From 4d59da46ecf55861609b5949660a46809e794042 Mon Sep 17 00:00:00 2001 From: Alexander Wilke Date: Mon, 2 Jan 2012 01:55:32 +0000 Subject: freeradius2 updates pkg v1.4.1 --- config/freeradius2/freeradius.inc | 349 +++++++++++++++++++++++--- config/freeradius2/freeradius.xml | 1 + config/freeradius2/freeradius_view_config.php | 0 config/freeradius2/freeradiuscerts.xml | 0 config/freeradius2/freeradiusclients.xml | 0 config/freeradius2/freeradiuseapconf.xml | 0 config/freeradius2/freeradiusinterfaces.xml | 0 config/freeradius2/freeradiussettings.xml | 0 config/freeradius2/freeradiussqlconf.xml | 0 config/freeradius2/freeradiussync.xml | 0 10 files changed, 320 insertions(+), 30 deletions(-) mode change 100644 => 100755 config/freeradius2/freeradius.xml mode change 100644 => 100755 config/freeradius2/freeradius_view_config.php mode change 100644 => 100755 config/freeradius2/freeradiuscerts.xml mode change 100644 => 100755 config/freeradius2/freeradiusclients.xml mode change 100644 => 100755 config/freeradius2/freeradiuseapconf.xml mode change 100644 => 100755 config/freeradius2/freeradiusinterfaces.xml mode change 100644 => 100755 config/freeradius2/freeradiussettings.xml mode change 100644 => 100755 config/freeradius2/freeradiussqlconf.xml mode change 100644 => 100755 config/freeradius2/freeradiussync.xml (limited to 'config') diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 6b1cfb9d..52456822 100755 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -281,7 +281,10 @@ instantiate { exec expr - #daily + daily + weekly + monthly + forever expiration logintime ### Dis-/Enable sql instatiate @@ -299,6 +302,9 @@ EOD; // "freeradius_sqlconf_resync" is pointing to this function because we need to run "freeradius_serverdefault_resync" and after that restart freeradius. freeradius_serverdefault_resync(); + freeradius_modulescounter_resync(); + freeradius_modulesmschap_resync(); + freeradius_modulesrealm_resync(); restart_service("freeradius"); } @@ -348,45 +354,57 @@ if (is_array($arrusers) && !empty($arrusers)) { } // Empty variable - $varusersmainoptions = ''; + $varuserscheckitem = ''; + $varusersreplyitem = ''; // Add the user attributes to each user. - $varusersmainoptions = '"' . $varusersusername . '"' . " Cleartext-Password := " . '"' . $varuserspassword .'"'; + $varuserscheckitem = '"' . $varusersusername . '"' . " Cleartext-Password := " . '"' . $varuserspassword .'"'; + // Add additional CHECK-ITEMS here. Different formatting in "users" file needed. if ($varuserssimultaneousconnect != '') { - $varusersmainoptions .= "\n\tSimultaneous-Use := $varuserssimultaneousconnect"; + $varuserscheckitem .= ", Simultaneous-Use := " . '"' . $varuserssimultaneousconnect . '"'; } if ($varusersexpiration != '') { - $varusersmainoptions .= ",\n\tExpiration := " . '"' . $varusersexpiration . '"'; + $varuserscheckitem .= ", Expiration := " . '"' . $varusersexpiration . '"'; } if ($varuserslogintime != '') { - $varusersmainoptions .= ",\n\tLogin-Time := " . '"' . $varuserslogintime . '"'; + $varuserscheckitem .= ", Login-Time := " . '"' . $varuserslogintime . '"'; } - if ($varuserssessiontimeout != '') { - $varusersmainoptions .= ",\n\tSession-Timeout := $varuserssessiontimeout"; - } + + // Add additional REPLY-ITEMS here. Different formatting in "users" file needed. if ($varusersframedipaddress != '') { - $varusersmainoptions .= ",\n\tFramed-IP-Address = $varusersframedipaddress"; + if ($varusersreplyitem != '') { $varusersreplyitem .=","; } + $varusersreplyitem .= "\n\tFramed-IP-Address = $varusersframedipaddress"; } if ($varusersframedipnetmask != '') { - $varusersmainoptions .= ",\n\tFramed-IP-Netmask = $varusersframedipnetmask"; + if ($varusersreplyitem != '') { $varusersreplyitem .=","; } + $varusersreplyitem .= "\n\tFramed-IP-Netmask = $varusersframedipnetmask"; } if ($varusersframedroute != '') { - $varusersmainoptions .= ",\n\tFramed-Route = " . '"' . $varusersframedroute . '"'; + if ($varusersreplyitem != '') { $varusersreplyitem .=","; } + $varusersreplyitem .= "\n\tFramed-Route = " . '"' . $varusersframedroute . '"'; + } + if ($varuserssessiontimeout != '') { + if ($varusersreplyitem != '') { $varusersreplyitem .