mac-addr-regexp = '([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})'
#
-# Add "rewrite_called_station_id" in the "authorize" and
-# "preacct" sections.
+# Add "rewrite_called_station_id" in the "recv Access-Request" and
+# "recv Accounting-Request" sections.
#
# Makes Called-Station-ID conform to what RFC3580 says should
# be provided by 802.1X authenticators.
}
#
-# Add "rewrite_calling_station_id" in the "authorize" and
-# "preacct" sections.
+# Add "rewrite_calling_station_id" in the "recv Access-Request" and
+# "recv Accounting-Request" sections.
#
# Makes Calling-Station-ID conform to what RFC3580 says should
# be provided by 802.1X authenticators.
#
# Forbid all EAP types. Enable this by putting "forbid_eap"
-# into the "authorize" section.
+# into the "recv Access-Request" section.
#
forbid_eap {
if (&EAP-Message) {
# If you require that the Operator-Name be set
# for local clients then call the 'operator-name' policy
-# in the authorize section of the virtual-server for your clients in clients.conf
+# in the "recv Access-Request" section of the virtual-server for your clients in clients.conf
# To inject an Operator-Name whilst proxying, call the
# 'operator-name' policy in the pre-proxy section of the virtual server
# No need to call this if you have already enabled this in
-# the authorize section.
+# the "recv Access-Request" section.
#
# We assume that clients can have the operator-name definition
#
server channel_bindings {
#
- # Only the "authorize" section is needed.
+ # Only the "recv Access-Request" section is needed.
#
recv Access-Request {
# In general this section should include a policy for each type
# Listen on 192.0.2.1:1812 for Access-Requests
#
# When the server receives a packet, it is processed
- # through the "authorize", etc. sections listed here,
+ # through the "recv ...", etc. sections listed here,
# NOT the global ones the "default" site.
#
listen {
#
# This section lists which modules are available for authentication.
# Note that it does NOT mean 'try each module in order'. It means
-# that a module from the 'authorize' section adds a configuration
+# that a module from the 'recv Access-Request' section adds a configuration
# attribute 'Auth-Type := ::FOO'. That authentication type is then
# used to pick the appropriate module from the list below.
#
#
# PAP authentication, when a back-end database listed
-# in the 'authorize' section supplies a password. The
+# in the 'recv Access-Request' section supplies a password. The
# password can be clear-text, or encrypted.
authenticate pap {
pap
#
# Most people want CHAP authentication
-# A back-end database listed in the 'authorize' section
+# A back-end database listed in the 'recv Access-Request' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
authenticate chap {
# system status this virtual server is able to manipulate the outcome of the
# controlled virtual server.
#
-# Firstly, the authorize section of this virtual server will need to be
+# Firstly, the "recv Status-Server" section of this virtual server will need to be
# amended to check the status of the external resources and to set the status
# of the control module appropriately, as described in the inline comments
# below...
projects / thirdparty / freeradius-server.git / commitdiff
