From 5812edb676869a0d73bacc2a183a05abbd3ad23c Mon Sep 17 00:00:00 2001 From: cmiller Date: Sun, 17 Dec 2000 21:43:48 +0000 Subject: [PATCH] Undoing my earlier m4ification of module configuration. Ugh? Ugh. --- Makefile | 2 +- configure.in | 4 +- processradconf.m4 | 21 -- raddb/Makefile | 1 - raddb/{radiusd.conf.m4.in => radiusd.conf.in} | 360 +++++++++++++++++++++++--- src/modules/rlm_acct_unique/selfconfig.m4 | 22 -- src/modules/rlm_always/selfconfig.m4 | 33 --- src/modules/rlm_detail/selfconfig.m4 | 21 -- src/modules/rlm_dictionary/selfconfig.m4 | 17 -- src/modules/rlm_example/selfconfig.m4 | 59 ----- src/modules/rlm_fastusers/selfconfig.m4 | 26 -- src/modules/rlm_files/selfconfig.m4 | 27 -- src/modules/rlm_krb5/selfconfig.m4 | 17 -- src/modules/rlm_ldap/selfconfig.m4 | 26 -- src/modules/rlm_mschap/selfconfig.m4 | 17 -- src/modules/rlm_ns_mta_md5/selfconfig.m4 | 17 -- src/modules/rlm_pam/selfconfig.m4 | 28 -- src/modules/rlm_preprocess/selfconfig.m4 | 50 ---- src/modules/rlm_radutmp/selfconfig.m4 | 20 -- src/modules/rlm_realm/selfconfig.m4 | 50 ---- src/modules/rlm_sql/selfconfig.m4 | 96 ------- src/modules/rlm_unix/selfconfig.m4 | 44 ---- 22 files changed, 332 insertions(+), 626 deletions(-) delete mode 100644 processradconf.m4 rename raddb/{radiusd.conf.m4.in => radiusd.conf.in} (59%) delete mode 100644 src/modules/rlm_acct_unique/selfconfig.m4 delete mode 100644 src/modules/rlm_always/selfconfig.m4 delete mode 100644 src/modules/rlm_detail/selfconfig.m4 delete mode 100644 src/modules/rlm_dictionary/selfconfig.m4 delete mode 100644 src/modules/rlm_example/selfconfig.m4 delete mode 100644 src/modules/rlm_fastusers/selfconfig.m4 delete mode 100644 src/modules/rlm_files/selfconfig.m4 delete mode 100644 src/modules/rlm_krb5/selfconfig.m4 delete mode 100644 src/modules/rlm_ldap/selfconfig.m4 delete mode 100644 src/modules/rlm_mschap/selfconfig.m4 delete mode 100644 src/modules/rlm_ns_mta_md5/selfconfig.m4 delete mode 100644 src/modules/rlm_pam/selfconfig.m4 delete mode 100644 src/modules/rlm_preprocess/selfconfig.m4 delete mode 100644 src/modules/rlm_radutmp/selfconfig.m4 delete mode 100644 src/modules/rlm_realm/selfconfig.m4 delete mode 100644 src/modules/rlm_sql/selfconfig.m4 delete mode 100644 src/modules/rlm_unix/selfconfig.m4 diff --git a/Makefile b/Makefile index c8aa7a5..e63ed64 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ install: $(INSTALL) -d -m 755 $(R)$(raddbdir); \ cd raddb; \ for i in [a-c]* [e-z]*; do \ - [ $$i != radiusd.conf.m4.in -a $$i != radiusd.conf.m4 -a ! -f $(R)$(raddbdir)/$$i ] && \ + [ $$i != radiusd.conf.in -a ! -f $(R)$(raddbdir)/$$i ] && \ $(INSTALL) -m 644 $$i $(R)$(raddbdir); \ done; \ for i in dictionary*; do \ diff --git a/configure.in b/configure.in index 2b9b63f..973ff6a 100644 --- a/configure.in +++ b/configure.in @@ -256,7 +256,6 @@ fi AC_PATH_PROG(SNMPGET, snmpget, /usr/local/bin/snmpget) AC_PATH_PROG(SNMPWALK, snmpwalk, /usr/local/bin/snmpwalk) AC_PATH_PROG(RUSERS, rusers, /usr/bin/rusers) -AC_CHECK_PROG(M4, m4, m4, /bin/false) dnl FIXME This is truly gross. missing_dir=`cd $ac_aux_dir && pwd` @@ -612,11 +611,10 @@ AC_OUTPUT(\ ./scripts/rc.radiusd \ ./scripts/radwatch \ ./scripts/check-radiusd-config \ - ./raddb/radiusd.conf.m4 + ./raddb/radiusd.conf ) AC_OUTPUT_COMMANDS([echo timestamp > src/include/stamp-h]) AC_OUTPUT_COMMANDS([(cd ./src/include && /bin/sh ./build-radpaths-h)]) AC_OUTPUT_COMMANDS([(cd ./src/main && chmod +x checkrad.pl radlast radtest)]) AC_OUTPUT_COMMANDS([(cd ./scripts && chmod +x rc.radiusd radwatch check-radiusd-config)]) -AC_OUTPUT_COMMANDS([(cd ./raddb && ${M4} ../processradconf.m4 ../src/modules/rlm_*/selfconfig.m4 radiusd.conf.m4 >radiusd.conf.new && mv radiusd.conf.new radiusd.conf)]) diff --git a/processradconf.m4 b/processradconf.m4 deleted file mode 100644 index 13fb936..0000000 --- a/processradconf.m4 +++ /dev/null @@ -1,21 +0,0 @@ -dnl stolen from the GNU m4 manual. -chad -define(`forloop', `pushdef(`$1', `$2')_forloop(`$1', `$2', `$3', `$4')popdef(`$1')')dnl -define(`_forloop', `$4`'ifelse($1, `$3', , `define(`$1', incr($1))_forloop(`$1', `$2', `$3', `$4')')')dnl -dnl -define(`undivertblock', `forloop(`i', 0, 10, `undivert(eval($1 + i))')')dnl -dnl -define(`PLACE_MODULES', `undivertblock(10)')dnl -define(`PLACE_AUTHENTICATION', `undivertblock(20)')dnl -define(`PLACE_AUTHORIZATION', `undivertblock(30)')dnl -define(`PLACE_PREACCOUNTING', `undivertblock(40)')dnl -define(`PLACE_ACCOUNTING', `undivertblock(50)')dnl -define(`PLACE_SESSIONING', `undivertblock(60)')dnl -dnl -define(`INSERT_GLOBAL_CONFIG', `divert(eval(0 + $1))')dnl -define(`INSERT_MODULE_INSTANTIATION', `divert(eval(10 + $1))')dnl -define(`INSERT_DEF_AUTHENTICATION', `divert(eval(20 + $1))')dnl -define(`INSERT_DEF_AUTHORIZATION', `divert(eval(30 + $1))')dnl -define(`INSERT_DEF_PREACCOUNTING', `divert(eval(40 + $1))')dnl -define(`INSERT_DEF_ACCOUNTING', `divert(eval(50 + $1))')dnl -define(`INSERT_DEF_SESSION', `divert(eval(60 + $1))')dnl -dnl diff --git a/raddb/Makefile b/raddb/Makefile index effd127..73c6a99 100644 --- a/raddb/Makefile +++ b/raddb/Makefile @@ -6,5 +6,4 @@ all: install: clean: - rm -f radiusd.conf || true diff --git a/raddb/radiusd.conf.m4.in b/raddb/radiusd.conf.in similarity index 59% rename from raddb/radiusd.conf.m4.in rename to raddb/radiusd.conf.in index 58655cd..ad40a27 100644 --- a/raddb/radiusd.conf.m4.in +++ b/raddb/radiusd.conf.in @@ -1,7 +1,3 @@ -dnl -dnl M4 code copyright 2000, Chad Miller and others -dnl -dnl ## ## radiusd.conf -- FreeRADIUS server configuration file. ## @@ -31,9 +27,9 @@ radacctdir = @radacctdir@ # # Location of config and logfiles. # -confdir = ${raddbdir} +confdir = ${raddbdir} -run_dir = ${localstatedir}/run +run_dir = ${localstatedir}/run # # pidfile: Where to place the PID of the RADIUS server. @@ -43,7 +39,7 @@ run_dir = ${localstatedir}/run # # e.g.: kill -HUP `cat /var/run/radiusd.pid` # -pidfile = ${run_dir}/radiusd.pid +pidfile = ${run_dir}/radiusd.pid # # user/group: The name (or #number) of the user/group to run httpd as. @@ -69,7 +65,7 @@ group = nobody # # Useful range of values: 5 to 120 # -max_request_time = 30 +max_request_time = 30 # # cleanup_delay: The time to wait (in seconds) before cleaning up @@ -89,7 +85,7 @@ max_request_time = 30 # # Useful range of values: 2 to 10 # -cleanup_delay = 5 +cleanup_delay = 5 # # max_requests: The maximum number of requests which the server keeps @@ -109,7 +105,7 @@ cleanup_delay = 5 # # Useful range of values: 256 to infinity # -max_requests = 1024 +max_requests = 1024 # # bind_address: Make the server listen on a particular IP address, and @@ -119,7 +115,7 @@ max_requests = 1024 # It can either contain "*", or an IP address, or a fully qualified # Internet domain name. The default is "*" # -bind_address = * +bind_address = * # # port: Allows you to bind FreeRADIUS to a specific port. @@ -142,7 +138,7 @@ port = 0 # # Which program to execute check doing concurrency checks. # -checkrad = ${sbindir}/checkrad +checkrad = ${sbindir}/checkrad # # hostname_lookups: Log the names of clients or just their IP addresses @@ -158,7 +154,7 @@ checkrad = ${sbindir}/checkrad # # allowed values: {no, yes} # -hostname_lookups = no +hostname_lookups = no # # Core dumps are a bad thing. This should only be set