=","; } + $varusersreplyitem .= "\n\tSession-Timeout := $varuserssessiontimeout"; } if ($varusersvlanid != '') { - $varusersmainoptions .= ",\n\tTunnel-Type = VLAN,\n\tTunnel-Medium-Type = IEEE-802,\n\tTunnel-Private-Group-ID = " . '"' . $varusersvlanid . '"'; + if ($varusersreplyitem != '') { $varusersreplyitem .=","; } + $varusersreplyitem .= "\n\tTunnel-Type = VLAN,\n\tTunnel-Medium-Type = IEEE-802,\n\tTunnel-Private-Group-ID = " . '"' . $varusersvlanid . '"'; } if ($varusersadditionaloptionsbottom != '') { - $varusersmainoptions .= ",\n\t$varusersadditionaloptionsbottom"; + if ($varusersreplyitem != '') { $varusersreplyitem .=","; } + $varusersreplyitem .= "\n\t$varusersadditionaloptionsbottom"; } - // Cosmetic fix - This is just to make a blank new line after each user entry - $varusersmainoptions .= "\n\n"; + + // Cosmetic fix - This is just to make a blank new line after each user entry + $varusersreplyitem .= "\n\n"; $conf .= << 3600, Auth-Type = Reject +# Reply-Message = "You've used up more than one hour today" +# +# The allowed-servicetype attribute can be used to only take +# into account specific sessions. For example if a user first +# logs in through a login menu and then selects ppp there will +# be two sessions. One for Login-User and one for Framed-User +# service type. We only need to take into account the second one. +# +# The module should be added in the instantiate, authorize and +# accounting sections. Make sure that in the authorize +# section it comes after any module which sets the +# 'check-name' attribute. +# +counter daily { + filename = \${raddbdir}/db.daily + key = User-Name + count-attribute = Acct-Session-Time + reset = daily + counter-name = Daily-Session-Time + check-name = Max-Daily-Session + reply-name = Session-Timeout + cache-size = 5000 +} + +counter weekly { + filename = \${raddbdir}/db.weekly + key = User-Name + count-attribute = Acct-Session-Time + reset = weekly + counter-name = Weekly-Session-Time + check-name = Max-Weekly-Session + reply-name = Session-Timeout + cache-size = 5000 +} + +counter monthly { + filename = \${raddbdir}/db.monthly + key = User-Name + count-attribute = Acct-Session-Time + reset = monthly + counter-name = Monthly-Session-Time + check-name = Max-Monthly-Session + reply-name = Session-Timeout + cache-size = 5000 +} + +counter forever { + filename = \${raddbdir}/db.forever + key = User-Name + count-attribute = Acct-Session-Time + reset = never + counter-name = Forever-Session-Time + check-name = Max-Forever-Session + reply-name = Session-Timeout + cache-size = 5000 +} + +EOD; + + $filename = RADDB . '/modules/counter'; + conf_mount_rw(); + file_put_contents($filename, $conf); + chmod($filename, 0600); + conf_mount_ro(); + +} + +function freeradius_modulesmschap_resync() { + global $config; + $conf = ''; + + $conf .= << \ No newline at end of file diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml old mode 100644 new mode 100755 index 9ebefe47..627506a7 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -319,6 +319,7 @@ freeradius_sqlconf_resync(); exec("rm -f /usr/local/etc/raddb/sites-enabled/control-socket"); exec("rm -f /usr/local/etc/raddb/sites-enabled/inner-tunnel"); + exec("ln -s /usr/local/etc/raddb/sites-available/soh /usr/local/etc/raddb/sites-enabled/"); freeradius_deinstall_command(); diff --git a/config/freeradius2/freeradius_view_config.php b/config/freeradius2/freeradius_view_config.php old mode 100644 new mode 100755 diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml old mode 100644 new mode 100755 diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml old mode 100644 new mode 100755 diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml old mode 100644 new mode 100755 diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml old mode 100644 new mode 100755 diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml old mode 100644 new mode 100755 diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml old mode 100644 new mode 100755 diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml old mode 100644 new mode 100755 -- cgit v1.2.3