1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
--- a/raddb/policy.d/accounting
+++ b/raddb/policy.d/accounting
@@ -34,7 +34,7 @@
#
if("%{string:Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) {
update request {
- Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
+ &Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}"
}
}
@@ -46,7 +46,7 @@
#
else {
update request {
- Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
+ &Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}"
}
}
}
@@ -65,8 +65,8 @@
#
acct_counters64.preacct {
update request {
- Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} * 4294967296) + %{%{Acct-Input-Octets}:-0}}"
- Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} * 4294967296) + %{%{Acct-Output-Octets}:-0}}"
+ &Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} * 4294967296) + %{%{Acct-Input-Octets}:-0}}"
+ &Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} * 4294967296) + %{%{Acct-Output-Octets}:-0}}"
}
}
--- a/raddb/policy.d/eap
+++ b/raddb/policy.d/eap
@@ -76,7 +76,7 @@
remove_reply_message_if_eap {
if(reply:EAP-Message && reply:Reply-Message) {
update reply {
- Reply-Message !* ANY
+ &Reply-Message !* ANY
}
}
else {
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -415,8 +415,8 @@
# member. This can allow for some finer-grained access
# controls.
#
-# user = radius
-# group = radius
+ user = radius
+ group = radius
# Core dumps are a bad thing. This should only be set to
# 'yes' if you're debugging a problem with the server.
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -314,9 +314,9 @@
# for the many packets that go back and forth to set up TTLS
# or PEAP. The load on those servers will therefore be reduced.
#
- eap {
- ok = return
- }
+# eap {
+# ok = return
+# }
#
# Pull crypt'd passwords from /etc/passwd or /etc/shadow,
@@ -457,7 +457,7 @@
#
# Allow EAP authentication.
- eap
+# eap
#
# The older configurations sent a number of attributes in
@@ -748,7 +748,7 @@
# Insert EAP-Failure message if the request was
# rejected by policy instead of because of an
# authentication failure
- eap
+# eap
# Remove reply message if the response contains an EAP-Message
remove_reply_message_if_eap
@@ -817,7 +817,7 @@
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
- eap
+# eap
#
# If the server tries to proxy a request and fails, then the
--- a/raddb/sites-available/inner-tunnel
+++ b/raddb/sites-available/inner-tunnel
@@ -116,9 +116,9 @@
# for the many packets that go back and forth to set up TTLS
# or PEAP. The load on those servers will therefore be reduced.
#
- eap {
- ok = return
- }
+# eap {
+# ok = return
+# }
#
# Read the 'users' file
@@ -227,7 +227,7 @@
#
# Allow EAP authentication.
- eap
+# eap
}
######################################################################
@@ -380,7 +380,7 @@
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
- eap
+# eap
#
# If the server tries to proxy a request and fails, then the
|