Copyright (C) 2013 Marcello Coutinho (revocation list code)
All rights reserved.
Based on m0n0wall (http://m0n0.ch/wall)
Copyright (C) 2003-2006 Manuel Kasper .
All rights reserved.
*/
/* ========================================================================== */
/*
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
*/
/* ========================================================================== */
]]> Describe your package requirements hereCurrently there are no FAQ items provided.freeradiuseapconfnoneFreeRADIUS: EAPpkg_edit.php?xml=freeradiuseapconf.xml&id=0/usr/local/pkg/freeradius.incUsers/pkg.php?xml=freeradius.xmlMACs/pkg.php?xml=freeradiusauthorizedmacs.xmlNAS / Clients/pkg.php?xml=freeradiusclients.xmlInterfaces/pkg.php?xml=freeradiusinterfaces.xmlSettings/pkg_edit.php?xml=freeradiussettings.xml&id=0EAP/pkg_edit.php?xml=freeradiuseapconf.xml&id=0SQL/pkg_edit.php?xml=freeradiussqlconf.xml&id=0Certificates/pkg_edit.php?xml=freeradiuscerts.xml&id=0LDAP/pkg_edit.php?xml=freeradiusmodulesldap.xml&id=0View config/freeradius_view_config.phpXMLRPC Sync/pkg_edit.php?xml=freeradiussync.xml&id=0EAPlisttopicDisable weak EAP typesvareapconfdisableweakeaptypescheckboxDefault EAP Typevareapconfdefaulteaptypeselectmd5Expiration of EAP-Response / EAP-Request Listvareapconftimerexpireinput60Ignore Unknown EAP Typesvareapconfignoreunknowneaptypesmust be configured to proxy the request to a further RADIUS server. (Default: no)]]>selectnoCISCO Accounting Username BugvareapconfciscoaccountingusernamebugselectnoMaximum Sessions Tracking per Servervareapconfmaxsessionsinput4096Certificates for TLSlisttopicChoose Cert Managervareapconfchoosecertmanager
To use the firewall's built-in Certificate Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).
unchecked: FreeRADIUS Cert Manager (not recommended) (Default: unchecked) checked: Firewall Cert Manager (recommended)]]>checkboxssl_ca_cert,ssl_ca_crl,ssl_server_certPrivate Key PasswordvareapconfprivatekeypasswordpasswordwhateverSSL CA Certificatessl_ca_cert
Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]>select_sourcedescrrefidSSL Revocation Listssl_ca_crlHINT: You need to restart freeradius service after adding a certificate to the CRL.
Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]>select_sourcedescrrefidSSL Server Certificatessl_server_cert
Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]>select_sourcedescrrefidEAP-TLSlisttopicInclude LengthvareapconfincludelengthselectyesFragment Sizevareapconffragmentsizeinput1024Check Cert Issuervareapconfenablecheckcertissuercheckboxvareapconfcountry,vareapconfstate,vareapconfcity,vareapconforganization,vareapconfemail,vareapconfcommonnameCountryvareapconfcountryMust match the value you set in SYSTEM => Cert Manager => CAs. (e.g: US)]]>inputState or ProvincevareapconfstateMust match the value you set in SYSTEM => Cert Manager => CAs. (e.g: Texas)]]>inputCityvareapconfcityMust match the value you set in SYSTEM => Cert Manager => CAs. (e.g: Austin)]]>inputOrganizationvareapconforganizationMust match the value you set in SYSTEM => Cert Manager => CAs. (e.g: My Company Ltd)]]>inputE-Mail AddressvareapconfemailMust match the value you set in SYSTEM => Cert Manager => CAs. (e.g: My Company Ltd)]]>inputCommon NamevareapconfcommonnameMust match the value you set in SYSTEM => Cert Manager => CAs. (e.g: My Company Ltd)]]>inputCheck Client Certificate CNvareapconfenablecheckcertcnFreeRADIUS => Users. (Default: unchecked)]]>checkboxEAP-TLS - Enable CachelisttopicEnable cachevareapconfcacheenablecache
The cache contains the following information:
session Id - unique identifier, managed by SSL User-Name - from the Access-Accept Stripped-User-Name - from the Access-Request Cached-Session-Policy - from the Access-Accept
The "Cached-Session-Policy" is the name of a policy which should be applied to the cached session. This policy can be used to assign VLANs, IP addresses, etc. It serves as a useful way to re-apply the policy from the original Access-Accept to the subsequent Access-Accept for the cached session.
On session resumption, these attributes are copied from the cache, and placed into the reply list. You probably also want "use_tunneled_reply = yes" when using fast session resumption. (Default: Disable)]]>selectnoLifetimevareapconfcachelifetimeinput24Max Entriesvareapconfcachemaxentriesinput255EAP-TLS with OCSP supportlisttopicEnable OCSPvareapconfocspenableselectnoOverride OCSP Responder URLvareapconfocspoverridecerturlselectnoOCSP Respondervareapconfocspurlmust be enabled for this to work. (Default: http://127.0.0.1/ocsp/)]]>inputhttp://127.0.0.1/ocsp/EAP-TTLSlisttopicDefault EAP Typevareapconfttlsdefaulteaptypeselectmd5Copy Request to Tunnelvareapconfttlscopyrequesttotunnel
By setting this configuration entry to 'yes', any attribute which NOT in the tunneled authentication request, but which IS available outside of the tunnel, is copied to the tunneled request. (Default: no)]]>selectnoUse Tunneled ReplyvareapconfttlsusetunneledreplyselectnoInclude LengthvareapconfttlsincludelengthselectyesEAP-PEAPlisttopicDefault EAP Typevareapconfpeapdefaulteaptypeselectmschapv2Copy Request to Tunnelvareapconfpeapcopyrequesttotunnel
By setting this configuration entry to 'yes', any attribute which NOT in the tunneled authentication request, but which IS available outside of the tunnel, is copied to the tunneled request. (Default: no)]]>selectnoUse Tunneled ReplyvareapconfpeapusetunneledreplyselectnoMicrosoft Statement of Health (SoH) SupportvareapconfpeapsohenableselectDisable
freeradius_eapconf_resync();
freeradius_eapconf_resync();