From da8e961ccb03e7431bba8634dc1ef3de49a51073 Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Sat, 2 May 2015 17:14:02 +0200 Subject: [PATCH] =?UTF-8?q?Ancienneconf=20de=20freeradius,=20devenue=20obs?= =?UTF-8?q?ol=C3=A8te?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Python/etc/freeradius/radiusd.conf | 395 ----------------------------- Python/etc/freeradius/users | 3 - 2 files changed, 398 deletions(-) delete mode 100644 Python/etc/freeradius/radiusd.conf delete mode 100644 Python/etc/freeradius/users diff --git a/Python/etc/freeradius/radiusd.conf b/Python/etc/freeradius/radiusd.conf deleted file mode 100644 index e8914be..0000000 --- a/Python/etc/freeradius/radiusd.conf +++ /dev/null @@ -1,395 +0,0 @@ -@prefix = /usr -@exec_prefix = /usr -@sysconfdir = /etc -@localstatedir = /var -@sbindir = ${exec_prefix}/sbin -@logdir = /var/log/freeradius -@raddbdir = /etc/freeradius -@radacctdir = ${logdir}/radacct -@ -@confdir = ${raddbdir} -@run_dir = ${localstatedir}/run/freeradius -@ -@db_dir = $(raddbdir) -@ -@libdir = /usr/lib/freeradius -@ -@pidfile = ${run_dir}/freeradius.pid -@ -@ -@user = freerad -@group = freerad -@ -@max_request_time = 30 -@ -@cleanup_delay = 5 -@ -@max_requests = 1024 -@ -@listen { -@ -@ type = auth -@ ipaddr = * -@ port = 0 -@ -@} -@ -@hostname_lookups = no -@ -@allow_core_dumps = no -@ -@regular_expressions = yes -@extended_expressions = yes -@ -@log { -@ destination = files -@ file = ${logdir}/radius.log -@ syslog_facility = daemon -@ stripped_names = no -@ auth = yes -@ auth_badpass = yes -@ auth_goodpass = yes -@} -@ -@checkrad = ${sbindir}/checkrad -@ -@security { -@ max_attributes = 200 -@ reject_delay = 1 -@ status_server = yes -@} -@ -@$INCLUDE clients.conf -@ -@thread pool { -@ start_servers = 10 -@ max_servers = 32 -@ min_spare_servers = 3 -@ max_spare_servers = 10 -@ max_requests_per_server = 0 -@} -@ -@modules { -@ checkval { -@ # The attribute to look for in the request -@ item-name = Calling-Station-Id -@ -@ # The attribute to look for in check items. Can be multi valued -@ check-name = Calling-Station-Id -@ -@ # The data type. Can be -@ # string,integer,ipaddr,date,abinary,octets -@ data-type = string -@ -@ # If set to yes and we dont find the item-name attribute in the -@ # request then we send back a reject -@ # DEFAULT is no -@ #notfound-reject = no -@ } -@ -@ # Preprocess the incoming RADIUS request, before handing it off -@ # to other modules. -@ # -@ # This module processes the 'huntgroups' and 'hints' files. -@ # In addition, it re-writes some weird attributes created -@ # by some NASes, and converts the attributes into a form which -@ # is a little more standard. -@ # -@ preprocess { -@ huntgroups = ${confdir}/huntgroups -@ hints = ${confdir}/hints -@ -@ # This hack changes Ascend's wierd port numberings -@ # to standard 0-??? port numbers so that the "+" works -@ # for IP address assignments. -@ with_ascend_hack = no -@ ascend_channels_per_line = 23 -@ with_ntdomain_hack = no -@ with_specialix_jetstream_hack = no -@ with_cisco_vsa_hack = no -@ } -@ -@ # Livingston-style 'users' file -@ # -@ files { -@ # The default key attribute to use for matches. The content -@ # of this attribute is used to match the "name" of the -@ # entry. -@ #key = "%{Stripped-User-Name:-%{User-Name}}" -@ -@ # C'est dans ce fichier que l'on va voir si la requête est bien du type -@ # qu'on attend -@ usersfile = ${confdir}/users -@ compat = no -@ } -@ -@ # Write a detailed log of all accounting records received. -@ # -@ detail { -@ detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d -@ detailperm = 0600 -@ -@ # -@ # Every entry in the detail file has a header which -@ # is a timestamp. By default, we use