diff --git a/Bundler/freeradius.xml b/Bundler/freeradius.xml
index 1162cd0..4261175 100644
--- a/Bundler/freeradius.xml
+++ b/Bundler/freeradius.xml
@@ -10,6 +10,11 @@
+
+
+
+
+
diff --git a/Cfg/etc/freeradius/radiusd.conf/radiusd.conf b/Cfg/etc/freeradius/radiusd.conf/radiusd.conf
index 2c0e270..c9ad25d 100644
--- a/Cfg/etc/freeradius/radiusd.conf/radiusd.conf
+++ b/Cfg/etc/freeradius/radiusd.conf/radiusd.conf
@@ -59,6 +59,7 @@ sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
+crans_conf = /usr/scripts/freeradius
# Location of config and logfiles.
confdir = ${raddbdir}
@@ -505,7 +506,8 @@ proxy_requests = no
# Anything listed in 'clients.conf' will take precedence over the
# information from the old-style configuration files.
#
-$INCLUDE ${confdir}/clients.conf
+#$INCLUDE ${confdir}/clients.conf
+$INCLUDE ${crans_conf}/dynamic_clients.conf
# SNMP CONFIGURATION
@@ -634,7 +636,7 @@ modules {
$INCLUDE ${confdir}/modules/realm
$INCLUDE ${confdir}/modules/chap
$INCLUDE ${confdir}/modules/acct_unique
- $INCLUDE /usr/scripts/freeradius/rlm_python_wifi.conf
+ $INCLUDE ${crans_conf}/modules/
# Extensible Authentication Protocol
#
# For all EAP related authentications.
@@ -767,3 +769,4 @@ $INCLUDE ${confdir}/policy.conf
# See "sites-enabled/default" for some additional documentation.
#
$INCLUDE sites-enabled/
+$INCLUDE ${crans_conf}/sites-available/
diff --git a/Cfg/etc/freeradius/radiusd.conf/radiusd.conf.G00_pea b/Cfg/etc/freeradius/radiusd.conf/radiusd.conf.G00_pea
deleted file mode 100644
index c9ad25d..0000000
--- a/Cfg/etc/freeradius/radiusd.conf/radiusd.conf.G00_pea
+++ /dev/null
@@ -1,772 +0,0 @@
-# -*- text -*-
-##
-## radiusd.conf -- FreeRADIUS server configuration file.
-##
-## http://www.freeradius.org/
-## $Id: radiusd.conf.in,v 1.275 2008/05/30 09:18:43 aland Exp $
-##
-
-######################################################################
-#
-# Read "man radiusd" before editing this file. See the section
-# titled DEBUGGING. It outlines a method where you can quickly
-# obtain the configuration you want, without running into
-# trouble.
-#
-# Run the server in debugging mode, and READ the output.
-#
-# $ radiusd -X
-#
-# We cannot emphasize this point strongly enough. The vast
-# majority of problems can be solved by carefully reading the
-# debugging output, which includes warnings about common issues,
-# and suggestions for how they may be fixed.
-#
-# There may be a lot of output, but look carefully for words like:
-# "warning", "error", "reject", or "failure". The messages there
-# will usually be enough to guide you to a solution.
-#
-# If you are going to ask a question on the mailing list, then
-# explain what you are trying to do, and include the output from
-# debugging mode (radiusd -X). Failure to do so means that all
-# of the responses to your question will be people telling you
-# to "post the output of radiusd -X".
-
-######################################################################
-#
-# The location of other config files and logfiles are declared
-# in this file.
-#
-# Also general configuration for modules can be done in this
-# file, it is exported through the API to modules that ask for
-# it.
-#
-# See "man radiusd.conf" for documentation on the format of this
-# file. Note that the individual configuration items are NOT
-# documented in that "man" page. They are only documented here,
-# in the comments.
-#
-# As of 2.0.0, FreeRADIUS supports a simple processing language
-# in the "authorize", "authenticate", "accounting", etc. sections.
-# See "man unlang" for details.
-#
-
-prefix = /usr
-exec_prefix = /usr
-sysconfdir = /etc
-localstatedir = /var
-sbindir = ${exec_prefix}/sbin
-logdir = /var/log/freeradius
-raddbdir = /etc/freeradius
-radacctdir = ${logdir}/radacct
-crans_conf = /usr/scripts/freeradius
-
-# Location of config and logfiles.
-confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/freeradius
-
-# Should likely be ${localstatedir}/lib/radiusd
-db_dir = $(raddbdir)
-
-#
-# libdir: Where to find the rlm_* modules.
