Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1833 → Rev 1832

/conf/freeradius-web/user_edit.attrs.orig
File deleted
/conf/freeradius-web/config.php.orig
File deleted
/conf/freeradius-web/admin.conf.orig
File deleted
/conf/freeradius-web/sql.attrs.orig
File deleted
/conf/freeradius-web/sql.attrs
8,8 → 8,8
UserName User Name yes
GroupName Group Name yes
Realm Realm no
NASIPAddress Nas IP Address no
NASPortId Nas Port no
NASIPAddress Nas IP Address no
NASPortId Nas Port no
NASPortType NAS Port Type no
AcctStartTime Login Time yes
AcctStopTime Logout Time yes
/conf/freeradius-web/admin.conf.default
0,0 → 1,351
#
# Main Configuration File
#
# it can be default or whatever language. Only greek are supported
# from non latin alphabet languages
# These attribute only apply for ldap not for sql
#
general_prefered_lang: en
general_prefered_lang_name: English
#
# The charset which will be added as a meta tag in all pages
#
general_charset: iso-8859-1
#
# Uncomment this if normal attributes (not the ;lang-xx ones) in ldap
# are utf8 encoded.
#
#general_decode_normal_attributes: yes
#
# The directory where dialupadmin is installed
#
general_base_dir: /usr/share/freeradius-web
#
# The base directory of the freeradius radius installation
#
general_radiusd_base_dir: /usr
general_domain: company.com
#
# Set it to yes to use sessions and cache the various mappings
# You can also set use_session = 1 in config.php to also cache
# the admin.conf
#
# ---- IMPORTANT -- IMPORTANT -- IMPORTANT ----
#Remember to use the 'Clear Cache' page if you use sessions and do any changes
#in any of the configuration files.
#
general_use_session: no
#
# This is used by the failed logins page. It states the default back time
# in minutes.
#
general_most_recent_fl: 30
 
#
# Realm setup
#
# Set general_strip_realms to yes in order to stip realms from usernames.
# By default realms are not striped
#general_strip_realms: yes
#
# The delimiter used in realms. Default is @
#
general_realm_delimiter: @
#
# The format of the realms. Can be either suffix (realm is after the username)
# or prefix (realm is before the username). Default is suffix
#
general_realm_format: suffix
#
 
#
# Determines if the administrator will be able to see and change the user password through
# the user edit page
general_show_user_password: yes
 
general_raddb_dir: /etc/raddb
general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap
# Need to fix admin.conf file parser
#general_clients_conf: %{general_raddb_dir}/clients.conf
general_clients_conf: /etc/raddb/clients.conf
general_sql_attrmap: /etc/freeradius-web/sql.attrmap
general_accounting_attrs_file: /etc/freeradius-web/accounting.attrs
general_extra_ldap_attrmap: /etc/freeradius-web/extra.ldap-attrmap
general_username_mappings_file: /etc/freeradius-web/username.mappings
#
# it can be either ldap or sql
# This affects the user base not accounting. Accounting is always in sql
#
general_lib_type: sql
#
# Define which attributes will be visible in the user edit page
#
general_user_edit_attrs_file: /etc/freeradius-web/user_edit.attrs
#
# Used by the Accounting Report Generator
#
general_sql_attrs_file: /etc/freeradius-web/sql.attrs
#
# Set default values for various attributes
#
general_default_file: /etc/freeradius-web/default.vals
#general_ld_library_path: /usr/local/snmpd/lib
#
# can be 'snmp' (for snmpfinger) or empty to query the radacct table without first
# querying the nas
# This is used by the online users page
#
general_finger_type: snmp
#
# Defines the nas type. This is only used by snmpfinger
# cisco, usrhiper and lucent are supported for now
#
general_nas_type: cisco
general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
#
# Used by the 'Disconnect User' button in the Clear Open Sessions page
# Uses the Cisco AAA Session MIB or a telnet session
#
general_sessionclear_bin: %{general_base_dir}/bin/clearsession
#
# Can be one of telnet or snmp
#
general_sessionclear_method: snmp
general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
#
# this information is used from the server check page
#
general_test_account_login: test
general_test_account_password: testpass
#
# These are used as default values for the user test page
#
general_radius_server: localhost
general_radius_server_port: 1812
#
# can be either pap or chap
#
general_radius_server_auth_proto: pap
#
# sorry, single valued for now. Should become something like
# password[server-name]: xxxxx
#
general_radius_server_secret: XXXXXX
general_auth_request_file: /etc/freeradius-web/auth.request
#
# can be one of crypt,md5,clear
#
general_encryption_method: crypt
#
# can be either asc (older dates first) or desc (recent dates first)
# This is used in the user accounting and badusers pages
#
general_accounting_info_order: desc
#
# Use the totacct table in the user statistics page instead of the radacct
# table. That will make the page run quicker. totacct should have data for
# this to work :-)
#
general_stats_use_totacct: no
#
# If set to yes then we only allow each administrator to examine it's own entries
# in the badusers table
#
general_restrict_badusers_access: no
#
# If set to yes then we restrict access to the nas administration page only to those
# users which are allowed by their username mapping (nasadmin is set to yes)
#
general_restrict_nasadmin_access: no
 