to 'yes' @@ -166,21 +162,21 @@ hostname_lookups = no # # allowed values: {no, yes} # -allow_core_dumps = no +allow_core_dumps = no # # Log the full User-Name attribute, as it was found in the request. # # allowed values: {no, yes} # -log_stripped_names = no +log_stripped_names = no # # Log authentication requests to the log file. # # allowed values: {no, yes} # -log_auth = no +log_auth = no # # Log passwords with the authentication requests. @@ -189,12 +185,12 @@ log_auth = no # # allowed values: {no, yes} # -log_auth_badpass = no -log_auth_goodpass = no +log_auth_badpass = no +log_auth_goodpass = no # # usercollide: Turn user collision code on and off. -# See README.usercollide +# See README.usercollide # usercollide = no @@ -250,7 +246,7 @@ nospace_pass = no # To disable proxying, change the "yes" to "no", and comment the # $INCLUDE line. proxy_requests = yes -$INCLUDE ${confdir}/proxy.conf +$INCLUDE ${confdir}/proxy.conf # CLIENTS CONFIGURATION # @@ -259,14 +255,14 @@ $INCLUDE ${confdir}/proxy.conf # "clients.conf" is recommended over the old "clients", though both # are supported. # -$INCLUDE ${confdir}/clients.conf +$INCLUDE ${confdir}/clients.conf # SNMP CONFIGURATION # # Snmp configuration is only valid if you enabled SNMP support when # you compiled radius. To enable SNMP configuration, uncomment the # following line. -$INCLUDE ${confdir}/snmp.conf +$INCLUDE ${confdir}/snmp.conf ####################################################################### @@ -294,7 +290,7 @@ thread pool { # Number of servers to start initially --- should be a reasonable ballpark # figure. # - start_servers = 5 + start_servers = 5 # # Limit on the total number of servers running. @@ -304,7 +300,7 @@ thread pool { # keep a runaway server from taking the system with it as it spirals # down... # - max_servers = 32 + max_servers = 32 # # Server-pool size regulation. Rather than making you guess how many @@ -335,12 +331,310 @@ thread pool { } modules { -PLACE_MODULES + pam { + # + # The name to use for PAM authentication. + # PAM looks in /etc/pam.d/${pam_auth_name} + # for it's configuration. + # + # Note that any Pam-Auth attribute set in the 'users' + # file over-rides this one. + # + pam_auth = radiusd + } + unix { + # + # Cache /etc/passwd, /etc/shadow, and /etc/group + # + # The default is to NOT cache them. However, caching them can + # speed up system authentications by a substantial amount. + # + # allowed values: {no, yes} + cache = no + + # + # Define the locations of the normal passwd, shadow, and + # group files. + # + # 'shadow' is commented out by default, because not all + # systems have shadow passwords. + # + passwd = /etc/passwd + # shadow = /etc/shadow + group = /etc/group + + + # + # Where the 'wtmp' file is located. + # This will be moved to it's own module soon.. + # + radwtmp = ${logdir}/radwtmp + } + + # Uncomment this if you want to use ldap (Auth-Type = LDAP) + # Also uncomment it in the authenticate{} block below + #ldap { + # server = localhost + # login = "cn=admin,o=My Org,c=US" + # password = mypass + # basedn = "o=My Org,c=US" + # filter = "(uid=%u)" + #} + + # + # You can have multiple instances of the realm module to + # support multiple realm syntaxs at the same time. The + # search order is defined the order in the authorize and + # preacct blocks after the module config block. + # + # Two config options: + # format - must be 'prefix' or 'suffix' + # delimiter - must be a single character + # + # 'username@realm' + # + realm suffix { + format = suffix + delimiter = "@" + } + + # + # 'realm/username' + # + # Using this entry, IPASS users have their realm