Ancienneconf de freeradius, devenue obsolète

2015-05-02 17:14:02 +02:00 · 2015-05-02 17:14:02 +02:00 · da8e961ccb
commit da8e961ccb
parent f45a755eb9
2 changed files with 0 additions and 398 deletions
--- a/Python/etc/freeradius/radiusd.conf
+++ b/Python/etc/freeradius/radiusd.conf
@ -1,395 +0,0 @@
-@prefix = /usr
-@exec_prefix = /usr
-@sysconfdir = /etc
-@localstatedir = /var
-@sbindir = ${exec_prefix}/sbin
-@logdir = /var/log/freeradius
-@raddbdir = /etc/freeradius
-@radacctdir = ${logdir}/radacct
-@
-@confdir = ${raddbdir}
-@run_dir = ${localstatedir}/run/freeradius
-@
-@db_dir = $(raddbdir)
-@
-@libdir = /usr/lib/freeradius
-@
-@pidfile = ${run_dir}/freeradius.pid
-@
-@
-@user = freerad
-@group = freerad
-@
-@max_request_time = 30
-@
-@cleanup_delay = 5
-@
-@max_requests = 1024
-@
-@listen {
-@	
-@	type = auth
-@	ipaddr = *
-@	port = 0
-@
-@}
-@
-@hostname_lookups = no
-@
-@allow_core_dumps = no
-@
-@regular_expressions	= yes
-@extended_expressions	= yes
-@
-@log {
-@	destination = files
-@	file = ${logdir}/radius.log
-@	syslog_facility = daemon
-@	stripped_names = no
-@	auth = yes
-@	auth_badpass = yes
-@	auth_goodpass = yes
-@}
-@
-@checkrad = ${sbindir}/checkrad
-@
-@security {
-@		max_attributes = 200
-@		reject_delay = 1
-@		status_server = yes
-@}
-@
-@$INCLUDE clients.conf
-@
-@thread pool {
-@	start_servers = 10
-@	max_servers = 32
-@	min_spare_servers = 3
-@	max_spare_servers = 10
-@	max_requests_per_server = 0
-@}
-@
-@modules {
-@	checkval {
-@		# The attribute to look for in the request
-@		item-name = Calling-Station-Id
-@
-@		# The attribute to look for in check items. Can be multi valued
-@		check-name = Calling-Station-Id
-@
-@		# The data type. Can be
-@		# string,integer,ipaddr,date,abinary,octets
-@		data-type = string
-@
-@		# If set to yes and we dont find the item-name attribute in the
-@		# request then we send back a reject
-@		# DEFAULT is no
-@		#notfound-reject = no
-@	}
-@	
-@	# Preprocess the incoming RADIUS request, before handing it off
-@	# to other modules.
-@	#
-@	#  This module processes the 'huntgroups' and 'hints' files.
-@	#  In addition, it re-writes some weird attributes created
-@	#  by some NASes, and converts the attributes into a form which
-@	#  is a little more standard.
-@	#
-@	preprocess {
-@		huntgroups = ${confdir}/huntgroups
-@		hints = ${confdir}/hints
-@
-@		# This hack changes Ascend's wierd port numberings
-@		# to standard 0-??? port numbers so that the "+" works
-@		# for IP address assignments.
-@		with_ascend_hack = no
-@		ascend_channels_per_line = 23
-@		with_ntdomain_hack = no
-@		with_specialix_jetstream_hack = no
-@		with_cisco_vsa_hack = no
-@	}
-@
-@	# Livingston-style 'users' file
-@	#
-@	files {
-@		# The default key attribute to use for matches.  The content
-@		# of this attribute is used to match the "name" of the
-@		# entry.
-@		#key = "%{Stripped-User-Name:-%{User-Name}}"
-@		
-@		# C'est dans ce fichier que l'on va voir si la requête est bien du type 
-@		# qu'on attend
-@		usersfile = ${confdir}/users
-@		compat = no
-@	}
-@
-@	# Write a detailed log of all accounting records received.
-@	#
-@	detail {
-@		detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
-@		detailperm = 0600
-@
-@		#
-@		#  Every entry in the detail file has a header which
-@		#  is a timestamp.  By default, we use the ctime
-@		#  format (see "man ctime" for details).