-#
-# This should be automatically set at configuration time.
-#
-# If the server builds and installs, but fails at execution time
-# with an 'undefined symbol' error, then you can use the libdir
-# directive to work around the problem.
-#
-# The cause is usually that a library has been installed on your
-# system in a place where the dynamic linker CANNOT find it. When
-# executing as root (or another user), your personal environment MAY
-# be set up to allow the dynamic linker to find the library. When
-# executing as a daemon, FreeRADIUS MAY NOT have the same
-# personalized configuration.
-#
-# To work around the problem, find out which library contains that symbol,
-# and add the directory containing that library to the end of 'libdir',
-# with a colon separating the directory names. NO spaces are allowed.
-#
-# e.g. libdir = /usr/local/lib:/opt/package/lib
-#
-# You can also try setting the LD_LIBRARY_PATH environment variable
-# in a script which starts the server.
-#
-# If that does not work, then you can re-configure and re-build the
-# server to NOT use shared libraries, via:
-#
-# ./configure --disable-shared
-# make
-# make install
-#
-libdir = /usr/lib/freeradius
-
-# pidfile: Where to place the PID of the RADIUS server.
-#
-# The server may be signalled while it's running by using this
-# file.
-#
-# This file is written when ONLY running in daemon mode.
-#
-# e.g.: kill -HUP `cat /var/run/freeradius/freeradius.pid`
-#
-pidfile = ${run_dir}/freeradius.pid
-
-# chroot: directory where the server does "chroot".
-#
-# The chroot is done very early in the process of starting the server.
-# After the chroot has been performed it switches to the "user" listed
-# below (which MUST be specified). If "group" is specified, it switchs
-# to that group, too. Any other groups listed for the specified "user"
-# in "/etc/group" are also added as part of this process.
-#
-# The current working directory (chdir / cd) is left *outside* of the
-# chroot until all of the modules have been initialized. This allows
-# the "raddb" directory to be left outside of the chroot. Once the
-# modules have been initialized, it does a "chdir" to ${logdir}. This
-# means that it should be impossible to break out of the chroot.
-#
-# If you are worried about security issues related to this use of chdir,
-# then simply ensure that the "raddb" directory is inside of the chroot,
-# end be sure to do "cd raddb" BEFORE starting the server.
-#
-# If the server is statically linked, then the only files that have
-# to exist in the chroot are ${run_dir} and ${logdir}. If you do the
-# "cd raddb" as discussed above, then the "raddb" directory has to be
-# inside of the chroot directory, too.
-#
-#chroot = /path/to/chroot/directory
-
-# user/group: The name (or #number) of the user/group to run freeradius as.
-#
-# If these are commented out, the server will run as the user/group
-# that started it. In order to change to a different user/group, you
-# MUST be root ( or have root privleges ) to start the server.
-#
-# We STRONGLY recommend that you run the server with as few permissions
-# as possible. That is, if you're not using shadow passwords, the
-# user and group items below should be set to radius'.
-#
-# NOTE that some kernels refuse to setgid(group) when the value of
-# (unsigned)group is above 60000; don't use group nobody on these systems!
-#
-# On systems with shadow passwords, you might have to set 'group = shadow'
-# for the server to be able to read the shadow password file. If you can
-# authenticate users while in debug mode, but not in daemon mode, it may be
-# that the debugging mode server is running as a user that can read the
-# shadow info, and the user listed below can not.
-#
-# The server will also try to use "initgroups" to read /etc/groups.
-# It will join all groups where "user" is a member. This can allow
-# for some finer-grained access controls.
-#
-user = freerad
-group = freerad
-
-# max_request_time: The maximum time (in seconds) to handle a request.
-#
-# Requests which take more time than this to process may be killed, and
-# a REJECT message is returned.
-#
-# WARNING: If you notice that requests take a long time to be handled,
-# then this MAY INDICATE a bug in the server, in one of the modules
-# used to handle a request, OR in your local configuration.
-#
-# This problem is most often seen when using an SQL database. If it takes
-# more than a second or two to receive an answer from the SQL database,
-# then it probably means that you haven't indexed the database. See your
-# SQL server documentation for more information.
-#
-# Useful range of values: 5 to 120
-#
-max_request_time = 30
-
-# cleanup_delay: The time to wait (in seconds) before cleaning up
-# a reply which was sent to the NAS.