 
INCLUDE: /etc/freeradius-web/naslist.conf
 
INCLUDE: /etc/freeradius-web/captions.conf
 
#
# The ldap server to connect to.
# Both ldap_server and ldap_write_server can be a space-separated
# list of ldap hostnames. In that case the library will try to connect
# to the servers in the order that they appear. If the first host is down
# ldap_connect will ask for the second ldap host and so on.
#
ldap_server: ldap.%{general_domain}
#
# There are many cases where we have a small write master and
# a lot of fast read only replicas. If that is the case uncomment
# ldap_write_server and point it to the write master. It will be
# used only when writing to the directory, not when reading
#
#ldap_write_server: master.%{general_domain}
ldap_base: dc=company,dc=com
ldap_binddn: cn=Directory Manager
ldap_bindpw: XXXXXXX
ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}
ldap_default_dn: uid=default-dialup,%{ldap_base}
ldap_regular_profile_attr: dialupregularprofile
#
# If set to yes then the HTTP credentials (http authentication)
# will be used to bind to the ldap server instead of ldap_binddn
# and ldap_bindpw. That way multiple admins with different rights
# on the ldap database can connect through one dialup_admin interface.
# The ldap_binddn and ldap_bindpw are still needed to find the DN
# to bind with (http authentication will only provide us with a
# username). As a result the ldap_binddn should be able to do a search
# with a filter of (uid=<username>). Normally, the anonymous (empty DN)
# user can do that.
#ldap_use_http_credentials: yes
#
# If we are using http credentials we can map a specific username to the
# directory manager (which usually does not correspond to a specific username)
#
#ldap_directory_manager: cn=Directory Manager
#ldap_map_to_directory_manager: admin
#
# Uncomment to enable ldap debug
#
ldap_debug: true
#
# Allow for defining the ldap filter used when searching for a user
# Variables supported:
# %u: username
# %U: username provided though http authentication
# %mu: mappings for userdb
# %ma: mappings for accounting
# %mn: mappings for nasdb
# %mN: mappings for nas administration
#
# One use of this would be to restrict access to only the user's belonging to
# a specific administrator like this:
# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com))
#
#ldap_filter: (uid=%u)
#
# If ldap_userdn is set then we use that for user dns, we don't perform an ldap
# search. This can be somewhat faster. The variables supported for ldap_filter
# are also supported here
#
#ldap_userdn: uid=%u,%{ldap_base}
 
 
#
# can be one of mysql,pg,oracle,sqlrelay where:
# mysq: MySQL database (port 3306)
# pg: PostgreSQL database (port 5432)
# oracle: Oracle database (port 1521)
# sqlrelay: SQL Relay
#
sql_type: mysql
sql_server: localhost
sql_port: 3306
sql_username: dialup_admin
sql_password: XXXXXX
sql_database: radius
sql_accounting_table: radacct
sql_badusers_table: badusers
sql_check_table: radcheck
sql_reply_table: radreply
sql_user_info_table: userinfo
sql_groupcheck_table: radgroupcheck
sql_groupreply_table: radgroupreply
sql_usergroup_table: radusergroup
sql_total_accounting_table: totacct
sql_nas_table: nas
#
# If set to true then we show all the available groups with the groups
# that the user is a member of highlighted in the user edit page.
# Otherwise we only show the groups he is a member of.
sql_show_all_groups: true
#
# This variable is used by the scripts in the bin folder
# It should contain the path to the sql binary used to run
# sql commands (mysql, psql, oracle and sqlrelay are only supported for now)
sql_command: /usr/bin/mysql
#sql_command: /usr/bin/psql
#sql_command: /usr/bin/sqlplus
#
# This variable is used by the scripts in the bin folder
# It should contain the snmp type and path to the binary
# used to run snmp commands.
# (ucd = UCD-Snmp and net = Net-Snmp are only supported for now)
general_snmp_type: net
general_snmpwalk_command: /usr/bin/snmpwalk
general_snmpget_command: /usr/bin/snmpget
#
# Uncomment to enable sql debug
#
sql_debug: true
#
# If set to yes then the HTTP credentials (http authentication)
# will be used to connect to the sql server instead of sql_username
# and sql_password. That way multiple admins with different rights
# on the sql database can connect through one dialup_admin interface.
#sql_use_http_credentials: yes
#
# If set the query will be added to all of the queries on the accounting
# table
# Variables supported:
# %u: username
# %U: username provided though http authentication
# %mu: mappings for userdb
# %ma: mappings for accounting
# %mn: mappings for nasdb
# %mN: mappings for nas administration
#sql_accounting_extra_query: %ma
 
