>
+			<description><![CDATA[No description. (Default: ldap.your.domain )]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>ldap.your.domain</default_value>
+		</field>
+		<field>
+			<fielddescr>Identity</fielddescr>
+			<fieldname>varmodulesldap2identity</fieldname>
+			<description><![CDATA[No description. (Default: cn=admin,o=My Org,c=UA )]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value><![CDATA[cn=admin,o=My Org,c=UA]]></default_value>
+		</field>
+		<field>
+			<fielddescr>Password</fielddescr>
+			<fieldname>varmodulesldap2password</fieldname>
+			<description><![CDATA[No description. (Default: mypass)]]></description>
+			<type>password</type>
+			<size>80</size>
+			<default_value>mypass</default_value>
+		</field>
+		<field>
+			<fielddescr>Basedn</fielddescr>
+			<fieldname>varmodulesldap2basedn</fieldname>
+			<description><![CDATA[No description (Default: o=My Org,c=UA )]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value><![CDATA[o=My Org,c=UA]]></default_value>
+		</field>
+		<field>
+			<fielddescr>Filter</fielddescr>
+			<fieldname>varmodulesldap2filter</fieldname>
+			<description><![CDATA[No description. (Default:   (uid=%{%{Stripped-User-Name}:-%{User-Name}})   )]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value><![CDATA[(uid=%{%{Stripped-User-Name}:-%{User-Name}})]]></default_value>
+		</field>
+		<field>
+			<fielddescr>Base Filter</fielddescr>
+			<fieldname>varmodulesldap2basefilter</fieldname>
+			<description><![CDATA[No description. (Default:   (objectclass=radiusprofile)   )]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value><![CDATA[(objectclass=radiusprofile)]]></default_value>
+		</field>
+		<field>
+			<fielddescr>LDAP Connections Number</fielddescr>
+			<fieldname>varmodulesldap2ldapconnectionsnumber</fieldname>
+			<description><![CDATA[How many connections to keep open to the LDAP server. This saves time over opening a new LDAP socket for every authentication request. (Default: 5)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>5</default_value>
+		</field>
+		<field>
+			<fielddescr>Timeout</fielddescr>
+			<fieldname>varmodulesldap2timeout</fieldname>
+			<description><![CDATA[Seconds to wait for LDAP query to finish. (Default: 4)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>4</default_value>
+		</field>
+		<field>
+			<fielddescr>Timelimit</fielddescr>
+			<fieldname>varmodulesldap2timelimit</fieldname>
+			<description><![CDATA[Seconds the LDAP server has to process the query (server-side time limit). (Default: 3)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>3</default_value>
+		</field>
+		<field>
+			<fielddescr>Net Timeout</fielddescr>
+			<fieldname>varmodulesldap2nettimeout</fieldname>
+			<description><![CDATA[Seconds to wait for response of the server because of network failures. (Default: 1)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>1</default_value>
+		</field>
+		<field>
+			<name>MISCELLANEOUS CONFIGURATION - SERVER 2</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Active Directory Compatibility</fielddescr>
+			<fieldname>varmodulesldap2msadcompatibilityenable</fieldname>
+			<description><![CDATA[If you see the helpful "operations error" being returned to the LDAP module enable this. (Default: Disable)]]></description>
+			<type>select</type>
+			<default_value>Disable</default_value>
+					<options>
+						<option><name>Disable</name><value>Disable</value></option>
+						<option><name>Enable</name><value>Enable</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Enable Misc Configuration</fielddescr>
+			<fieldname>varmodulesldap2dmiscenable</fieldname>
+			<description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description>
+			<type>checkbox</type>
+			<enablefields>varmodulesldap2defaultprofile,varmodulesldap2profileattribute,varmodulesldap2accessattr</enablefields>
+		</field>
+		<field>
+			<fielddescr>Default Profile</fielddescr>
+			<fieldname>varmodulesldap2defaultprofile</fieldname>
+			<description><![CDATA[No description. (Default: cn=radprofile,ou=dialup,o=My Org,c=UA )]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value><![CDATA[cn=radprofile,ou=dialup,o=My Org,c=UA]]></default_value>
+		</field>
+		<field>
+			<fielddescr>Profile Attribute</fielddescr>