-@		#
-@		#  The header can be customized by editing this
-@		#  string.  See "doc/variables.txt" for a description
-@		#  of what can be put here.
-@		#
-@		header = "%t"
-@	}
-@	detail auth_log {
-@		detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
-@	 }
-@	 detail reply_log {
-@		 detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
-@
-@		 detailperm = 0600
-@	 }
-@
-@	acct_unique {
-@		key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
-@	}
-@
-@	# Enforce RFC requirements on the contents of Access-Reject
-@	# packets.  See the comments at the top of the file for
-@	# more details.
-@	#
-@	attr_filter attr_filter.access_reject {
-@		key = %{User-Name}
-@		attrsfile = ${confdir}/attrs.access_reject
-@	}
-@
-@	#  Enforce RFC requirements on the contents of the
-@	#  Accounting-Response packets.  See the comments at the
-@	#  top of the file for more details.
-@	#
-@	attr_filter attr_filter.accounting_response {
-@		key = %{User-Name}
-@		attrsfile = ${confdir}/attrs.accounting_response
-@	}
-@
-@	counter daily {
-@		filename = ${db_dir}/db.daily
-@		key = User-Name
-@		count-attribute = Acct-Session-Time
-@		reset = daily
-@		counter-name = Daily-Session-Time
-@		check-name = Max-Daily-Session
-@		reply-name = Session-Timeout
-@		allowed-servicetype = Framed-User
-@		cache-size = 5000
-@	}
-@
-@	#
-@	#  Execute external programs
-@	#
-@	#  This module is useful only for 'xlat'.  To use it,
-@	#  put 'exec' into the 'instantiate' section.  You can then
-@	#  do dynamic translation of attributes like:
-@	#
-@	#  Attribute-Name = `%{exec:/path/to/program args}`
-@	#
-@	#  The value of the attribute will be replaced with the output
-@	#  of the program which is executed.  Due to RADIUS protocol
-@	#  limitations, any output over 253 bytes will be ignored.
-@	#
-@	#  The RADIUS attributes from the user request will be placed
-@	#  into environment variables of the executed program, as
-@	#  described in 'doc/variables.txt'
-@	#
-@	exec {
-@		wait = yes
-@		program = "/usr/scripts/utils/radius_auth.py"
-@		input_pairs = request
-@		# Pour avoir la sortie du script qui soit reprise par freeradius
-@		output_pairs = reply
-@	}
-@
-@	#
-@	#  This is a more general example of the execute module.
-@	#
-@	#  This one is called "echo".
-@	#
-@	#  Attribute-Name = `%{echo:/path/to/program args}`
-@	#
-@	#  If you wish to execute an external program in more than
-@	#  one section (e.g. 'authorize', 'pre_proxy', etc), then it
-@	#  is probably best to define a different instance of the
-@	#  'exec' module for every section.	
-@	#
-@	#  The return value of the program run determines the result
-@	#  of the exec instance call as follows:
-@	#  (See doc/configurable_failover for details)
-@	#
-@	#  < 0 : fail      the module failed
-@	#  = 0 : ok        the module succeeded
-@	#  = 1 : reject    the module rejected the user
-@	#  = 2 : fail      the module failed
-@	#  = 3 : ok        the module succeeded
-@	#  = 4 : handled   the module has done everything to handle the request
-@	#  = 5 : invalid   the user's configuration entry was invalid
-@	#  = 6 : userlock  the user was locked out
-@	#  = 7 : notfound  the user was not found
-@	#  = 8 : noop      the module did nothing
-@	#  = 9 : updated   the module updated information in the request
-@	#  > 9 : fail      the module failed
-@	#
-@	exec echo {
-@		#
-@		#  Wait for the program to finish.
-@		#
-@		#  If we do NOT wait, then the program is "fire and
-@		#  forget", and any output attributes from it are ignored.
-@		#
-@		#  If we are looking for the program to output
-@		#  attributes, and want to add those attributes to the
-@		#  request, then we MUST wait for the program to
-@		#  finish, and therefore set 'wait=yes'
-@		#
-@		# allowed values: {no, yes}
-@		wait = yes
-@
-@		#
-@		#  The name of the program to execute, and it's
-@		#  arguments.  Dynamic translation is done on this
-@		#  field, so things like the following example will
-@		#  work.
