From: aland Date: Tue, 23 Oct 2007 04:06:02 +0000 (+0000) Subject: We no longer need radrelay.conf, as we have virtual servers. X-Git-Tag: release_2_0_0~323 X-Git-Url: http://www.project-moonshot.org/gitweb/?a=commitdiff_plain;ds=sidebyside;h=3d689a761656c9f1b89676eefe21fd6d7df49c2b;p=freeradius.git We no longer need radrelay.conf, as we have virtual servers. --- diff --git a/configure b/configure index 672a0cb..88c796b 100755 --- a/configure +++ b/configure @@ -1,5 +1,5 @@ #! /bin/sh -# From configure.in Revision: 1.248 . +# From configure.in Revision: 1.249 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.61. # @@ -25329,7 +25329,7 @@ USE_STATIC_LIBS=$enable_static unset ac_cv_env_LIBS_set unset ac_cv_env_LIBS_value - ac_config_files="$ac_config_files ./Make.inc ./src/include/build-radpaths-h ./src/main/Makefile ./src/main/checkrad.pl ./src/main/radlast ./src/main/radtest ./scripts/rc.radiusd ./scripts/radwatch ./scripts/check-radiusd-config ./scripts/radiusd.cron.daily ./scripts/radiusd.cron.monthly ./scripts/cryptpasswd ./raddb/dictionary ./raddb/radiusd.conf ./raddb/vmpsd.conf ./raddb/radrelay.conf" + ac_config_files="$ac_config_files ./Make.inc ./src/include/build-radpaths-h ./src/main/Makefile ./src/main/checkrad.pl ./src/main/radlast ./src/main/radtest ./scripts/rc.radiusd ./scripts/radwatch ./scripts/check-radiusd-config ./scripts/radiusd.cron.daily ./scripts/radiusd.cron.monthly ./scripts/cryptpasswd ./raddb/dictionary ./raddb/radiusd.conf ./raddb/vmpsd.conf" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -25907,7 +25907,6 @@ do "./raddb/dictionary") CONFIG_FILES="$CONFIG_FILES ./raddb/dictionary" ;; "./raddb/radiusd.conf") CONFIG_FILES="$CONFIG_FILES ./raddb/radiusd.conf" ;; "./raddb/vmpsd.conf") CONFIG_FILES="$CONFIG_FILES ./raddb/vmpsd.conf" ;; - "./raddb/radrelay.conf") CONFIG_FILES="$CONFIG_FILES ./raddb/radrelay.conf" ;; *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 echo "$as_me: error: invalid argument: $ac_config_target" >&2;} diff --git a/configure.in b/configure.in index 917a06a..6e56a6a 100644 --- a/configure.in +++ b/configure.in @@ -1182,6 +1182,5 @@ AC_OUTPUT(\ ./scripts/cryptpasswd \ ./raddb/dictionary \ ./raddb/radiusd.conf \ - ./raddb/vmpsd.conf \ - ./raddb/radrelay.conf + ./raddb/vmpsd.conf ) diff --git a/raddb/radrelay.conf.in b/raddb/radrelay.conf.in deleted file mode 100644 index cc35bd1..0000000 --- a/raddb/radrelay.conf.in +++ /dev/null @@ -1,610 +0,0 @@ -## -## radrelay.conf -- FreeRADIUS server configuration file. -## -## http://www.freeradius.org/ -## $Id$ -## -# -# This configuration file is for the "radrelay" personality -# of FreeRADIUS. It contains some of the same configuration -# items as "radiusd.conf", but many have been deleted, as they -# do not apply to "radrelay". -# -# The server reads this file when it is run as "radiusd -n radrelay". -# -# - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -sysconfdir = @sysconfdir@ -localstatedir = @localstatedir@ -sbindir = @sbindir@ -logdir = @logdir@ -raddbdir = @raddbdir@ -radacctdir = @radacctdir@ - -# Location of config and logfiles. -confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd - -# -# The logging messages for the server are appended to the -# tail of this file. -# -log_file = ${logdir}/radius.log - -# -# Destination for log messages. This can be one of: -# -# files - log to ${log_file}, as defined above. -# syslog - to syslog (see also the log{} section, below) -# stdout - standard output -# stderr - standard error. -# -# The command-line option "-X" over-rides this option, and forces -# logging to go to stdout. -# -log_destination = files - -# -# libdir: Where to find the rlm_* modules. -# -# This should be automatically set at configuration time. -# -# If the server builds and installs, but fails at execution time -# with an 'undefined symbol' error, then you can use the libdir -# directive to work around the problem. -# -# The cause is usually that a library has been installed on your -# system in a place where the dynamic linker CANNOT find it. When -# executing as root (or another user), your personal environment MAY -# be set up to allow the dynamic linker to find the library. When -# executing as a daemon, FreeRADIUS MAY NOT have the same -# personalized configuration. -# -# To work around the problem, find out which library contains that symbol, -# and add the directory containing that library to the end of 'libdir', -# with a colon separating the directory names. NO spaces are allowed. -# -# e.g. libdir = /usr/local/lib:/opt/package/lib -# -# You can also try setting the LD_LIBRARY_PATH environment variable -# in a script which starts the server. -# -# If that does not work, then you can re-configure and re-build the -# server to NOT use shared libraries, via: -# -# ./configure --disable-shared -# make -# make install -# -libdir = @libdir@ - -# pidfile: Where to place the PID of the RADIUS server. -# -# The server may be signalled while it's running by using this -# file. -# -# This file is written when ONLY running in daemon mode. -# -# e.g.: kill -HUP `cat /var/run/radiusd/radiusd.pid` -# -pidfile = ${run_dir}/radrelay.pid - -# -# radrelay doesn't need any special permissions to run. -# -#user = nobody -#group = nobody - -max_request_time = 30 -delete_blocked_requests = no -cleanup_delay = 5 -max_requests = 1024 - -# -# You can have as many "listen" sections as you want. -# -# The server CANNOT listen on type "detail" and type "acct" -# at the same time. -# -listen { - type = detail - - # where the detail file is located - filename = ${radacctdir}/detail - - # - # The server can read accounting packets from the detail file - # much more quickly than those packets can be written to a - # database. If we overload the database, then bad things happen. - # - - # The server will keep track of how long it takes to process - # an entry from the detail file, and pause between handling - # entries. This pause allows databases to "catch up", and - # gives the server time to notice that other packets may have - # arrived. - # - # The pause is calculated dynamically, to ensure that the - # load due to reading the detail files is limited to a small - # percentage of CPU time. The "load_factor" configuration - # item is a number between 1 and 100. The server will try to - # keep the percentage of time taken by "detail" file entries - # to "load_factor" percentage of the CPU time. - # - # If the "load_factor" is set to 100, then the server will - # read packets as fast as it can, usually causing databases - # to go into overload. - # - load_factor = 10 - - # - # Server identity. This lets you tell the different "listen" - # sections apart. When a packet is read from a detail file, - # the Server-Identity attribute will be set to the value below - # for that packet. - # - identity = radrelay -} - - -hostname_lookups = no - -log { - syslog_facility = daemon -} - -# PROXY CONFIGURATION -# -# proxy_requests: Turns proxying of RADIUS requests on or off. -# -# The server has proxying turned on by default. If your system is NOT -# set up to proxy requests to another server, then you can turn proxying -# off here. This will save a small amount of resources on the server. -# -# If you have proxying turned off, and your configuration files say -# to proxy a request, then an error message will be logged. -# -# To disable proxying, change the "yes" to "no", and comment the -# $INCLUDE line. -# -# allowed values: {no, yes} -# -proxy_requests = yes -$INCLUDE proxy.conf - - -# CLIENTS CONFIGURATION -# -# Client configuration is defined in "clients.conf". -# -# The "radrelay" personality of the server does not have -# any clients, and does not need, or read, "clients.conf". - - -# SNMP CONFIGURATION -# -# The "radrelay" personality of the server does not have -# any SNMP configuration. - - -# THREAD POOL CONFIGURATION -# -# Threads are less useful for radrelay than for radiusd. -# This section is here just to remind you that it can be controlled. -# -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 -} - -# MODULE CONFIGURATION -# -# The names and configuration of each module is located in this section. -# -# Some modules have been deleted from this section. e.g -# -# pap -# chap -# mschap -# eap -# detail -# unix -# radutmp -# -# It doesn't make sense to use these modules when the server is running -# as "radrelay". -# -modules { - # Realm module, for proxying. - # - # You can have multiple instances of the realm module to - # support multiple realm syntaxs at the same time. The - # search order is defined by the order in the authorize and - # preacct sections. - # - # Four config options: - # format - must be "prefix" or "suffix" - # The special cases of "DEFAULT" - # and "NULL" are allowed, too. - # delimiter - must be a single character - - # 'realm/username' - # - # Using this entry, IPASS users have their realm set to "IPASS". - realm IPASS { - format = prefix - delimiter = "/" - } - - # 'username@realm' - # - realm suffix { - format = suffix - delimiter = "@" - } - - # 'username%realm' - # - realm realmpercent { - format = suffix - delimiter = "%" - } - - # - # 'domain\user' - # - realm ntdomain { - format = prefix - delimiter = "\\" - } - - # A simple value checking module - # - # It can be used to check if an attribute value in the request - # matches a (possibly multi valued) attribute in the check - # items This can be used for example for caller-id - # authentication. For the module to run, both the request - # attribute and the check items attribute must exist - # - # i.e. - # A user has an ldap entry with 