aland [Mon, 30 Sep 2002 18:43:47 +0000 (18:43 +0000)]
Re-arranged the documentation, to make it easier to follow for
people who've never done this before.
aland [Mon, 30 Sep 2002 18:10:13 +0000 (18:10 +0000)]
Minor additions for HPUX support
aland [Mon, 30 Sep 2002 16:34:49 +0000 (16:34 +0000)]
Save the radiusd PID
aland [Mon, 30 Sep 2002 16:24:44 +0000 (16:24 +0000)]
New modules get put into the START of the list, so that when
we unlink them, we do FILO, instead of FIFO. This change appears
to make some platforms work better, and enable C++ modules.
Patch from Andrey Kotrekhov
aland [Mon, 30 Sep 2002 16:21:05 +0000 (16:21 +0000)]
Empty target, with note that hand-editing is required to get
this module to work.
kkalev [Mon, 30 Sep 2002 08:12:07 +0000 (08:12 +0000)]
Fix a small issue with the general_accounting_info_order
kkalev [Sun, 29 Sep 2002 11:39:42 +0000 (11:39 +0000)]
* In lib/ldap/functions.php3 only ask for the cn attribute in ldap_search not the whole entry. That should make
user_finger a lot faster when the user database is in ldap
* In lib/functions.php3 pass a second argument to date2timediv with the current time. user_finger calls that
function for each online user so we now don't need to do a lot of calls to time() but only one. That should make
user_finger somewhat faster.
kkalev [Sat, 28 Sep 2002 09:48:29 +0000 (09:48 +0000)]
Update documentation for the counter module
aland [Fri, 27 Sep 2002 20:21:51 +0000 (20:21 +0000)]
Deleted the 'configure' script, so nothing will try to build this
module, as the freetds library API is under development.
Made a note to that effect in the README
cmiller [Fri, 27 Sep 2002 15:17:46 +0000 (15:17 +0000)]
*** empty log message ***
cmiller [Fri, 27 Sep 2002 15:17:17 +0000 (15:17 +0000)]
debian: check for exec failure in init script.
debian: exclude modules not listed in stable list.
debian: prepare for 0.7.2.
cmiller [Fri, 27 Sep 2002 15:13:27 +0000 (15:13 +0000)]
Write config.h file at configure-time.
cmiller [Fri, 27 Sep 2002 15:12:57 +0000 (15:12 +0000)]
Correctly detect locally preinstalled libltdl.
kkalev [Fri, 27 Sep 2002 09:00:45 +0000 (09:00 +0000)]
Allow multiple regular profiles for an entry
kkalev [Thu, 26 Sep 2002 21:42:21 +0000 (21:42 +0000)]
Use CISCO-AAA-SESSION-MIB in checkrad
kkalev [Thu, 26 Sep 2002 21:37:11 +0000 (21:37 +0000)]
Use CISCO-AAA-SESSION-MIB in snmpfinger
kkalev [Thu, 26 Sep 2002 20:24:11 +0000 (20:24 +0000)]
In simul_verify_query use CallingStationId and *NOT* CalledStationId.
Quite serious bug. Now Simultaneous-Use check with sql should work much
better.
kkalev [Thu, 26 Sep 2002 10:01:23 +0000 (10:01 +0000)]
Fix a problem in user_accounting when NASIPAddress is not set.
aland [Wed, 25 Sep 2002 14:11:22 +0000 (14:11 +0000)]
Added 'op' fields to oracle DB
aland [Wed, 25 Sep 2002 14:07:33 +0000 (14:07 +0000)]
WEP is now supported.
kkalev [Wed, 25 Sep 2002 13:23:58 +0000 (13:23 +0000)]
html fixes in accounting.php3
aland [Tue, 24 Sep 2002 14:32:19 +0000 (14:32 +0000)]
Auto-rotate the detail file every day. Add comments describing
how to do more.
aland [Tue, 24 Sep 2002 14:24:31 +0000 (14:24 +0000)]
Added '%H' in xlat, for request hour.