set to "IPASS". + # + #realm prefix { + # format = prefix + # delimiter = "/" + #} + + # + # 'username%realm' + # + #realm percent { + # format = suffix + # delimiter = "%" + #} + + + preprocess { + huntgroups = ${confdir}/huntgroups + hints = ${confdir}/hints + + # + # This hack changes Ascend's wierd port numberings + # to standard 0-??? port numbers so that the "+" works + # for IP address assignments. + # + with_ascend_hack = no + ascend_channels_per_line = 23 + + # + # Windows NT machines often authenticate themselves as + # NT_DOMAIN\username + # + # If this is set to 'yes', then the NT_DOMAIN portion + # of the user-name is silently discarded. + # + with_ntdomain_hack = no + + # + # Specialix Jetstream 8500 24 port access server. + # + # If the user name is 10 characters or longer, a "/" + # and the excess characters after the 10th are + # appended to the user name. + # + # If you're not running that NAS, you don't need + # this hack. + # + with_specialix_jetstream_hack = no + } + files { + usersfile = ${confdir}/users + acctusersfile = ${confdir}/acct_users + + # + # If you want to use the old Cistron 'users' file + # with FreeRADIUS, you should change the next line + # to 'compat = cistron'. You can the copy your 'users' + # file from Cistron. + # + compat = no + } + + # See README.rlm_fastusers before using this + # module or changing these values. + fastusers { + usersfile = ${confdir}/users_fast + hashsize = 1000 + compat = no + # Reload the hash every 600 seconds (10mins) + reload_hash = 600 + } + + detail { + detailfile = ${radacctdir}/%n/detail + detailperm = 0600 + } + + # This module will add a (probably) unique session id + # to an accounting packet based on the attributes listed + # below found in the packet. see doc/README.rlm_acct_unique + acct_unique { + key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port-Id" + } + + + # + # Configuration for the SQL module. + # + sql { + + # Connect info + server = "localhost" + login = "root" + password = "rootpass" + + # Database table configuration + radius_db = "radius" + acct_table = "radacct" + + authcheck_table = "radcheck" + authreply_table = "radreply" + + groupcheck_table = "radgroupcheck" + groupreply_table = "radgroupreply" + + usergroup_table = "usergroup" + + realms_table = "realms" + realmgroup_table = "realmgroup" + + # Check case on usernames + sensitiveusername = no + + # Remove stale session if checkrad does not see a double login + deletestalesessions = yes + + # Print all SQL statements when in debug mode (-x) + sqltrace = no + sqltracefile = ${logdir}/sqltrace.sql + + # number of sql connections to make to server + num_sql_socks = 5 + } + + # + # A second instance of the same module, with the name "sql2" to identify it + # + sql sql2 { + + # Connect info + server = "myothersever" + login = "root" + password = "rootpass" + + # Database table configuration + radius_db = "radius" + acct_table = "radacct" + + authcheck_table = "radcheck" + authreply_table = "radreply" + + groupcheck_table = "radgroupcheck" + groupreply_table = "radgroupreply" + + usergroup_table = "usergroup" + + realms_table = "realms" + realmgroup_table = "realmgroup" + + # Check case on usernames + sensitiveusername = no + + # Remove stale session if checkrad does not see a double login + deletestalesessions = yes + + # Print all SQL statements when in debug mode (-x) + sqltrace = no + } + + # + # The "always" module is here for debugging purposes. Each instance simply + # returns the same result, always, without doing anything. + # + #always fail { + # rcode = fail + #} + #always reject { + # rcode = reject + #} + #always ok { + # rcode = ok + # simulcount = 0 + # mpp = no + #} + + ####################################################################### + # + # Configuration for the example module. Uncommenting it will cause it + # to get loaded and initialized, but should have no real effect as long + # it is not referencened in one of the autz/auth/preacct/acct sections + # + example { + # + # Boolean variable. + # + # allowed values: {no, yes} + # + boolean = yes + + # + # An integer, of any value. + # + integer = 16 + + # + # A string. + # + string = "This is an example configuration string" + + # + # An IP address, either in dotted quad (1.2.3.4) or hostname + # (example.com) + # + ipaddr = 127.0.0.1 + + # + # A subsection + # + mysubsection { + anotherinteger = 1000 + # + # They nest + # + deeply nested { + string = "This is a different string" + } + } + } } # Authentication types, Auth-Type = System and PAM for now. authenticate { -PLACE_AUTHENTICATION + pam + unix +# By grouping modules together in an authtype block, that authtype will be +# tried on each module in sequence until one returns REJECT or OK. This +# allows authentication failover if the first SQL server has crashed, for +# example. +# authtype SQL { +# sql +# sql2 +# } +# Uncomment this if you want to use ldap (Auth-Type = LDAP) +# ldap } # Authorization. First preprocess (hints and huntgroups files), @@ -350,22 +644,28 @@ PLACE_AUTHENTICATION # Make *sure* that 'preprocess' comes before any realm if you # need to setup hints for the remote radius server authorize { -PLACE_AUTHORIZATION + preprocess + suffix + files } # Pre-accounting. Look for proxy realm in order of realms, then # acct_users file, then preprocess (hints file). preacct { -PLACE_PREACCOUNTING + suffix + files + preprocess } # Accounting. Log to detail file, and to the radwtmp file. accounting { -PLACE_ACCOUNTING + #acct_unique + detail + unix } # Session database, used for checking Simultaneous-Use. The radutmp module # handles this session { -PLACE_SESSIONING + #radutmp } diff --git a/src/modules/rlm_acct_unique/selfconfig.m4 b/src/modules/rlm_acct_unique/selfconfig.m4 deleted file mode 100644 index e2c3d6d..0000000 --- a/src/modules/rlm_acct_unique/selfconfig.m4 +++ /dev/null @@ -1,22 +0,0 @@ -dnl this is included in -dnl -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - # This module will add a (probably) unique session id - # to an accounting packet based on the attributes listed - # below found in the packet. see doc/README.rlm_acct_unique - acct_unique { - key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port-Id" - } -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl - # acct_unique -INSERT_DEF_SESSION(5)dnl diff --git a/src/modules/rlm_always/selfconfig.m4 b/src/modules/rlm_always/selfconfig.m4 deleted file mode 100644 index 0bf5a4a..0000000 --- a/src/modules/rlm_always/selfconfig.m4 +++ /dev/null @@ -1,33 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - - # - # The "always" module is here for debugging purposes. Each instance simply - # returns the same result, always, without doing anything. - # -# always fail { -# rcode = fail -# } -# always reject { -# rcode = reject -# } -# always ok { -# rcode = ok -# simulcount = 0 -# mpp = no -# } - -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_detail/selfconfig.m4 b/src/modules/rlm_detail/selfconfig.m4 deleted file mode 100644 index faa4d48..0000000 --- a/src/modules/rlm_detail/selfconfig.m4 +++ /dev/null @@ -1,21 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - detail { - detailfile = ${radacctdir}/%n/detail - detailperm = 0600 - } -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl - detail -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_dictionary/selfconfig.m4 b/src/modules/rlm_dictionary/selfconfig.m4 deleted file mode 100644 index 3cf4872..0000000 --- a/src/modules/rlm_dictionary/selfconfig.m4 +++ /dev/null @@ -1,17 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl -dnl nothing -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_example/selfconfig.m4 b/src/modules/rlm_example/selfconfig.m4 deleted file mode 100644 index 66405b6..0000000 --- a/src/modules/rlm_example/selfconfig.m4 +++ /dev/null @@ -1,59 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl -####################################################################### -# -# Configuration for the example module. Uncommenting it will cause it -# to get loaded and initialized, but should have no real effect as long -# it is not referencened in one of the autz/auth/preacct/acct sections -# - example { - # - # Boolean variable. - # - # allowed values: {no, yes} - # - boolean = yes - - # - # An integer, of any value. - # - integer = 16 - - # - # A string. - # - string = "This is an example configuration string" - - # - # An IP address, either in dotted quad (1.2.3.4) or hostname - # (example.com) - # - ipaddr = 127.0.0.1 - - # - # A subsection - # - mysubsection { - anotherinteger = 1000 - # - # They nest - # - deeply nested { - string = "This is a different string" - } - } - } -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_fastusers/selfconfig.m4 b/src/modules/rlm_fastusers/selfconfig.m4 deleted file mode 100644 index 4d98c34..0000000 --- a/src/modules/rlm_fastusers/selfconfig.m4 +++ /dev/null @@ -1,26 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - # See README.rlm_fastusers before using this - # module or changing these values. - fastusers { - usersfile = ${confdir}/users_fast - hashsize = 1000 - compat = no - # Reload the hash every 600 seconds (10mins) - reload_hash = 600 - } -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_files/selfconfig.m4 b/src/modules/rlm_files/selfconfig.m4 deleted file mode 100644 index 84a700c..0000000 --- a/src/modules/rlm_files/selfconfig.m4 +++ /dev/null @@ -1,27 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - files { - usersfile = ${confdir}/users - acctusersfile = ${confdir}/acct_users - - # If you want to use the old Cistron 'users' file - # with FreeRADIUS, you should change the next line - # to 'compat = cistron'. You can the copy your 'users' - # file from Cistron. - compat = no - } -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl - files -INSERT_DEF_PREACCOUNTING(5)dnl - files -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_krb5/selfconfig.m4 b/src/modules/rlm_krb5/selfconfig.m4 deleted file mode 100644 index 3cf4872..0000000 --- a/src/modules/rlm_krb5/selfconfig.m4 +++ /dev/null @@ -1,17 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl -dnl nothing -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_ldap/selfconfig.m4 b/src/modules/rlm_ldap/selfconfig.m4 deleted file mode 100644 index 3692b12..0000000 --- a/src/modules/rlm_ldap/selfconfig.m4 +++ /dev/null @@ -1,26 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - # Uncomment this if you want to use ldap (Auth-Type = LDAP) - # Also uncomment it in the authenticate{} block below - #ldap { - # server = localhost - # login = "cn=admin,o=My Org,c=US" - # password = mypass - # basedn = "o=My Org,c=US" - # filter = "(uid=%u)" - #} -INSERT_DEF_AUTHENTICATION(5)dnl - #ldap -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_mschap/selfconfig.m4 b/src/modules/rlm_mschap/selfconfig.m4 deleted file