-#
-# The RADIUS request is normally cached internally for a short period
-# of time, after the reply is sent to the NAS. The reply packet may be
-# lost in the network, and the NAS will not see it. The NAS will then
-# re-send the request, and the server will respond quickly with the
-# cached reply.
-#
-# If this value is set too low, then duplicate requests from the NAS
-# MAY NOT be detected, and will instead be handled as seperate requests.
-#
-# If this value is set too high, then the server will cache too many
-# requests, and some new requests may get blocked. (See 'max_requests'.)
-#
-# Useful range of values: 2 to 10
-#
-cleanup_delay = 5
-
-# max_requests: The maximum number of requests which the server keeps
-# track of. This should be 256 multiplied by the number of clients.
-# e.g. With 4 clients, this number should be 1024.
-#
-# If this number is too low, then when the server becomes busy,
-# it will not respond to any new requests, until the 'cleanup_delay'
-# time has passed, and it has removed the old requests.
-#
-# If this number is set too high, then the server will use a bit more
-# memory for no real benefit.
-#
-# If you aren't sure what it should be set to, it's better to set it
-# too high than too low. Setting it to 1000 per client is probably
-# the highest it should be.
-#
-# Useful range of values: 256 to infinity
-#
-max_requests = 1024
-
-# listen: Make the server listen on a particular IP address, and send
-# replies out from that address. This directive is most useful for
-# hosts with multiple IP addresses on one interface.
-#
-# If you want the server to listen on additional addresses, or on
-# additionnal ports, you can use multiple "listen" sections.
-#
-# Each section make the server listen for only one type of packet,
-# therefore authentication and accounting have to be configured in
-# different sections.
-#
-# The server ignore all "listen" section if you are using '-i' and '-p'
-# on the command line.
-#
-listen {
- # Type of packets to listen for.
- # Allowed values are:
- # auth listen for authentication packets
- # acct listen for accounting packets
- # proxy IP to use for sending proxied packets
- # detail Read from the detail file. For examples, see
- # raddb/sites-available/copy-acct-to-home-server
- #
- type = auth
-
- # Note: "type = proxy" lets you control the source IP used for
- # proxying packets, with some limitations:
- #
- # * Only ONE proxy listener can be defined.
- # * A proxy listener CANNOT be used in a virtual server section.
- # * You should probably set "port = 0".
- # * Any "clients" configuration will be ignored.
-
- # IP address on which to listen.
- # Allowed values are:
- # dotted quad (1.2.3.4)
- # hostname (radius.example.com)
- # wildcard (*)
- ipaddr = *
-
- # OR, you can use an IPv6 address, but not both
- # at the same time.
-# ipv6addr = :: # any. ::1 == localhost
-
- # Port on which to listen.
- # Allowed values are:
- # integer port number (1812)
- # 0 means "use /etc/services for the proper port"
- port = 0
-
- # Some systems support binding to an interface, in addition
- # to the IP address. This feature isn't strictly necessary,
- # but for sites with many IP addresses on one interface,
- # it's useful to say "listen on all addresses for eth0".
- #
- # If your system does not support this feature, you will
- # get an error if you try to use it.
- #
-# interface = eth0
-
- # Per-socket lists of clients. This is a very useful feature.
- #
- # The name here is a reference to a section elsewhere in
- # radiusd.conf, or clients.conf. Having the name as
- # a reference allows multiple sockets to use the same
- # set of clients.
- #
- # If this configuration is used, then the global list of clients
- # is IGNORED for this "listen" section. Take care configuring
- # this feature, to ensure you don't accidentally disable a
- # client you need.
- #
- # See clients.conf for the configuration of "per_socket_clients".
- #
-# clients = per_socket_clients
-}
-
-# Le même mais en ipv6
-listen {
- type = auth
- ipv6addr = :: # any. ::1 == localhost
- port = 0
-}
-
-# This second "listen" section is for listening on the accounting
-# port, too.
-#
-#listen {
-# ipaddr = *
-# ipv6addr = ::
-# port = 0
-# type = acct
-# interface = eth0
-# clients = per_socket_clients
-#}
-
-# hostname_lookups: Log the names of clients or just their IP addresses
-# e.g., www.freeradius.org (on) or 206.47.27.232 (off).
-#
-# The default is 'off' because it would be overall better for the net
-# if people had to knowingly turn this feature on, since enabling it
-# means that each client request will result in AT LEAST one lookup
-# request to the nameserver. Enabling hostname_lookups will also
-# mean that your server may stop randomly for 30 seconds from time
-# to time, if the DNS requests take too long.