Patch from Kevin Bonner.
aland [Tue, 24 Sep 2002 14:07:23 +0000 (14:07 +0000)]
Work around more stupid autoconf "helpfulness"
kkalev [Tue, 24 Sep 2002 11:02:38 +0000 (11:02 +0000)]
Only do an xlat on the replace string if we really need to
kkalev [Tue, 24 Sep 2002 09:02:42 +0000 (09:02 +0000)]
Add a few comments in log_badlogins, support auth logs containing the password, work nice when the client
is localhost, add an option to scan the whole radius.log and add failed logins in the sql database (can be
used for initialization).
aland [Mon, 23 Sep 2002 15:57:50 +0000 (15:57 +0000)]
Use newly configured header files, so MacOS X will be able to
build, without source code modifications.
aland [Mon, 23 Sep 2002 15:57:11 +0000 (15:57 +0000)]
Look for <security/pam_appl.h> and <pam/pam_appl.h>
kkalev [Mon, 23 Sep 2002 12:38:18 +0000 (12:38 +0000)]
Allow the user to add extra attributes in the test user page
kkalev [Sun, 22 Sep 2002 08:26:42 +0000 (08:26 +0000)]
Update the FAQ with an entry about sessions.
kkalev [Sat, 21 Sep 2002 16:04:25 +0000 (16:04 +0000)]
Update the FAQ with an entry about the Online Users page not showing anything.
kkalev [Sat, 21 Sep 2002 13:51:38 +0000 (13:51 +0000)]
Add a few more comments in the admin.conf
kkalev [Sat, 21 Sep 2002 13:38:23 +0000 (13:38 +0000)]
Add support for realm in username and allow for realm striping in the web pages and in log_badlogins
cparker [Wed, 18 Sep 2002 21:07:42 +0000 (21:07 +0000)]
Updated patch from Rainer Weikusat <weikusat@students.uni-mainz.de> to
only increment ID in cases where code is not EAP_SUCCESS or EAP_FAILURE.
aland [Wed, 18 Sep 2002 19:43:41 +0000 (19:43 +0000)]
Added tabs and white space
aland [Wed, 18 Sep 2002 19:42:14 +0000 (19:42 +0000)]
Cisco VPN 3000 dictionary, as posted to the list by Deramus, Chris
kkalev [Wed, 18 Sep 2002 12:38:17 +0000 (12:38 +0000)]
In snmpfinger also consider '-' as a valid character for a username
kkalev [Tue, 17 Sep 2002 21:41:37 +0000 (21:41 +0000)]
Add an arrow gif in htdocs/images to be used in the buttons page when adding multiple finger pages
aland [Tue, 17 Sep 2002 17:16:34 +0000 (17:16 +0000)]
Added a bunch of missing 'p++'
cparker [Tue, 17 Sep 2002 13:33:50 +0000 (13:33 +0000)]
EAP TLS patch from Rainer Weikusat <weikusat@students.uni-mainz.de> to fix
problems with EAP packet IDs and retransmission.
aland [Tue, 17 Sep 2002 13:04:52 +0000 (13:04 +0000)]
Use 'sizeof' to pass buffer sizes, as it's better than using a
macro definition.
kkalev [Tue, 17 Sep 2002 12:33:17 +0000 (12:33 +0000)]
In the buttons toolbar Edit User should not be clickable.
kkalev [Tue, 17 Sep 2002 12:25:05 +0000 (12:25 +0000)]
Use require_once when including lib/functions.php3 in lib/sql
fcusack [Tue, 17 Sep 2002 02:34:08 +0000 (02:34 +0000)]
typo
kkalev [Mon, 16 Sep 2002 12:33:23 +0000 (12:33 +0000)]
Check that mysql_sock is not NULL in sql_close. Patch from Kevin Bonner <keb@pa.net>
kkalev [Mon, 16 Sep 2002 10:31:51 +0000 (10:31 +0000)]
Add a missing WHERE UserName = '$login' in the UPDATE statement in lib/sql/change_info.php3. Patch by
Eddie Bindt <eddieb@users.sourceforge.net>
fcusack [Fri, 13 Sep 2002 23:13:58 +0000 (23:13 +0000)]
move symlink "magic" into init script, where it actually works.