 
#
# true or false
#
sql_use_user_info_table: true
sql_use_operators: true
#
# Set this to the value of the default_user_profile in your
# sql.conf if that one is set. If it is not set leave blank
# or commented out
#sql_default_user_profile: DEFAULT
#
#
sql_password_attribute: User-Password
sql_date_format: Y-m-d
sql_full_date_format: Y-m-d H:i:s
#
# Used in the accounting report generator so that we
# don't return too many results
#
sql_row_limit: 40
#
# These options are used by the log_badlogins script and by the
# mysql driver
#
# Set the sql connect timeout (secs)
sql_connect_timeout: 3
# Give a space separated list of extra mysql servers to connect to when
# logging bad logins or adding users in the badusers table
#sql_extra_servers: sql2.company.com sql3.company.com
 
#
# Default values for the various user limits in case the counter module
# is used to impose such limits.
# The value should be the user limit in seconds or none for nothing
# Check out conf/sql.attrmap or extra.ldap-attrmap (depending on if you are
# using sql or ldap) for per user attributes. The mapping should be made to
# the attributes configured in the counter module. The attributes used by
# dialupadmin will always be the ones appearing in the attribute mapping files
# so you should make sure they are mapped to the correct attributes
#
#counter_default_daily: 14400
#counter_default_weekly: 72000
counter_default_daily: none
counter_default_weekly: none
counter_default_monthly: none
#
# Since calculating monthly usage can be quite expensive we make
# it configurable
# This is not needed if the monthly limit is not none
#counter_monthly_calculate_usage: true
 
# some of the date/time related functions need to know what timezone we are in
 
timezone: Europe/Luxembourg
 
/conf/freeradius-web/config.php.default
0,0 → 1,117
<?php
#
# Things should work even if register_globals is set to off
#
 
$testVer=intval(str_replace(".", "",'4.1.0'));
$curVer=intval(str_replace(".", "",phpversion()));
if( $curVer >= $testVer )
import_request_variables('GPC');
# If using sessions set use_session to 1 to also cache the config file
#
$use_session = 0;
unset($config);
unset($nas_list);
if ($use_session){
// Start session
@session_start();
if (isset($_SESSION['config']))
$config = $_SESSION['config'];
if (isset($_SESSION['nas_list']))
$nas_list = $_SESSION['nas_list'];
}
if (!isset($config)){
$ARR=file("/etc/freeradius-web/admin.conf");
$EXTRA_ARR = array();
foreach($ARR as $val) {
$val=chop($val);
if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val))
continue;
list($key,$v)=preg_split("/:[[:space:]]*/",$val,2);
if (preg_match("/%\{(.+)\}/",$v,$matches)){
$val=$config[$matches[1]];
$v=preg_replace("/%\{$matches[1]\}/",$val,$v);
}
if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches))
$nas_list[$matches[1]][$matches[2]] = $v;
if ($key == 'INCLUDE'){
if (is_readable($v))
array_push($EXTRA_ARR,file($v));
else
echo "<b>Error: File '$v' does not exist or is not readable</b><br>\n";
}
else
$config["$key"]="$v";
}
foreach($EXTRA_ARR as $val1) {
foreach($val1 as $val){
$val=chop($val);
if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val))
continue;
list($key,$v)=preg_split("/:[[:space:]]*/",$val,2);
if (preg_match("/%\{(.+)\}/",$v,$matches)){
$val=$config[$matches[1]];
$v=preg_replace("/%\{$matches[1]\}/",$val,$v);
}
if (preg_match("/^nas(\d+)_(\w+)$/",$key,$matches))
$nas_list[$matches[1]][$matches[2]] = $v;
$config["$key"]="$v";
}
}
if ($use_session){
session_register('config');
session_register('nas_list');
}
 