mode 100644 index 3cf4872..0000000 --- a/src/modules/rlm_mschap/selfconfig.m4 +++ /dev/null @@ -1,17 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl -dnl nothing -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_ns_mta_md5/selfconfig.m4 b/src/modules/rlm_ns_mta_md5/selfconfig.m4 deleted file mode 100644 index 3cf4872..0000000 --- a/src/modules/rlm_ns_mta_md5/selfconfig.m4 +++ /dev/null @@ -1,17 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl -dnl nothing -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_pam/selfconfig.m4 b/src/modules/rlm_pam/selfconfig.m4 deleted file mode 100644 index 3949cba..0000000 --- a/src/modules/rlm_pam/selfconfig.m4 +++ /dev/null @@ -1,28 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - pam { - # - # The name to use for PAM authentication. - # PAM looks in /etc/pam.d/${pam_auth_name} - # or /etc/pam.conf for it's configuration. - # - # Note that any Pam-Auth attribute set in the 'users' - # file over-rides this one. - # - pam_auth = radiusd - } -INSERT_DEF_AUTHENTICATION(4)dnl earlier than unix - pam -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_preprocess/selfconfig.m4 b/src/modules/rlm_preprocess/selfconfig.m4 deleted file mode 100644 index d8ed75c..0000000 --- a/src/modules/rlm_preprocess/selfconfig.m4 +++ /dev/null @@ -1,50 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - preprocess { - huntgroups = ${confdir}/huntgroups - hints = ${confdir}/hints - - # - # This hack changes Ascend's wierd port numberings - # to standard 0-??? port numbers so that the "+" works - # for IP address assignments. - # - with_ascend_hack = no - ascend_channels_per_line = 23 - - # - # Windows NT machines often authenticate themselves as - # NT_DOMAIN\username - # - # If this is set to 'yes', then the NT_DOMAIN portion - # of the user-name is silently discarded. - # - with_ntdomain_hack = no - - # - # Specialix Jetstream 8500 24 port access server. - # - # If the user name is 10 characters or longer, a "/" - # and the excess characters after the 10th are - # appended to the user name. - # - # If you're not running that NAS, you don't need - # this hack. - # - with_specialix_jetstream_hack = no - } -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(8)dnl - preprocess -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_radutmp/selfconfig.m4 b/src/modules/rlm_radutmp/selfconfig.m4 deleted file mode 100644 index 74b2762..0000000 --- a/src/modules/rlm_radutmp/selfconfig.m4 +++ /dev/null @@ -1,20 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - # Needs definition. - # radutmp { - # } -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(6)dnl - # radutmp diff --git a/src/modules/rlm_realm/selfconfig.m4 b/src/modules/rlm_realm/selfconfig.m4 deleted file mode 100644 index c1bbdfe..0000000 --- a/src/modules/rlm_realm/selfconfig.m4 +++ /dev/null @@ -1,50 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - # You can have multiple instances of the realm module to - # support multiple realm syntaxs at the same time. The - # search order is defined the order in the authorize and - # preacct blocks after the module config block. - # - # Two config options: - # format - must be 'prefix' or 'suffix' - # delimiter - must be a single character - # - # 'username@realm' - # - realm suffix { - format = suffix - delimiter = "@" - } - - # - # 'realm/username' - # - # Using this entry, IPASS users have their realm set to "IPASS". - # - #realm prefix { - # format = prefix - # delimiter = "/" - #} - - # - # 'username%realm' - # - #realm percent { - # format = suffix - # delimiter = "%" - #} -INSERT_DEF_AUTHENTICATION(5)dnl -dnl