From: Alan T. DeKok Date: Tue, 27 Aug 2024 19:49:11 +0000 (-0400) Subject: and raddb too X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2dad60511fd65563c5a33e234745b99dc8d7c4ef;p=thirdparty%2Ffreeradius-server.git and raddb too --- diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap index ddd7a539e08..2b5bf4bf71d 100644 --- a/raddb/mods-available/eap +++ b/raddb/mods-available/eap @@ -11,10 +11,10 @@ # # [WARNING] # ==== -# Whatever you do, do NOT set 'Auth-Type := EAP'. The server is smart enough +# Whatever you do, do NOT set 'Auth-Type := ::EAP'. The server is smart enough # to figure this out on its own. # -# The most common side effect of setting 'Auth-Type := EAP' is that the users +# The most common side effect of setting 'Auth-Type := ::EAP' is that the users # then cannot use ANY other authentication method. # ==== # diff --git a/raddb/mods-available/ldap b/raddb/mods-available/ldap index 8d074c3b178..0f3ccbcbd12 100644 --- a/raddb/mods-available/ldap +++ b/raddb/mods-available/ldap @@ -231,7 +231,7 @@ ldap { # ---- # ldap # if ((ok || updated) && &User-Password) { - # &control.Auth-Type := ldap + # &control.Auth-Type := ::ldap # } # ---- # ==== diff --git a/raddb/mods-config/files/authorize b/raddb/mods-config/files/authorize index 5573dc3218c..a1a9a65b4fc 100644 --- a/raddb/mods-config/files/authorize +++ b/raddb/mods-config/files/authorize @@ -39,7 +39,7 @@ # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # -#lameuser Auth-Type := Reject +#lameuser Auth-Type := ::Reject # Reply-Message = "Your account has been disabled." # @@ -48,7 +48,7 @@ # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # -#DEFAULT Group == "disabled", Auth-Type := Reject +#DEFAULT Group == "disabled", Auth-Type := ::Reject # Reply-Message = "Your account has been disabled." # diff --git a/raddb/sites-available/challenge b/raddb/sites-available/challenge index b60171fca5b..7f9f56718b6 100644 --- a/raddb/sites-available/challenge +++ b/raddb/sites-available/challenge @@ -35,7 +35,7 @@ recv Access-Request { # the user. # if (!&State) { - &control.Auth-Type := Step1 + &control.Auth-Type := ::Step1 &control.Password.Cleartext := "hello" } else { @@ -44,7 +44,7 @@ recv Access-Request { # Set the "known good" password to the number # saved in the session-state list. # - &control.Auth-Type := Step2 + &control.Auth-Type := ::Step2 &control.Password.Cleartext := &session-state.challenge-string } } diff --git a/raddb/sites-available/check-eap-tls b/raddb/sites-available/check-eap-tls index e2ef87e1be4..3b8e2acb134 100644 --- a/raddb/sites-available/check-eap-tls +++ b/raddb/sites-available/check-eap-tls @@ -37,7 +37,7 @@ server check-eap-tls { # # Authorize - this is the only section required. # -# To accept the access request, set Auth-Type = Accept, otherwise +# To accept the access request, set Auth-Type = ::Accept, otherwise # set it to Reject. recv Access-Request { @@ -45,17 +45,17 @@ recv Access-Request { # # By default, we just accept the request: # - &control.Auth-Type := Accept + &control.Auth-Type := ::Accept # # Check the client certificate matches a string, and reject otherwise # # if ("%{session-state.TLS-Client-Cert-Common-Name}" == 'client.example.com') { -# &control.Auth-Type := Accept +# &control.Auth-Type := ::Accept # } # else { -# &control.Auth-Type := Reject +# &control.Auth-Type := ::Reject # &reply.Reply-Message := "Your certificate is not valid." # } @@ -64,10 +64,10 @@ recv Access-Request { # Check the client certificate common name against the supplied User-Name # # if (&User-Name == "host/%{session-state.TLS-Client-Cert-Common-Name}") { -# &control.Auth-Type := Accept +# &control.Auth-Type := ::Accept # } # else { -# &control.Auth-Type := Reject +# &control.Auth-Type := ::Reject # } @@ -97,7 +97,7 @@ recv Access-Request { # # if (!(Ldap-Group == "Permitted-Laptops")) { -# &control.Auth-Type := Reject +# &control.Auth-Type := ::Reject # } # or, to be more specific, you could use the group's full DN: diff --git a/raddb/sites-available/default b/raddb/sites-available/default index cf9be0e41b4..0cf75248678 100644 --- a/raddb/sites-available/default +++ b/raddb/sites-available/default @@ -751,7 +751,7 @@ recv Access-Request { # auth_log # - # The `chap` module will set `Auth-Type := CHAP` if the + # The `chap` module will set `Auth-Type := ::CHAP` if the # packet contains a `CHAP-Challenge` attribute. The module # does this only if the `Auth-Type` attribute has not already # been set. @@ -759,7 +759,7 @@ recv Access-Request { chap # - # The `mschap` module will set `Auth-Type := mschap` if the + # The `mschap` module will set `Auth-Type := ::mschap` if the # packet contains an `MS-CHAP-Challenge` attribute. The # module does this only if the `Auth-Type` attribute has not # already been set. @@ -868,7 +868,7 @@ recv Access-Request { expiration # - # The `pap` module will set `Auth-Type := PAP` if the + # The `pap` module will set `Auth-Type := ::PAP` if the # packet contains a `User-Password` attribute. The module # does this only if the `Auth-Type` attribute has not already # been set. @@ -921,11 +921,11 @@ recv Status-Server { # authentication method will work, but all of the others will not. # # The common reasons to set the `Auth-Type` attribute by hand are -# to forcibly reject the user (`Auth-Type := Reject`), to or -# forcibly accept the user (`Auth-Type := Accept`), or for +# to forcibly reject the user (`Auth-Type := ::Reject`), to or +# forcibly accept the user (`Auth-Type := ::Accept`), or for # proxying. # -# Note that `Auth-Type := Accept` will NOT work with EAP. The EAP +# Note that `Auth-Type := ::Accept` will NOT work with EAP. The EAP # authentication protocol uses a series of handshake messages. All # of the messages must be exchanged correctly in order for EAP # authentication to succeed. Bypassing that process with `Auth-Type diff --git a/raddb/sites-available/inner-tunnel b/raddb/sites-available/inner-tunnel index f380eeaa2d4..a586c423be0 100644 --- a/raddb/sites-available/inner-tunnel +++ b/raddb/sites-available/inner-tunnel @@ -76,14 +76,14 @@ recv Access-Request { filter_inner_identity # - # The chap module will set 'Auth-Type := CHAP' if we are + # The chap module will set 'Auth-Type := ::CHAP' if we are # handling a CHAP request and Auth-Type has not already been set chap # # If the users are logging in with an MS-CHAP-Challenge # attribute for authentication, the mschap module will find - # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' + # the MS-CHAP-Challenge attribute, and add 'Auth-Type := ::MS-CHAP' # to the request, which will cause the server to then use # the mschap module for authentication. mschap @@ -160,7 +160,7 @@ recv Access-Request { # This section lists which modules are available for authentication. # Note that it does NOT mean 'try each module in order'. It means # that a module from the 'authorize' section adds a configuration -# attribute 'Auth-Type := FOO'. That authentication type is then +# attribute 'Auth-Type := ::FOO'. That authentication type is then # used to pick the appropriate module from the list below. #