+			<fieldname>varmodulesldap2profileattribute</fieldname>
+			<description><![CDATA[No description. (Default: radiusProfileDn)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>radiusProfileDn</default_value>
+		</field>
+		<field>
+			<fielddescr>Access Attribute</fielddescr>
+			<fieldname>varmodulesldap2accessattr</fieldname>
+			<description><![CDATA[No description. (Default: dialupAccess)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>dialupAccess</default_value>
+		</field>
+		<field>
+			<name>Group Membership Options - SERVER 2</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Enable Group Membership Options</fielddescr>
+			<fieldname>varmodulesldap2groupenable</fieldname>
+			<description><![CDATA[By default the below options are not active in the configuration. (Default: unchecked)]]></description>
+			<type>checkbox</type>
+			<enablefields>varmodulesldap2accessattrusedforallow,varmodulesldap2doxlat,varmodulesldap2comparecheckitems,varmodulesldap2groupmembershipattribute,varmodulesldap2groupmembershipfilter,varmodulesldap2groupnameattribute</enablefields>
+		</field>
+		<field>
+			<fielddescr>Groupname Attribute</fielddescr>
+			<fieldname>varmodulesldap2groupnameattribute</fieldname>
+			<description><![CDATA[No description. (Default: cn)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>cn</default_value>
+		</field>
+		<field>
+			<fielddescr>Groupmembership Filter</fielddescr>
+			<fieldname>varmodulesldap2groupmembershipfilter</fieldname>
+			<description><![CDATA[No description. (Default: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))  )]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value><![CDATA[(|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn})))]]></default_value>
+		</field>
+		<field>
+			<fielddescr>Groupmembership Attribute</fielddescr>
+			<fieldname>varmodulesldap2groupmembershipattribute</fieldname>
+			<description><![CDATA[No description. (Default: radiusGroupName)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>radiusGroupName</default_value>
+		</field>
+		<field>
+			<fielddescr>Compare Check Items</fielddescr>
+			<fieldname>varmodulesldap2comparecheckitems</fieldname>
+			<description><![CDATA[No description. (Default: Yes)]]></description>
+			<type>select</type>
+			<default_value>Yes</default_value>
+					<options>
+						<option><name>Yes</name><value>yes</value></option>
+						<option><name>No</name><value>no</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Do XLAT</fielddescr>
+			<fieldname>varmodulesldap2doxlat</fieldname>
+			<description><![CDATA[No description. (Default: Yes)]]></description>
+			<type>select</type>
+			<default_value>Yes</default_value>
+					<options>
+						<option><name>Yes</name><value>yes</value></option>
+						<option><name>No</name><value>no</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Access Attribute Used For Allow</fielddescr>
+			<fieldname>varmodulesldap2accessattrusedforallow</fieldname>
+			<description><![CDATA[No description. (Default: Yes)]]></description>
+			<type>select</type>
+			<default_value>Yes</default_value>
+					<options>
+						<option><name>Yes</name><value>yes</value></option>
+						<option><name>No</name><value>no</value></option>
+					</options>
+		</field>
+		<field>
+			<name>KEEPALIVE CONFIGURATION - SERVER 2</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>LDAP OPT X KEEPALIVE IDLE</fielddescr>
+			<fieldname>varmodulesldap2keepaliveidle</fieldname>
+			<description><![CDATA[No description. (Default: 60)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>60</default_value>
+		</field>
+		<field>
+			<fielddescr>LDAP OPT X KEEPALIVE PROBES</fielddescr>
+			<fieldname>varmodulesldap2keepaliveprobes</fieldname>
+			<description><![CDATA[No description. (Default: 3)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>3</default_value>
+		</field>
+		<field>
+			<fielddescr>LDAP OPT X KEEPALIVE INTERVAL</fielddescr>
+			<fieldname>varmodulesldap2keepaliveinterval</fieldname>
+			<description><![CDATA[No description. (Default: 3)]]></description>
+			<type>input</type>
+			<size>80</size>
+			<default_value>3</default_value>
+		</field>
 	</fields>
 	<custom_delete_php_command>
 		freeradius_modulesldap_resync();
-- 
cgit v1.2.3