-#
-# Turning hostname lookups off also means that the server won't block
-# for 30 seconds, if it sees an IP address which has no name associated
-# with it.
-#
-# allowed values: {no, yes}
-#
-hostname_lookups = no
-
-# Core dumps are a bad thing. This should only be set to 'yes'
-# if you're debugging a problem with the server.
-#
-# allowed values: {no, yes}
-#
-allow_core_dumps = no
-
-# Regular expressions
-#
-# These items are set at configure time. If they're set to "yes",
-# then setting them to "no" turns off regular expression support.
-#
-# If they're set to "no" at configure time, then setting them to "yes"
-# WILL NOT WORK. It will give you an error.
-#
-regular_expressions = yes
-extended_expressions = yes
-
-#
-# Logging section. The various "log_*" configuration items
-# will eventually be moved here.
-#
-log {
- #
- # Destination for log messages. This can be one of:
- #
- # files - log to "file", as defined below.
- # syslog - to syslog (see also the "syslog_facility", below.
- # stdout - standard output
- # stderr - standard error.
- #
- # The command-line option "-X" over-rides this option, and forces
- # logging to go to stdout.
- #
- destination = syslog
-
- #
- # The logging messages for the server are appended to the
- # tail of this file if ${destination} == "files"
- #
- # If the server is running in debugging mode, this file is
- # NOT used.
- #
- file = ${logdir}/radius.log
-
- #
- # Which syslog facility to use, if ${destination} == "syslog"
- #
- # The exact values permitted here are OS-dependent. You probably
- # don't want to change this.
- #
- syslog_facility = daemon
-
- # Log the full User-Name attribute, as it was found in the request.
- #
- # allowed values: {no, yes}
- #
- stripped_names = yes
-
- # Log authentication requests to the log file.
- #
- # allowed values: {no, yes}
- #
- auth = yes
-
- # Log passwords with the authentication requests.
- # auth_badpass - logs password if it's rejected
- # auth_goodpass - logs password if it's correct
- #
- # allowed values: {no, yes}
- #
- auth_badpass = yes
- auth_goodpass = yes
-
- # On rajoute l'IP de la borne aux logs
- # ainsi que la Mac (qui devraient contenir des ":" cf hints)
- msg_goodpass="Nas: %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} Mac: %{Calling-Station-Id}"
- msg_badpass="Nas: %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} Mac: %{Calling-Station-Id}"
-}
-
-# The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
-
-# SECURITY CONFIGURATION
-#
-# There may be multiple methods of attacking on the server. This
-# section holds the configuration items which minimize the impact
-# of those attacks
-#
-security {
- #
- # max_attributes: The maximum number of attributes
- # permitted in a RADIUS packet. Packets which have MORE
- # than this number of attributes in them will be dropped.
- #
- # If this number is set too low, then no RADIUS packets
- # will be accepted.
- #
- # If this number is set too high, then an attacker may be
- # able to send a small number of packets which will cause
- # the server to use all available memory on the machine.
- #
- # Setting this number to 0 means "allow any number of attributes"
- max_attributes = 200
-
- #
- # reject_delay: When sending an Access-Reject, it can be
- # delayed for a few seconds. This may help slow down a DoS
- # attack. It also helps to slow down people trying to brute-force
- # crack a users password.
- #
- # Setting this number to 0 means "send rejects immediately"
- #
- # If this number is set higher than 'cleanup_delay', then the
- # rejects will be sent at 'cleanup_delay' time, when the request
- # is deleted from the internal cache of requests.
- #
- # Useful ranges: 1 to 5
- reject_delay = 1
-
- #
- # status_server: Whether or not the server will respond
- # to Status-Server requests.
- #
- # When sent a Status-Server message, the server responds with
- # an Access-Accept or Accounting-Response packet.
- #
- # This is mainly useful for administrators who want to "ping"
- # the server, without adding test users, or creating fake
- # accounting packets.
- #
- # It's also useful when a NAS marks a RADIUS server "dead".
- # The NAS can periodically "ping" the server with a Status-Server
- # packet. If the server responds, it must be alive, and the
- # NAS can start using it for real requests.
- #
- status_server = yes
-}
-
-# PROXY CONFIGURATION
-#
-# proxy_requests: Turns proxying of RADIUS requests on or off.
-#
-# The server has proxying turned on by default. If your system is NOT
-# set up to proxy requests to another server, then you can turn proxying
-# off here. This will save a small amount of resources on the server.
-#
-# If you have proxying turned off, and your configuration files say
-# to proxy a request, then an error message will be logged.
