From: nolade Date: Thu, 13 Mar 2025 19:14:46 +0000 (-0400) Subject: Remove & from howto directory docs (manual change) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8edef1f0907ceff557a65fc80cf0b4c386b2a1d5;p=thirdparty%2Ffreeradius-server.git Remove & from howto directory docs (manual change) --- diff --git a/doc/antora/modules/howto/pages/eduroam_config.adoc b/doc/antora/modules/howto/pages/eduroam_config.adoc index 9cf7a38cf13..8ebd7790903 100644 --- a/doc/antora/modules/howto/pages/eduroam_config.adoc +++ b/doc/antora/modules/howto/pages/eduroam_config.adoc @@ -85,7 +85,7 @@ It does the following: #### ``sites-available/default`` ```text -# The domain users will add to their username to have their credentials +# The domain users will add to their username to have their credentials # routed to your institution. You will also need to register this # and your RADIUS server addresses with your NRO. operator_name = "" @@ -107,8 +107,8 @@ server eduroam { # Log requests before we change them linelog_recv_request - # split_username_nai is a policy in the default distribution to - # split a username into username and domain. We reject user-name + # split_username_nai is a policy in the default distribution to + # split a username into username and domain. We reject user-name # strings without domains, as they're not routable. split_username_nai if (noop || !Stripped-User-Domain) { @@ -118,15 +118,15 @@ server eduroam { # Send the request to the NRO for your region. # The details of the FLRs (Federation Level RADIUS servers) # are in proxy.conf. - # You can make this condition as complex as you like, to + # You can make this condition as complex as you like, to # include additional subdomains just concatenate the conditions # with &&. if (Stripped-User-Domain != "${operator_name}") { update { - control:Load-Balance-Key := &Calling-Station-ID + control:Load-Balance-Key := Calling-Station-ID control:Proxy-To-Realm := 'eduroam_flr' - - # Operator name (RFC 5580) identifies the network the + + # Operator name (RFC 5580) identifies the network the # request originated from. It's not absolutely necessary # but it helps with debugging. request:Operator-Name := "1${operator_name}" @@ -159,7 +159,7 @@ server eduroam { post-auth { # To implement eduroam you must: - # - Use wireless access points or a controller which supports + # - Use wireless access points or a controller which supports # dynamic VLAN assignments. # - Have that feature enabled. # - Have the guest_vlan/local_vlan available to the controller, @@ -180,7 +180,7 @@ server eduroam { } } - # We're sending a response to one of OUR network devices for one of + # We're sending a response to one of OUR network devices for one of # OUR users so provide it with the real user-identity. if (session-state:Stripped-User-Name) { update reply { @@ -237,7 +237,7 @@ eap { # If your AP drops packets towards the client, try reducing this. fragment_size = 1024 - # When issuing client certificates embed the OCSP URL in the + # When issuing client certificates embed the OCSP URL in the # certificate if you want to be able to revoke them later. ocsp { enable = yes @@ -404,7 +404,7 @@ client wireless_access_points_mgmt { # This should be long and random secret = -} +} ---- @@ -434,7 +434,7 @@ server eduroam-inner { } authorize { - # The outer username is considered garabage for autz purposes, but + # The outer username is considered garabage for autz purposes, but # the domain portion of the outer and inner identities must match. split_username_nai if (noop || (Stripped-User-Domain && \ @@ -457,28 +457,28 @@ server eduroam-inner { # THIS IS SITE SPECIFIC # - # The files module is *ONLY* used for testing. It lets you define + # The files module is *ONLY* used for testing. It lets you define # credentials in a flat file, IT WILL NOT SCALE. # - # - If you use OpenLDAP with salted password hashes you should + # - If you use OpenLDAP with salted password hashes you should # call the 'ldap' module here and use EAP-TTLS-PAP as your EAP method. - # - If you use OpenLDAP with cleartext passwords you should + # - If you use OpenLDAP with cleartext passwords you should # call the 'ldap' module here and use EAP-TTLS or PEAPv0. - # - If you use an SQL DB with salted password hashes you should call + # - If you use an SQL DB with salted password hashes you should call # the 'sql' module here and use EAP-TTLS-PAP as your EAP method. - # - If you use an SQL DB with cleartext passwords you should call + # - If you use an SQL DB with cleartext passwords you should call # the 'sql' module here and use EAP-TTLS or PEAPv0. - # - If you use Novell you should call the 'ldap' module here and + # - If you use Novell you should call the 'ldap' module here and # set ``edir = yes`` in ``mods-available/ldap`` and use EAP-TTLS or # PEAPv0. - # - If you use Active Directory, you don't need anything here (remove - # the call to files) but you'll need to follow this - # [guide](freeradius-active-directory-integration-howto) and use + # - If you use Active Directory, you don't need anything here (remove + # the call to files) but you'll need to follow this + # [guide](freeradius-active-directory-integration-howto) and use # EAP-TTLS-PAP or PEAPv0. # - If you're using EAP-TLS (i'm impressed!) remove the call to files. # - # EAP-TTLS-PAP and PEAPv0 are equally secure/insecure depending on how the - # supplicant is configured. PEAPv0 has a slight edge in that you need to + # EAP-TTLS-PAP and PEAPv0 are equally secure/insecure depending on how the + # supplicant is configured. PEAPv0 has a slight edge in that you need to # crack MSCHAPv2 to get the user's password (but this is not hard). files @@ -491,7 +491,7 @@ server eduroam-inner { mschap pap - # Comment pap above and uncomment the stanza below if you're using + # Comment pap above and uncomment the stanza below if you're using # Active Directory; this will allow it to work with EAP-TTLS/PAP. #Auth-Type pap { # ntlm_auth diff --git a/doc/antora/modules/howto/pages/installation/upgrade.adoc b/doc/antora/modules/howto/pages/installation/upgrade.adoc index 41cd6b48dac..2550ef86187 100644 --- a/doc/antora/modules/howto/pages/installation/upgrade.adoc +++ b/doc/antora/modules/howto/pages/installation/upgrade.adoc @@ -707,7 +707,7 @@ xref:reference:xlat/index.adoc[xlat] expansions have been changed from syntax li === Removed expansions -`%{integer:...}` has been removed. Just use a cast, such as `(integer) &Service-Type`. +`%{integer:...}` has been removed. Just use a cast, such as `(integer) Service-Type`. `%{expr:...}` has been removed. You can instead use in-place expressions, such as `%{1 + 2}` or `%{NAS-Port + 14}`. @@ -1085,7 +1085,7 @@ Dates and time attributes can be checked against date strings by casting them: ``` -if (&Date-attribute < (date) 'Aug 1 2023 01:02:03 UTC') { +if (Date-attribute < (date) 'Aug 1 2023 01:02:03 UTC') { ... } ``` diff --git a/doc/antora/modules/howto/pages/modules/chap/index.adoc b/doc/antora/modules/howto/pages/modules/chap/index.adoc index c59739ee6b7..29b26f21db0 100644 --- a/doc/antora/modules/howto/pages/modules/chap/index.adoc +++ b/doc/antora/modules/howto/pages/modules/chap/index.adoc @@ -77,7 +77,7 @@ containing `ERROR` or `WARNING`, or the `chap` module name. (0) User-Name = "bob" (0) CHAP-Password = 0x3549a4e40fc76e876499badf736712c951 ... -(0) chap - Creating &CHAP-Challenge from request authenticator +(0) chap - Creating CHAP-Challenge from request authenticator (0) chap - Setting control.Auth-Type = chap (0) chap (ok) ... diff --git a/doc/antora/modules/howto/pages/modules/eap/index.adoc b/doc/antora/modules/howto/pages/modules/eap/index.adoc index c4b37f94500..4e43d8de5c3 100644 --- a/doc/antora/modules/howto/pages/modules/eap/index.adoc +++ b/doc/antora/modules/howto/pages/modules/eap/index.adoc @@ -253,7 +253,7 @@ This version of PEAP is defined through the IETF internet draft "draft-josefsson _EAP-FAST (Flexible Authentication via Secure Tunneling)_ is a method designed by Cisco Systems to fix the weaknesses of LEAP. Use of server certificates is optional in EAP-FAST. EAP-FAST uses a Protected Access Credential (PAC). The PAC can be provisioned manually or dynamically in Phase 0 of EAP-FAST. EAP-FAST has three phases. Phase 0 is an optional phase. In Phase 1 the client and the AAA server uses the PAC to establish TLS tunnel. In Phase 2, the client sends user information across the tunnel. -Although Cisco advertises EAP-FAST as being much more secure than LEAP, it can still suffer from a poor implementation. EAP-MD5 & LEAP suffered from a weak user password, EAP-FAST can give up usernames and passwords in situations where Automatic PAC provisioning is enabled on the RADIUS server and the Wireless Client. +Although Cisco advertises EAP-FAST as being much more secure than LEAP, it can still suffer from a poor implementation. EAP-MD5 and LEAP suffered from a weak user password, EAP-FAST can give up usernames and passwords in situations where Automatic PAC provisioning is enabled on the RADIUS server and the Wireless Client. EAP-FAST is defined in IETF RFC 4851. Note that this is an Informational RFC. @@ -275,7 +275,7 @@ An Open Source audit tool is available at: https://github.com/ANSSI-FR/audit-radius -== FAQ & Examples +== FAQ and Examples How do i use it? diff --git a/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc b/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc index 121a1e9f15e..702cfb3acf8 100644 --- a/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc +++ b/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc @@ -43,7 +43,7 @@ On the FreeRADIUS debug terminal side, you should see something like: (0) ldap - Released connection (0) (0) ldap (updated) ... -(0) pap - No {...