fcusack [Fri, 13 Sep 2002 22:36:55 +0000 (22:36 +0000)]
Add a symlink so 'service radiusd restart' isn't noisy
aland [Fri, 13 Sep 2002 16:18:46 +0000 (16:18 +0000)]
Added configuration for log_file
aland [Fri, 13 Sep 2002 16:16:30 +0000 (16:16 +0000)]
Corrected typo in last commit
aland [Fri, 13 Sep 2002 16:15:00 +0000 (16:15 +0000)]
Deleted compile-time definition for 'radius.log', and changed it
to a run-time configurable directive.
fcusack [Fri, 13 Sep 2002 06:49:34 +0000 (06:49 +0000)]
fix failcount-double-increment bug introduced with ewindow2
aland [Thu, 12 Sep 2002 15:19:50 +0000 (15:19 +0000)]
Sample file which isn't currently used.
kkalev [Thu, 12 Sep 2002 13:38:14 +0000 (13:38 +0000)]
- Only add a failure message for bind as user failed in ldap_authenticate if the result of ldap_connect was
RLM_MODULE_REJECT
- Make tls_mode a configurable option. Patch from John <jhogenmiller@pennswoods.net>
kkalev [Thu, 12 Sep 2002 08:45:49 +0000 (08:45 +0000)]
Replace the groupmembership_attribute value in the docs and in radiusd.conf with
radiusGroupName
aland [Wed, 11 Sep 2002 18:28:00 +0000 (18:28 +0000)]
Unix timestamps are unsigned ints.
Ensure there's enough free space to put unknown variables.
Patch from rick@fdd.com
aland [Wed, 11 Sep 2002 18:25:31 +0000 (18:25 +0000)]
The PAM libraries aren't thread-safe, so make rlm_pam unsafe for
threading, too.
aland [Wed, 11 Sep 2002 18:20:27 +0000 (18:20 +0000)]
Re-arrange the functions so that they are defined before they
are used.
Patch from Andrea Gabellini
aland [Wed, 11 Sep 2002 18:19:08 +0000 (18:19 +0000)]
Fix an error in the sql_fetch_row function where it returned NULL
instead of -1.
Patch from Andrea Gabellini
aland [Wed, 11 Sep 2002 18:17:57 +0000 (18:17 +0000)]
Add reconnect to the Oracle module.
Patch from Andrea Gabellini
kkalev [Tue, 10 Sep 2002 07:57:13 +0000 (07:57 +0000)]
Add the failed logins page in the buttons page
kkalev [Tue, 10 Sep 2002 07:47:05 +0000 (07:47 +0000)]
Fix a bug with failed logins in user_admin.
kkalev [Tue, 10 Sep 2002 07:46:01 +0000 (07:46 +0000)]
Change use of AcctStartTime with AcctStopTime in failed_logins.php3 to match that in user_admin
kkalev [Tue, 10 Sep 2002 07:41:54 +0000 (07:41 +0000)]
Fix a bug in the failed logins page
kkalev [Tue, 10 Sep 2002 07:35:56 +0000 (07:35 +0000)]
Add a failed logins page, to show the most recent failed logins.
vorlon [Mon, 9 Sep 2002 18:28:22 +0000 (18:28 +0000)]
Kerberos fixes: don't grant access to a user whose Kerberos ticket can't
be verified against our server principal.
aland [Mon, 9 Sep 2002 17:13:12 +0000 (17:13 +0000)]
If we DO find pthread_create() in -lpthread, then add -lpthread
to the LIBS.
kkalev [Mon, 9 Sep 2002 14:28:52 +0000 (14:28 +0000)]
Fix a stupid bug in accounting.php3. We should not use the show_attrs array.