2 radiusCallingStationId - # attributes with values "12345678" and "12345679". If we - # enable rlm_checkval, then any request which contains a - # Calling-Station-Id with one of those two values will be - # accepted. Requests with other values for - # Calling-Station-Id will be rejected. - # - # Regular expressions in the check attribute value are allowed - # as long as the operator is '=~' - # - checkval { - # The attribute to look for in the request - item-name = Calling-Station-Id - - # The attribute to look for in check items. Can be multi valued - check-name = Calling-Station-Id - - # The data type. Can be - # string,integer,ipaddr,date,abinary,octets - data-type = string - - # If set to yes and we dont find the item-name attribute in the - # request then we send back a reject - # DEFAULT is no - #notfound-reject = no - } - - # rewrite arbitrary packets. Useful in accounting and authorization. - # - # - # The module can also use the Rewrite-Rule attribute. If it - # is set and matches the name of the module instance, then - # that module instance will be the only one which runs. - # - # Also if new_attribute is set to yes then a new attribute - # will be created containing the value replacewith and it - # will be added to searchin (packet, reply, proxy, proxy_reply or config). - # searchfor,ignore_case and max_matches will be ignored in that case. - # - # Backreferences are supported: %{0} will contain the string the whole match - # and %{1} to %{8} will contain the contents of the 1st to the 8th parentheses - # - # If max_matches is greater than one the backreferences will correspond to the - # first match - - # - #attr_rewrite sanecallerid { - # attribute = Called-Station-Id - # may be "packet", "reply", "proxy", "proxy_reply" or "config" - # searchin = packet - # searchfor = "[+ ]" - # replacewith = "" - # ignore_case = no - # new_attribute = no - # max_matches = 10 - # ## If set to yes then the replace string will be appended to the original string - # append = no - #} - - # Preprocess the incoming RADIUS request, before handing it off - # to other modules. - # - # This module processes the 'huntgroups' and 'hints' files. - # In addition, it re-writes some weird attributes created - # by some NASes, and converts the attributes into a form which - # is a little more standard. - # - preprocess { - huntgroups = ${confdir}/huntgroups - hints = ${confdir}/hints - - # This hack changes Ascend's wierd port numberings - # to standard 0-??? port numbers so that the "+" works - # for IP address assignments. - with_ascend_hack = no - ascend_channels_per_line = 23 - - # Windows NT machines often authenticate themselves as - # NT_DOMAIN\username - # - # If this is set to 'yes', then the NT_DOMAIN portion - # of the user-name is silently discarded. - # - # This configuration entry SHOULD NOT be used. - # See the "realms" module for a better way to handle - # NT domains. - with_ntdomain_hack = no - - # Specialix Jetstream 8500 24 port access server. - # - # If the user name is 10 characters or longer, a "/" - # and the excess characters after the 10th are - # appended to the user name. - # - # If you're not running that NAS, you don't need - # this hack. - with_specialix_jetstream_hack = no - - # Cisco (and Quintum in Cisco mode) sends it's VSA attributes - # with the attribute name *again* in the string, like: - # - # H323-Attribute = "h323-attribute=value". - # - # If this configuration item is set to 'yes', then - # the redundant data in the the attribute text is stripped - # out. The result is: - # - # H323-Attribute = "value" - # - # If you're not running a Cisco or Quintum NAS, you don't - # need this hack. - with_cisco_vsa_hack = no - } - - # Livingston-style 'users' file - # - files { - usersfile = ${confdir}/users - acctusersfile = ${confdir}/acct_users - - # If you want to use the old Cistron 'users' file - # with FreeRADIUS, you should change the next line - # to 'compat = cistron'. You can the copy your 'users' - # file from Cistron. - compat = no - } - - # Create a unique accounting session Id. Many NASes re-use or - # repeat values for Acct-Session-Id, causing no end of - # confusion. - # - # This module will add a (probably) unique session id - # to an accounting packet based on the attributes listed - # below found in the packet. See doc/rlm_acct_unique for - # more information. - # - acct_unique { - key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" - } - - - # Include another file that has the SQL-related configuration. - # This is another file only because it tends to be big. - # - # The following configuration file is for use with MySQL. - # - # For Postgresql, use: ${confdir}/postgresql.conf - # For MS-SQL, use: ${confdir}/mssql.conf - # For Oracle, use: ${confdir}/oraclesql.conf - # -# $INCLUDE