} in &Password.With-Header, re-writing to Password.Cleartext +(0) pap - No {...} in Password.With-Header, re-writing to Password.Cleartext (0) pap - Normalized control.Password.With-Header -> control.Password.Cleartext (0) pap - Removing control.Password.With-Header (0) pap - Setting control.Auth-Type = pap diff --git a/doc/antora/modules/howto/pages/modules/ldap_authentication_testing.adoc b/doc/antora/modules/howto/pages/modules/ldap_authentication_testing.adoc index 9439e88ebcd..9691f45e556 100644 --- a/doc/antora/modules/howto/pages/modules/ldap_authentication_testing.adoc +++ b/doc/antora/modules/howto/pages/modules/ldap_authentication_testing.adoc @@ -39,7 +39,7 @@ On the FreeRADIUS debug terminal side, you should see something like: (0) ldap - Released connection (0) (0) ldap (updated) ... -(0) pap - No {...} in &Password-With-Header, re-writing to Cleartext-Password +(0) pap - No {...} in Password-With-Header, re-writing to Cleartext-Password (0) pap - Normalized control:Password-With-Header -> control:Cleartext-Password (0) pap - Removing control:Password-With-Header (0) pap - Setting control:Auth-Type = pap diff --git a/doc/antora/modules/howto/pages/protocols/dhcp/policy_device_options.adoc b/doc/antora/modules/howto/pages/protocols/dhcp/policy_device_options.adoc index 08e3cfa9a9a..a5c95be57c7 100644 --- a/doc/antora/modules/howto/pages/protocols/dhcp/policy_device_options.adoc +++ b/doc/antora/modules/howto/pages/protocols/dhcp/policy_device_options.adoc @@ -78,7 +78,7 @@ above: [source,unlang] ---- -if (&DHCP-User-Class && "%{substring:&DHCP-User-Class 0 4}" == "iPXE") { +if (DHCP-User-Class && "%{substring:DHCP-User-Class 0 4}" == "iPXE") { update reply { DHCP-Boot-Filename := "http://my.web.server/boot_script.php" } @@ -96,7 +96,7 @@ provided that it matches the given format: [source,unlang] ---- -if (&DHCP-Client-Identifier && \ +if (DHCP-Client-Identifier && \ "%{string:DHCP-Client-Identifier}" =~ /^RAS([0-9])-site([A-Z])$/) { update reply { DHCP-Boot-Filename := "rasboot-%{1}-%{2}.kpxe" @@ -268,7 +268,7 @@ sample data you could invoke an SQL lookup as shown: update control { DHCP-SQL-Option-Context := "class-vendor" DHCP-SQL-Option-Identifier := \ - "%{substring:%{hex:&DHCP-Client-Hardware-Address} 0 6}" + "%{substring:%{hex:DHCP-Client-Hardware-Address} 0 6}" } dhcp_sql.authorize ---- diff --git a/doc/antora/modules/howto/pages/tuning/performance-testing.adoc b/doc/antora/modules/howto/pages/tuning/performance-testing.adoc index 7435c2874df..4f4809cff39 100644 --- a/doc/antora/modules/howto/pages/tuning/performance-testing.adoc +++ b/doc/antora/modules/howto/pages/tuning/performance-testing.adoc @@ -37,7 +37,7 @@ and passwords Output from the script will include several files: passwd : A standard passwd file you can append to /etc/passwd shadow : A standard shadow file you can append to /etc/shadow -passwd.nocrypt : A file with *unencrypted* users & passes in form "user:pass" +passwd.nocrypt : A file with *unencrypted* users and passes in form "user:pass" radius.test : File you'll use as input for radclient radius.users : A standard radius 'users' file diff --git a/doc/antora/modules/howto/pages/vendors/alcatel-lucent.adoc b/doc/antora/modules/howto/pages/vendors/alcatel-lucent.adoc index 468a35e48de..75fd49ee32c 100644 --- a/doc/antora/modules/howto/pages/vendors/alcatel-lucent.adoc +++ b/doc/antora/modules/howto/pages/vendors/alcatel-lucent.adoc @@ -148,7 +148,7 @@ You can get the values for the various commands/domains either via the CLI or by DOMAIN-SECURITY DOMAIN-POLICY DOMAIN-PHYSICAL DOMAIN-NETWORK DOMAIN-LAYER2 DOMAIN-ADMIN DNS DHCP-SERVER DEBUG CONFIG CHASSIS BRIDGE AVLAN ALL AIP AAA 802.1Q - (AAA & Configuration Mgr Command Set) + (AAA and Configuration Mgr Command Set) -> show aaa priv hexa ssh diff --git a/doc/antora/modules/howto/pages/vendors/cisco.adoc b/doc/antora/modules/howto/pages/vendors/cisco.adoc index a03972755c2..2201c95a070 100644 --- a/doc/antora/modules/howto/pages/vendors/cisco.adoc +++ b/doc/antora/modules/howto/pages/vendors/cisco.adoc @@ -9,7 +9,7 @@ options to make your Ciscos interoperate with radius as you would expect a well-behaved NAS to do. ## Shell Access -To use RADIUS to authenticate your inbound shell (telnet & ssh) connections you need to create an entry in your users file similar to the following +To use RADIUS to authenticate your inbound shell (telnet and ssh) connections you need to create an entry in your users file similar to the following youruser Cleartext-Password := "somepass" Service-Type = NAS-Prompt-User