}
if ($use_session == 0 && $config[general_use_session] == 'yes'){
// Start session
@session_start();
if (isset($nas_list))
session_register('nas_list');
}
//Make sure we are only passed allowed strings in username
if ($login != '')
$login = preg_replace("/[^\w\.\/\@\:\-]/",'',$login);
 
if ($login != '' && $config[general_strip_realms] == 'yes'){
$realm_del = ($config[general_realm_delimiter] != '') ? $config[general_realm_delimiter] : '@';
$realm_for = ($config[general_realm_format] != '') ? $config[general_realm_format] : 'suffix';
$new = explode($realm_del,$login,2);
if (count($new) == 2)
$login = ($realm_for == 'suffix') ? $new[0] : $new[1];
}
unset($mappings);
if (isset($_SESSION['mappings']))
$mappings = $_SESSION['mappings'];
if (!isset($mappings) && $config[general_username_mappings_file] != ''){
$ARR = file($config[general_username_mappings_file]);
foreach($ARR as $val){
$val=chop($val);
if (preg_match('/^[[:space:]]*#/',$val) || preg_match('/^[[:space:]]*$/',$val))
continue;
list($key,$realm,$v)=preg_split("/:[[:space:]]*/",$val,3);
if ($realm == 'accounting' || $realm == 'userdb' || $realm == 'nasdb' || $realm == 'nasadmin')
$mappings["$key"][$realm] = $v;
if ($realm == 'nasdb'){
$NAS_ARR = array();
$NAS_ARR = preg_split('/,/',$v);
foreach ($nas_list as $key => $nas){
foreach ($NAS_ARR as $nas_check){
if ($nas_check == $nas[name])
unset($nas_list[$key]);
}
}
}
}
if ($config[general_use_session] == 'yes')
session_register('mappings');
}
 
date_default_timezone_set($config[timezone]);
 