-#
-# To disable proxying, change the "yes" to "no", and comment the
-# $INCLUDE line.
-#
-# allowed values: {no, yes}
-#
-proxy_requests = no
-#$INCLUDE ${confdir}/proxy.conf
-
-
-# CLIENTS CONFIGURATION
-#
-# Client configuration is defined in "clients.conf".
-#
-
-# The 'clients.conf' file contains all of the information from the old
-# 'clients' and 'naslist' configuration files. We recommend that you
-# do NOT use 'client's or 'naslist', although they are still
-# supported.
-#
-# Anything listed in 'clients.conf' will take precedence over the
-# information from the old-style configuration files.
-#
-#$INCLUDE ${confdir}/clients.conf
-$INCLUDE ${crans_conf}/dynamic_clients.conf
-
-
-# SNMP CONFIGURATION
-#
-# Snmp configuration is only valid if SNMP support was enabled
-# at compile time.
-#
-# To enable SNMP querying of the server, set the value of the
-# 'snmp' attribute to 'yes'
-#
-snmp = no
-#$INCLUDE ${confdir}/snmp.conf
-
-
-# THREAD POOL CONFIGURATION
-#
-# The thread pool is a long-lived group of threads which
-# take turns (round-robin) handling any incoming requests.
-#
-# You probably want to have a few spare threads around,
-# so that high-load situations can be handled immediately. If you
-# don't have any spare threads, then the request handling will
-# be delayed while a new thread is created, and added to the pool.
-#
-# You probably don't want too many spare threads around,
-# otherwise they'll be sitting there taking up resources, and
-# not doing anything productive.
-#
-# The numbers given below should be adequate for most situations.
-#
-thread pool {
- # Number of servers to start initially --- should be a reasonable
- # ballpark figure.
- start_servers = 5
-
- # Limit on the total number of servers running.
- #
- # If this limit is ever reached, clients will be LOCKED OUT, so it
- # should NOT BE SET TOO LOW. It is intended mainly as a brake to
- # keep a runaway server from taking the system with it as it spirals
- # down...
- #
- # You may find that the server is regularly reaching the
- # 'max_servers' number of threads, and that increasing
- # 'max_servers' doesn't seem to make much difference.
- #
- # If this is the case, then the problem is MOST LIKELY that
- # your back-end databases are taking too long to respond, and
- # are preventing the server from responding in a timely manner.
- #
- # The solution is NOT do keep increasing the 'max_servers'
- # value, but instead to fix the underlying cause of the
- # problem: slow database, or 'hostname_lookups=yes'.
- #
- # For more information, see 'max_request_time', above.
- #
- max_servers = 32
-
- # Server-pool size regulation. Rather than making you guess
- # how many servers you need, FreeRADIUS dynamically adapts to
- # the load it sees, that is, it tries to maintain enough
- # servers to handle the current load, plus a few spare
- # servers to handle transient load spikes.
- #
- # It does this by periodically checking how many servers are
- # waiting for a request. If there are fewer than
- # min_spare_servers, it creates a new spare. If there are
- # more than max_spare_servers, some of the spares die off.
- # The default values are probably OK for most sites.
- #
- min_spare_servers = 3
- max_spare_servers = 10
-
- # There may be memory leaks or resource allocation problems with
- # the server. If so, set this value to 300 or so, so that the
- # resources will be cleaned up periodically.
- #
- # This should only be necessary if there are serious bugs in the
- # server which have not yet been fixed.
- #
- # '0' is a special value meaning 'infinity', or 'the servers never
- # exit'
- max_requests_per_server = 0
-}
-
-# MODULE CONFIGURATION
-#
-# The names and configuration of each module is located in this section.
-#
-# After the modules are defined here, they may be referred to by name,
-# in other sections of this configuration file.
-#
-modules {
- #
- # Each module has a configuration as follows:
- #
- # name [ instance ] {
- # config_item = value
- # ...
- # }
- #
- # The 'name' is used to load the 'rlm_name' library
- # which implements the functionality of the module.
- #
- # The 'instance' is optional. To have two different instances
- # of a module, it first must be referred to by 'name'.
- # The different copies of the module are then created by
- # inventing two 'instance' names, e.g. 'instance1' and 'instance2'
- #
- # The instance names can then be used in later configuration
- # INSTEAD of the original 'name'. See the 'radutmp' configuration
- # below for an example.