kkalev [Mon, 9 Sep 2002 13:59:15 +0000 (13:59 +0000)]
Fix a few more bugs in the ldap library
kkalev [Mon, 9 Sep 2002 13:27:48 +0000 (13:27 +0000)]
Add a new config directive, ldap_write_server. If it is set then when we update the directory we try to
connect to that one instead of the ldap_server. That way we can read from the fast read-only replicas and
write to a slower master.
kkalev [Mon, 9 Sep 2002 10:22:23 +0000 (10:22 +0000)]
In the user test page ignore comments from the auth.request file
kkalev [Mon, 9 Sep 2002 09:21:05 +0000 (09:21 +0000)]
If we add a check item then use the == operator. Based on an idea by Allister Maguire <amaguire@gnc.net.nz>
kkalev [Mon, 9 Sep 2002 08:06:31 +0000 (08:06 +0000)]
Remove previous change. It was causing problems
kkalev [Mon, 9 Sep 2002 07:57:01 +0000 (07:57 +0000)]
Only connect and bind to the ldap server if we haven't done that before.
kkalev [Sun, 8 Sep 2002 23:16:21 +0000 (23:16 +0000)]
Update documentation
kkalev [Sun, 8 Sep 2002 14:47:09 +0000 (14:47 +0000)]
Allocate more room for the sql queries. Remove a wrong copyright
kkalev [Sun, 8 Sep 2002 14:36:58 +0000 (14:36 +0000)]
Also cache the default.vals file.
kkalev [Sun, 8 Sep 2002 13:24:19 +0000 (13:24 +0000)]
In lib/sql/defaults.php3 instead of doing a select for each group the user
belongs to, do one select with a where in () caluse.
kkalev [Sun, 8 Sep 2002 12:30:09 +0000 (12:30 +0000)]
Remove the auto password generator from the user edit page. It has no
meaning since the password is not shown
kkalev [Sun, 8 Sep 2002 12:10:35 +0000 (12:10 +0000)]
Fix a few bugs
kkalev [Sun, 8 Sep 2002 11:27:32 +0000 (11:27 +0000)]
Also cache the admin.conf if use_session is set to 1 in config.php3
kkalev [Sun, 8 Sep 2002 00:25:08 +0000 (00:25 +0000)]
Update Changelog
kkalev [Sun, 8 Sep 2002 00:17:18 +0000 (00:17 +0000)]
Add sessions in order to cache the various mappings. Add a corresponding
configuration directive general_use_session. Also add a session cache
destroy page.
kkalev [Sat, 7 Sep 2002 21:10:07 +0000 (21:10 +0000)]
Call config.php3 before outputing any html
kkalev [Sat, 7 Sep 2002 20:46:41 +0000 (20:46 +0000)]
* If an sql attribute is not contained in sql, assume that it has the same name as in dialup_admin and that
it is a reply item. Add a comment for that in conf/sql.attrmap.
* Change the way radius attributes are read from the sql database. The change should make things somewhat
faster. Create a reverse mapping from radius attributes to dialup_admin attributes.
* Add a configuration directive called ldap_use_http_credentials. If it is set to yes then we try to
connect to the ldap server with the username/password given in http authentication, not those contained
in admin.conf. That way multiple admins with different permissions on the ldap tree can work on a single
dialup_admin.
* With the same logic we allow for multiple buttons html pages. We now create a folder html/buttons which
by default contains a folder default. If the user logs in with http authentication then we try
to open the file html/buttons/<username>/buttons.html.php3. If we can't we open
html/buttons/default/buttons.html.php3. That way we can create muiltiple views of say the online users
page based on which admin requests the page.
kkalev [Sat, 7 Sep 2002 16:55:39 +0000 (16:55 +0000)]
In sql.attrmap User-Password should map to User-Password, not Password
kkalev [Sat, 7 Sep 2002 14:52:33 +0000 (14:52 +0000)]
* If we are editing a group show a comment that in the radiusd sql module the group tables are evaluated
after the user tables. As a result user values should in general overwrite default values.