-@		#
-@		program = "/bin/echo %{User-Name}"
-@
-@		#
-@		#  The attributes which are placed into the
-@		#  environment variables for the program.
-@		#
-@		#  Allowed values are:
-@		#
-@		#	request		attributes from the request
-@		#	config		attributes from the configuration items list
-@		#	reply		attributes from the reply
-@		#	proxy-request	attributes from the proxy request
-@		#	proxy-reply	attributes from the proxy reply
-@		#
-@		#  Note that some attributes may not exist at some
-@		#  stages.  e.g. There may be no proxy-reply
-@		#  attributes if this module is used in the
-@		#  'authorize' section.
-@		#
-@		input_pairs = request
-@
-@		#
-@		#  Where to place the output attributes (if any) from
-@		#  the executed program.  The values allowed, and the
-@		#  restrictions as to availability, are the same as
-@		#  for the input_pairs.
-@		#
-@		output_pairs = reply
-@
-@		#
-@		#  When to execute the program.  If the packet
-@		#  type does NOT match what's listed here, then
-@		#  the module does NOT execute the program.
-@		#
-@		#  For a list of allowed packet types, see
-@		#  the 'dictionary' file, and look for VALUEs
-@		#  of the Packet-Type attribute.
-@		#
-@		#  By default, the module executes on ANY packet.
-@		#  Un-comment out the following line to tell the
-@		#  module to execute only if an Access-Accept is
-@		#  being sent to the NAS.
-@		#
-@		#packet_type = Access-Accept
-@
-@		#
-@		#  Should we escape the environment variables?
-@		#  
-@		#  If this is set, all the RADIUS attributes
-@		#  are capitalised and dashes replaced with
-@		#  underscores. Also, RADIUS values are surrounded
-@		#  with double-quotes.
-@		#
-@		#  That is to say: User-Name=BobUser => USER_NAME="BobUser"
-@		shell_escape = yes
-@
-@	}
-@	
-@	#  Module implementing a DIFFERENT policy language.
-@	#  The syntax here is NOT "unlang", but something else.
-@	#
-@	#  See the "policy.txt" file for documentation and examples.
-@	#
-@	policy {
-@	       #  The only configuration item is a filename containing
-@	       #  the policies to execute.
-@	       #
-@	       #  When "policy" is listed in a section (e.g. "authorize"),
-@	       #  it will run a policy named for that section.
-@	       # 
-@	       filename = ${confdir}/policy.txt
-@	}
-@
-@}
-@
-@instantiate {
-@	#
-@	#  Allows the execution of external scripts.
-@	#  The entire command line (and output) must fit into 253 bytes.
-@	#
-@	#  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
-@	# exec
-@
-@	#
-@	#  The expression module doesn't do authorization,
-@	#  authentication, or accounting.  It only does dynamic
-@	#  translation, of the form:
-@	#
-@	#	Session-Timeout = `%{expr:2 + 3}`
-@	#
-@	#  So the module needs to be instantiated, but CANNOT be
-@	#  listed in any other section.  See 'doc/rlm_expr' for
-@	#  more information.
-@	#
-@#	expr
-@
-@	#
-@	# We add the counter module here so that it registers
-@	# the check-name attribute before any module which sets
-@	# it
-@#	expiration
-@#	logintime
-@
-@}
-@
-@$INCLUDE policy.conf
-@
-@
-@authorize {
-@	preprocess
-@	files
-@}
-@
-@authenticate {
-@	files
-@}
-@
-@preacct {
-@	preprocess
-@	acct_unique
-@	files
-@}
-@
-@#accounting {
-@#	detail
-@#	radutmp
-@#}
-@
-@#session {
-@#	radutmp
-@#}
-@post-auth {
-@	exec 
-@}
-@
--- a/Python/etc/freeradius/users
+++ b/Python/etc/freeradius/users
@ -1,3 +0,0 @@
-@# Vérif des macs pour les switchs :
-@# script externe interrogant la base LDAP
-@DEFAULT Auth-Type := Accept, NAS-IP-Address=~10.231.136.*, Service-Type =~ "(Administrative|Framed)-User", Framed-Protocol == PPP