- #
-
- #
- # As of 2.0.5, most of the module configurations are in a
- # separate directory. Files matching the regex /[a-zA-Z0-9_.]+/
- # are loaded. The modules are initialized ONLY if they are
- # referenced in a processing section, such as authorize,
- # authenticate, accounting, pre/post-proxy, etc.
- #
-# $INCLUDE ${confdir}/modules/
- $INCLUDE ${confdir}/modules/ldap
- $INCLUDE ${confdir}/modules/mschap
- $INCLUDE ${confdir}/modules/preprocess
- $INCLUDE ${confdir}/modules/realm
- $INCLUDE ${confdir}/modules/chap
- $INCLUDE ${confdir}/modules/acct_unique
- $INCLUDE ${crans_conf}/modules/
- # Extensible Authentication Protocol
- #
- # For all EAP related authentications.
- # Now in another file, because it is very large.
- #
- $INCLUDE ${confdir}/eap.conf
-
- # Include another file that has the SQL-related configuration.
- # This is another file only because it tends to be big.
- #
-# $INCLUDE ${confdir}/sql.conf
-
-
- # For Cisco VoIP specific accounting with Postgresql,
- # use: ${confdir}/sql/postgresql/voip-postpaid.conf
- #
- # You will also need the sql schema from:
- # src/billing/cisco_h323_db_schema-postgres.sql
- # Note: This config can be use AS WELL AS the standard sql
- # config if you need SQL based Auth
-
- #
- # This module is an SQL enabled version of the counter module.
- #
- # Rather than maintaining seperate (GDBM) databases of
- # accounting info for each counter, this module uses the data
- # stored in the raddacct table by the sql modules. This
- # module NEVER does any database INSERTs or UPDATEs. It is
- # totally dependent on the SQL module to process Accounting
- # packets.
- #
-# $INCLUDE ${confdir}/sql/mysql/counter.conf
- #$INCLUDE ${confdir}/sql/postgresql/counter.conf
-
- # $INCLUDE ${confdir}/sqlippool.conf
-
- # OTP token support. Not included by default.
- # $INCLUDE ${confdir}/otp.conf
-
-}
-
-# Instantiation
-#
-# This section orders the loading of the modules. Modules
-# listed here will get loaded BEFORE the later sections like
-# authorize, authenticate, etc. get examined.
-#
-# This section is not strictly needed. When a section like
-# authorize refers to a module, it's automatically loaded and
-# initialized. However, some modules may not be listed in any
-# of the following sections, so they can be listed here.
-#
-# Also, listing modules here ensures that you have control over
-# the order in which they are initalized. If one module needs
-# something defined by another module, you can list them in order
-# here, and ensure that the configuration will be OK.
-#
-instantiate {
- #
- # Allows the execution of external scripts.
- # The entire command line (and output) must fit into 253 bytes.
- #
- # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
-# exec
-
- #
- # The expression module doesn't do authorization,
- # authentication, or accounting. It only does dynamic
- # translation, of the form:
- #
- # Session-Timeout = `%{expr:2 + 3}`
- #
- # So the module needs to be instantiated, but CANNOT be
- # listed in any other section. See 'doc/rlm_expr' for
- # more information.
- #
-# expr
-
- #
- # We add the counter module here so that it registers
- # the check-name attribute before any module which sets
- # it
-# daily
-# expiration
-# logintime
-
- # subsections here can be thought of as "virtual" modules.
- #
- # e.g. If you have two redundant SQL servers, and you want to
- # use them in the authorize and accounting sections, you could
- # place a "redundant" block in each section, containing the
- # exact same text. Or, you could uncomment the following
- # lines, and list "redundant_sql" in the authorize and
- # accounting sections.
- #
- #redundant redundant_sql {
- # sql1
- # sql2
- #}
-}
-
-######################################################################
-#
-# Policies that can be applied in multiple places are listed
-# globally. That way, they can be defined once, and referred
-# to multiple times.
-#
-######################################################################
-$INCLUDE ${confdir}/policy.conf
-
-######################################################################
-#
-# As of 2.0.0, the "authorize", "authenticate", etc. sections
-# are in separate configuration files, per virtual host.
-#
-######################################################################
-
-######################################################################
-#
-# Include all enabled virtual hosts.
-#
-# The following directory is searched for files that match
-# the regex:
-#
-# /[a-zA-Z0-9_.]+/
-#
-# The files are then included here, just as if they were cut
-# and pasted into this file.
-#
-# See "sites-enabled/default" for some additional documentation.
-#
-$INCLUDE sites-enabled/
-$INCLUDE ${crans_conf}/sites-available/