* Add support for the default_user_profile of the sql module in lib/sql/defaults.php3
kkalev [Sat, 7 Sep 2002 13:23:01 +0000 (13:23 +0000)]
Add the default_user_profile configuration directive and support
for the User-Profile attribute in the sql module.
The default_profile is found in SQL by group membership.
That means that this profile must be a member of at least one group
which will contain the corresponding check and reply items.
This profile will be queried in the authorize section for every user.
The point is to assign all users a default profile without having to
manually add each one to a group that will contain the profile.
The SQL module will also honor the User-Profile attribute. This
attribute can be set anywhere in the authorize section (ie the users
file). It is found exactly as the default profile is found.
If it is set then it will *overwrite* the default profile setting.
The idea is to select profiles based on checks on the incoming packets,
not on user group membership. For example:
-- users file --
DEFAULT Service-Type == Outbound-User, User-Profile := "outbound"
DEFAULT Service-Type == Framed-User, User-Profile := "framed"
By default the default_user_profile is not set. We also add the
query_on_not_found configuration directive which determines if we will
query the default_user_profile or the User-Profile if the user is not found.
If the profile is found then we consider the user found. That way we can still
maintain the old module behaviour to look for a DEFAULT entry if the user was
not found. But now that is configurable and we don't need to do extra queries
if the user is not found. By default this is set to 'no'.
Also change references to RFC 2138 to RFC 2865 in the dictionary man page.
kkalev [Sat, 7 Sep 2002 04:12:10 +0000 (04:12 +0000)]
Add documentation about ldap attributes
kkalev [Sat, 7 Sep 2002 04:03:52 +0000 (04:03 +0000)]
* In the user edit page print a message under the User Password field about if it exists or not. Update
the user_info.php3 lib files to check for it.
* In lib/ldap/defaults.php3 Dialup-Access should not be added in the default_vals. It is not inherited.
aland [Fri, 6 Sep 2002 16:29:26 +0000 (16:29 +0000)]
Removed incorrect comments, as noted on the devel list today.
3APA3A [Fri, 6 Sep 2002 16:20:52 +0000 (16:20 +0000)]
+ More logging added
kkalev [Fri, 6 Sep 2002 16:17:26 +0000 (16:17 +0000)]
* Allow for multiple default values. Also add a generic flag in ldap attrmap. If it exists then the
attribute is generic and user values *do not* overwrite default values. The operators in the generic
attribute can be used for that. The same is very difficult to implement for sql, so for now user
values overwrite default values in sql (user edit page).
A lot of code and a lot of files where changed so there may be bugs somewhere.
aland [Fri, 6 Sep 2002 13:38:30 +0000 (13:38 +0000)]
Don't do too much work to discover strings to xlat inside of 'fmt'.
Instead, just call radius_xlat() first, and then do our own work
on it's answer.
kkalev [Fri, 6 Sep 2002 11:45:38 +0000 (11:45 +0000)]
Only add Session-Timeout if the count attribute is Acct-Session-Time
kkalev [Thu, 5 Sep 2002 19:47:55 +0000 (19:47 +0000)]
Istead of checking for date type check for acct-session-time in accounting
kkalev [Thu, 5 Sep 2002 15:39:28 +0000 (15:39 +0000)]
Add radiusExpiration and dialupAccess in LDAPv3 schema and change the mapping
of Simultaneous-Use to radiusSimultaneousUse
fcusack [Thu, 5 Sep 2002 05:40:55 +0000 (05:40 +0000)]
libtool fix from Marko
kkalev [Wed, 4 Sep 2002 22:11:04 +0000 (22:11 +0000)]
rlm_ippool.c:
- Use mutex locks when accessing the gdbm files. Don't use rad_lockfd
- Fail if we don't find nas port information
experimental.conf:
Add a note about deleting the db files after changing the range parameters in
the ippool module
kkalev [Wed, 4 Sep 2002 21:05:54 +0000 (21:05 +0000)]
Add a post-auth section.
Add a few comments on the ippool module