//Include missing.php if needed
if (!function_exists('array_change_key_case'))
include_once('../lib/missing.php');
@header('Content-type: text/html; charset='.$config[general_charset].';');
?>
/conf/freeradius-web/sql.attrs.default
0,0 → 1,28
# Used by the Accounting Report Generator page
#
# Mysql attributes Description Show Use function
#
RadAcctId Accounting Id no
AcctSessionId Session Id no
AcctUniqueId Unique Id no
UserName User Name yes
Realm Realm no
NASIPAddress NAS IP Address yes
NASPortId NAS Port yes
NASPortType NAS Port Type no
AcctStartTime Login Time yes
AcctStopTime Logout Time yes
AcctSessionTime Session Time yes time2str
AcctAuthentic AcctAuthentic no
ConnectInfo_start Start Connect Info no
ConnectInfo_stop Stop Connect Info no
AcctInputOctets Upload yes bytes2str
AcctOutputOctets Download yes bytes2str
CalledStationId CalledStationId no
CallingStationId Caller Id no
AcctTerminateCause Terminate Cause no
ServiceType Service Type no
FramedProtocol Protocol no
FramedIPAddress Client IP Address yes
AcctStartDelay Accounting Start Delay no time2str
AcctStopDelay Accounting Stop Delay no time2str
/conf/freeradius-web/user_edit.attrs.default
0,0 → 1,49
#
# Attributes which will be visible in the user/group edit pages
#
# Format: Attribute Comment
#
#
#Auth-Type <a href="help/auth_type_help.html" target=su_help onclick=window.open("help/auth_type_help.html","su_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Auth-Type Help Page"><font color="blue">Auth-Type</font></a>
#Simultaneous-Use <a href="help/simultaneous_use_help.html" target=su_help onclick=window.open("help/simultaneous_use_help.html","su_help","width=560,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Simultaneous Use Help Page"><font color="blue">Simultaneous Use</font></a>
Framed-Protocol <a href="help/framed_protocol_help.html" target=fpr_help onclick=window.open("help/framed_protocol_help.htlml","fpr_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-Protocol Help PPage"><font color="blue">Protocol</font></a>
Framed-IP-Address <a href="help/framed_ip_address_help.html" target=fia_help onclick=window.open("help/framed_ip_address_help.html","fia_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-IP-Address Help Page"><font color="blue">IP Address</font></a>
Framed-IP-Netmask IP Netmask
#Framed-Route Route
#Framed-Routing
#Filter-Id <a href="help/filter_id_help.html" target=fid_help onclick=window.open("help/filter_id_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Filter-ID Help Page"><font color="blue">Filter ID</font></a>
Framed-MTU <a href="help/framed_mtu_help.html" target=fid_help onclick=window.open("help/framed_mtu_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Framed-MTU Help Page"><font color="blue">Framed-MTU</font></a>
Framed-Compression <a href="help/framed_compression_help.html" target=fc_help onclick=window.open("help/framed_compression_help.html","fc_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Framed Compression Help Page"><font color="blue">Compression Used</font></a>
Service-Type <a href="help/service_type_help.html" target=st_help onclick=window.open("help/service_type_help.html","st_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Service-Type Help Page"><font color="blue">Service Type</font></a>
#Login-IP-Host
#Login-Service
#Login-TCP-Port
#Callback-Number <a href="help/callback_number_help.html" target=fid_help onclick=window.open("help/callback_number_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-Number Help Page"><font color="blue">Callback-Number</font></a>
#Callback-Id <a href="help/callback_id_help.html" target=fid_help onclick=window.open("help/callback_id_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Callback-ID Help Page"><font color="blue">Callback-ID</font></a>
#Framed-IPX-Network
#Class <a href="help/class_help.html" target=fid_help onclick=window.open("help/class_help.html","fid_help","width=560,height=230,toolbar=no,scrollbars=no,resizable=yes") title="Class Help Page"><font color="blue">Class</font></a>
Session-Timeout <a href="help/session_timeout_help.html" target=st_help onclick=window.open("help/session_timeout_help.html","st_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Session Timeout Help Page"><font color="blue">Session Timeout</font></a>
Idle-Timeout <a href="help/idle_timeout_help.html" target=it_help onclick=window.open("help/idle_timeout_help.html","it_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Idle Timeout Help Page"><font color="blue">Idle Timeout</font></a>
#Termination-Action
#Login-LAT-Service
#Login-LAT-Node
#Login-LAT-Group
#Framed-AppleTalk-Link
#Framed-AppleTalk-Network
#Framed-AppleTalk-Zone
Port-Limit <a href="help/port_limit_help.html" target=pl_help onclick=window.open("help/port_limit_help.html","pl_help","width=600,height=170,toolbar=no,scrollbars=no,resizable=yes") title="Port Limit Help Page"><font color="blue">Port Limit</font></a>
#Login-LAT-Port
#Dialup-Access <a href="help/dialup_access_help.html" target=da_help onclick=window.open("help/dialup_access_help.html","da_help","width=560,height=200,toolbar=no,scrollbars=no,resizable=yes") title="Dialup Access Help Page"><font color="blue">Dialup Access (use FALSE to lock)</font></a>
Dialup-Lock-Msg <a href="help/lock_message_help.html" target=lm_help onclick=window.open("help/lock_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Lock Message Help Page"><font color="blue">Lock Message</font></a>
#Reply-Message <a href="help/reply_message_help.html" target=lm_help onclick=window.open("help/reply_message_help.html","lm_help","width=600,height=210,toolbar=no,scrollbars=no,resizable=yes") title="Reply-Message Help Page"><font color="blue">Reply-Message</font></a>
#Max-Daily-Session Daily Limit (secs)
#Max-Weekly-Session Weekly Limit (secs)
#Max-Monthly-Session Monthly Limit (secs)
#Login-Time <a href="login_time_create.php?val=$name1&first=yes" target=lt_create onclick=window.open("login_time_create.php?val=$name1&first=yes","lt_create","width=600,height=490,toolbar=no,scrollbars=yes,resizable=yes") title="Login-Time Creation Page"><font color="blue">User Login Period </font></a>(<a href="help/login_time_help.html" target=lt_help onclick=window.open("help/login_time_help.html","lt_help","width=600,height=370,toolbar=no,scrollbars=no,resizable=yes") title="Login-Time Help Page"><font color="blue">UUCP </font></a>Format)
#Expiration <a href="help/expiration_help.html" target=lt_help onclick=window.open("help/expiration_help.html","lt_help","width=600,height=180,toolbar=no,scrollbars=no,resizable=yes") title="Expiration Help Page"><font color="blue">User Expiration Date</font></a>
#
# Uncomment this if you are using ldap and you are using user regular profiles.
# Also make sure that Regular-Profile maps to the correct ldap attribute in
# extra.ldap-attrmap
#
#Regular-Profile User Regular Profile DN