nothing -INSERT_DEF_AUTHORIZATION(1)dnl important that it come early - suffix -INSERT_DEF_PREACCOUNTING(1)dnl - suffix -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_sql/selfconfig.m4 b/src/modules/rlm_sql/selfconfig.m4 deleted file mode 100644 index 26f5ec3..0000000 --- a/src/modules/rlm_sql/selfconfig.m4 +++ /dev/null @@ -1,96 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - # Configuration for the SQL module. - # - sql { - # Connect info - server = "localhost" - login = "root" - password = "rootpass" - - # Database table configuration - radius_db = "radius" - acct_table = "radacct" - - authcheck_table = "radcheck" - authreply_table = "radreply" - - groupcheck_table = "radgroupcheck" - groupreply_table = "radgroupreply" - - usergroup_table = "usergroup" - - realms_table = "realms" - realmgroup_table = "realmgroup" - - # Check case on usernames - sensitiveusername = no - - # Remove stale session if checkrad does not see a double login - deletestalesessions = yes - - # Print all SQL statements when in debug mode (-x) - sqltrace = no - sqltracefile = ${logdir}/sqltrace.sql - - # number of sql connections to make to server - num_sql_socks = 5 - } - - # - # A second instance of the same module, with the name "sql2" to identify it - # - sql sql2 { - - # Connect info - server = "myothersever" - login = "root" - password = "rootpass" - - # Database table configuration - radius_db = "radius" - acct_table = "radacct" - - authcheck_table = "radcheck" - authreply_table = "radreply" - - groupcheck_table = "radgroupcheck" - groupreply_table = "radgroupreply" - - usergroup_table = "usergroup" - - realms_table = "realms" - realmgroup_table = "realmgroup" - - # Check case on usernames - sensitiveusername = no - - # Remove stale session if checkrad does not see a double login - deletestalesessions = yes - - # Print all SQL statements when in debug mode (-x) - sqltrace = no - } -INSERT_DEF_AUTHENTICATION(5)dnl - # - # By grouping modules together in an authtype block, that authtype will be - # tried on each module in sequence until one returns REJECT or OK. This - # allows authentication failover if the first SQL server has crashed, for - # example. - #authtype SQL { - # sql - # sql2 - #} -INSERT_DEF_AUTHORIZATION(5)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_SESSION(5)dnl -dnl nothing diff --git a/src/modules/rlm_unix/selfconfig.m4 b/src/modules/rlm_unix/selfconfig.m4 deleted file mode 100644 index 3b21cc3..0000000 --- a/src/modules/rlm_unix/selfconfig.m4 +++ /dev/null @@ -1,44 +0,0 @@ -dnl There's no runtime magic here. This is included at compile time to make -dnl a default etc/raddb/radiusd.conf for installation. -dnl -INSERT_GLOBAL_CONFIG(5)dnl -dnl nothing -INSERT_MODULE_INSTANTIATION(5)dnl - # - unix { - # - # Cache /etc/passwd, /etc/shadow, and /etc/group - # - # The default is to NOT cache them. However, caching them can - # speed up system authentications by a substantial amount. - # - # allowed values: {no, yes} - cache = no - - # - # Define the locations of the normal passwd, shadow, and - # group files. - # - # 'shadow' is commented out by default, because not all - # systems have shadow passwords. - # - passwd = /etc/passwd - # shadow = /etc/shadow - group = /etc/group - - # - # Where the 'wtmp' file is located. - # This will be moved to it's own module soon.. - # - radwtmp = ${logdir}/radwtmp - } -INSERT_DEF_AUTHENTICATION(8)dnl this should come late, as it's inefficient - unix -INSERT_DEF_AUTHORIZATION(6)dnl -dnl nothing -INSERT_DEF_PREACCOUNTING(5)dnl -dnl nothing -INSERT_DEF_ACCOUNTING(5)dnl - unix -INSERT_DEF_SESSION(5)dnl -dnl nothing -- 2.1.4