sql.conf - - - # For Cisco VoIP specific accounting with Postgresql, - # use: ${confdir}/pgsql-voip.conf - # - # You will also need the sql schema from: - # src/billing/cisco_h323_db_schema-postgres.sql - # Note: This config can be use AS WELL AS the standard sql - # config if you need SQL based Auth - - # The "always" module is here for debugging purposes. Each - # instance simply returns the same result, always, without - # doing anything. - always fail { - rcode = fail - } - always reject { - rcode = reject - } - always ok { - rcode = ok - simulcount = 0 - mpp = no - } - - # - # The 'expression' module currently has no configuration. - # - # This module is useful only for 'xlat'. To use it, - # put 'exec' into the 'instantiate' section. You can then - # do dynamic translation of attributes like: - # - # Attribute-Name = `%{expr:2 + 3 + %{exec: uid -u}}` - # - # The value of the attribute will be replaced with the output - # of the program which is executed. Due to RADIUS protocol - # limitations, any output over 253 bytes will be ignored. - # - # The module also registers a few paircompare functions - expr { - } - - # - # Execute external programs - # - # This module is useful only for 'xlat'. To use it, - # put 'exec' into the 'instantiate' section. You can then - # do dynamic translation of attributes like: - # - # Attribute-Name = `%{exec:/path/to/program args}` - # - # The value of the attribute will be replaced with the output - # of the program which is executed. Due to RADIUS protocol - # limitations, any output over 253 bytes will be ignored. - # - # The RADIUS attributes from the user request will be placed - # into environment variables of the executed program, as - # described in 'doc/variables.txt' - # - exec { - wait = yes - input_pairs = request - shell_escape = yes - } -} - -# Instantiation -# -# This section orders the loading of the modules. Modules -# listed here will get loaded BEFORE the later sections like -# authorize, authenticate, etc. get examined. -# -# This section is not strictly needed. When a section like -# authorize refers to a module, it's automatically loaded and -# initialized. However, some modules may not be listed in any -# of the following sections, so they can be listed here. -# -# Also, listing modules here ensures that you have control over -# the order in which they are initalized. If one module needs -# something defined by another module, you can list them in order -# here, and ensure that the configuration will be OK. -# -instantiate { - exec - expr - - # subsections here can be thought of as "virtual" modules. - # - # e.g. If you have two redundant SQL servers, and you want to - # use them in the authorize and accounting sections, you could - # place a "redundant" block in each section, containing the - # exact same text. Or, you could uncomment the following - # lines, and list "redundant_sql" in the authorize and - # accounting sections. - # - #redundant redundant_sql { - # sql1 - # sql2 - #} -} - -# -# There are no authorize, authenticate, or post-auth sections. -# - -# -# Pre-accounting. Decide which accounting type to use. -# -preacct { - preprocess - - # - # Ensure that we have a semi-unique identifier for every - # request, and many NAS boxes are broken. - acct_unique - - # - # Look for IPASS-style 'realm/', and if not found, look for - # '@realm', and decide whether or not to proxy, based on - # that. - # - # Accounting requests are generally proxied to the same - # home server as authentication requests. -# IPASS - suffix -# ntdomain - - # - # Read the 'acct_users' file - files -} - -# -# Accounting. Log the accounting data. -# -accounting { - # - # Log traffic to an SQL database. - # - # See "Accounting queries" in sql.conf -# sql - - - # Cisco VoIP specific bulk accounting -# pgsql-voip - -} - - -# -# When the server decides to proxy a request to a home server, -# the proxied request is first passed through the pre-proxy -# stage. This stage can re-write the request, or decide to -# cancel the proxy. -# -# Only a few modules currently have this method. -# -pre-proxy { -# attr_rewrite - - # If you want to have a log of packets proxied to a home - # server, un-comment the following line, and the - # 'detail pre_proxy_log' section, above. -# pre_proxy_log -} - -# -# When the server receives a reply to a request it proxied -# to a home server, the request may be massaged here, in the -# post-proxy stage. -# -post-proxy { - # - - # If you want to have a log of replies from a home server, - # un-comment the following line, and the 'detail post_proxy_log' - # section, above. -# post_proxy_log - -# attr_rewrite - - # Uncomment the following line if you want to filter replies from - # remote proxies based on the rules defined in the 'attrs' file. - -# attr_filter -}