the ctime -@ # format (see "man ctime" for details). -@ # -@ # The header can be customized by editing this -@ # string. See "doc/variables.txt" for a description -@ # of what can be put here. -@ # -@ header = "%t" -@ } -@ detail auth_log { -@ detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d -@ } -@ detail reply_log { -@ detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d -@ -@ detailperm = 0600 -@ } -@ -@ acct_unique { -@ key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" -@ } -@ -@ # Enforce RFC requirements on the contents of Access-Reject -@ # packets. See the comments at the top of the file for -@ # more details. -@ # -@ attr_filter attr_filter.access_reject { -@ key = %{User-Name} -@ attrsfile = ${confdir}/attrs.access_reject -@ } -@ -@ # Enforce RFC requirements on the contents of the -@ # Accounting-Response packets. See the comments at the -@ # top of the file for more details. -@ # -@ attr_filter attr_filter.accounting_response { -@ key = %{User-Name} -@ attrsfile = ${confdir}/attrs.accounting_response -@ } -@ -@ counter daily { -@ filename = ${db_dir}/db.daily -@ key = User-Name -@ count-attribute = Acct-Session-Time -@ reset = daily -@ counter-name = Daily-Session-Time -@ check-name = Max-Daily-Session -@ reply-name = Session-Timeout -@ allowed-servicetype = Framed-User -@ cache-size = 5000 -@ } -@ -@ # -@ # Execute external programs -@ # -@ # This module is useful only for 'xlat'. To use it, -@ # put 'exec' into the 'instantiate' section. You can then -@ # do dynamic translation of attributes like: -@ # -@ # Attribute-Name = `%{exec:/path/to/program args}` -@ # -@ # The value of the attribute will be replaced with the output -@ # of the program which is executed. Due to RADIUS protocol -@ # limitations, any output over 253 bytes will be ignored. -@ # -@ # The RADIUS attributes from the user request will be placed -@ # into environment variables of the executed program, as -@ # described in 'doc/variables.txt' -@ # -@ exec { -@ wait = yes -@ program = "/usr/scripts/utils/radius_auth.py" -@ input_pairs = request -@ # Pour avoir la sortie du script qui soit reprise par freeradius -@ output_pairs = reply -@ } -@ -@ # -@ # This is a more general example of the execute module. -@ # -@ # This one is called "echo". -@ # -@ # Attribute-Name = `%{echo:/path/to/program args}` -@ # -@ # If you wish to execute an external program in more than -@ # one section (e.g. 'authorize', 'pre_proxy', etc), then it -@ # is probably best to define a different instance of the -@ # 'exec' module for every section. -@ # -@ # The return value of the program run determines the result -@ # of the exec instance call as follows: -@ # (See doc/configurable_failover for details) -@ # -@ # < 0 : fail the module failed -@ # = 0 : ok the module succeeded -@ # = 1 : reject the module rejected the user -@ # = 2 : fail the module failed -@ # = 3 : ok the module succeeded -@ # = 4 : handled the module has done everything to handle the request -@ # = 5 : invalid the user's configuration entry was invalid -@ # = 6 : userlock the user was locked out -@ # = 7 : notfound the user was not found -@ # = 8 : noop the module did nothing -@ # = 9 : updated the module updated information in the request -@ # > 9 : fail the module failed -@ # -@ exec echo { -@ # -@ # Wait for the program to finish. -@ # -@ # If we do NOT wait, then the program is "fire and -@ # forget", and any output attributes from it are ignored. -@ # -@ # If we are looking for the program to output -@ # attributes, and want to add those attributes to the -@ # request, then we MUST wait for the program to -@ # finish, and therefore set 'wait=yes' -@ # -@ # allowed values: {no, yes} -@ wait = yes -@ -@ # -@ # The name of the program to execute, and it's -@ # arguments. Dynamic translation is done on this -@ # field, so things like the following example will -@ # work. -@ # -@ program = "/bin/echo %{User-Name}" -@ -@ # -@ # The attributes which are placed into the -@ # environment variables for the program. -@ # -@ # Allowed values are: -@ # -@ # request attributes from the request -@ # config attributes from the configuration items list -@ # reply attributes from the reply -@ # proxy-request attributes from the proxy request -@ # proxy-reply attributes from the proxy reply -@ # -@ # Note that some attributes may not exist at some -@ # stages. e.g. There may be no proxy-reply -@ # attributes if this module is used in the -@ # 'authorize' section. -@ # -@ input_pairs = request -@ -@ # -@ # Where to place the output attributes (if any) from -@ # the executed program. The values allowed, and the -@ # restrictions as to availability, are the same as -@ # for the input_pairs. -@ # -@ output_pairs = reply -@ -@ # -@ # When to execute the program. If the packet -@ # type does NOT match what's listed here, then -@ # the module does NOT execute the program. -@ # -@ # For a list of allowed packet types, see -@ # the 'dictionary' file, and look for VALUEs -@ # of the Packet-Type attribute. -@ # -@ # By default, the module executes on ANY packet. -@ # Un-comment out the following line to tell the -@ # module to execute only if an Access-Accept is -@ # being sent to the NAS. -@ # -@ #packet_type = Access-Accept -@ -@ # -@ # Should we escape the environment variables? -@ # -@ # If this is set, all the RADIUS attributes -@ # are capitalised and dashes replaced with -@ # underscores. Also, RADIUS values are surrounded -@ # with double-quotes. -@ # -@ # That is to say: User-Name=BobUser => USER_NAME="BobUser" -@ shell_escape = yes -@ -@ } -@ -@ # Module implementing a DIFFERENT policy language. -@ # The syntax here is NOT "unlang", but something else. -@ # -@ # See the "policy.txt" file for documentation and examples. -@ # -@ policy { -@ # The only configuration item is a filename containing -@ # the policies to execute. -@ # -@ # When "policy" is listed in a section (e.g. "authorize"), -@ # it will run a policy named for that section. -@ # -@ filename = ${confdir}/policy.txt -@ } -@ -@} -@ -@instantiate { -@ # -@ # Allows the execution of external scripts. -@ # The entire command line (and output) must fit into 253 bytes. -@ # -@ # e.g. Framed-Pool = `%{exec:/bin/echo foo}` -@ # exec -@ -@ # -@ # The expression module doesn't do authorization, -@ # authentication, or accounting. It only does dynamic -@ # translation, of the form: -@ # -@ # Session-Timeout = `%{expr:2 + 3}` -@ # -@ # So the module needs to be instantiated, but CANNOT be -@ # listed in any other section. See 'doc/rlm_expr' for -@ # more information. -@ # -@# expr -@ -@ # -@ # We add the counter module here so that it registers -@ # the check-name attribute before any module which sets -@ # it -@# expiration -@# logintime -@ -@} -@ -@$INCLUDE policy.conf -@ -@ -@authorize { -@ preprocess -@ files -@} -@ -@authenticate { -@ files -@} -@ -@preacct { -@ preprocess -@ acct_unique -@ files -@} -@ -@#accounting { -@# detail -@# radutmp -@#} -@ -@#session { -@# radutmp -@#} -@post-auth { -@ exec -@} -@ diff --git a/Python/etc/freeradius/users b/Python/etc/freeradius/users deleted file mode 100644 index 12ede2c..0000000 --- a/Python/etc/freeradius/users +++ /dev/null @@ -1,3 +0,0 @@ -@# Vérif des macs pour les switchs : -@# script externe interrogant la base LDAP -@DEFAULT Auth-Type := Accept, NAS-IP-Address=~10.231.136.*, Service-Type =~ "(Administrative|Framed)-User", Framed-Protocol == PPP