diff options
author | Simo Sorce <ssorce@redhat.com> | 2007-12-11 14:19:10 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2007-12-11 14:19:10 -0500 |
commit | 5215b21ea404f2370bfdd4a2e452577e065a718c (patch) | |
tree | 8893bdeebf94979c66febd0d1f84fde9d311ed4e /ipa-server/ipa-install/share/radius.radiusd.conf.template | |
parent | 4f0b2154146cc3ed3b32b34713089323d96c1c74 (diff) | |
parent | 01131e2a37a9aec197b4e286e0559165d403fe73 (diff) | |
download | freeipa.git-5215b21ea404f2370bfdd4a2e452577e065a718c.tar.gz freeipa.git-5215b21ea404f2370bfdd4a2e452577e065a718c.tar.xz freeipa.git-5215b21ea404f2370bfdd4a2e452577e065a718c.zip |
merge with upstream
Diffstat (limited to 'ipa-server/ipa-install/share/radius.radiusd.conf.template')
-rw-r--r-- | ipa-server/ipa-install/share/radius.radiusd.conf.template | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/ipa-server/ipa-install/share/radius.radiusd.conf.template b/ipa-server/ipa-install/share/radius.radiusd.conf.template index d0310548..3bc4927d 100644 --- a/ipa-server/ipa-install/share/radius.radiusd.conf.template +++ b/ipa-server/ipa-install/share/radius.radiusd.conf.template @@ -57,9 +57,6 @@ thread pool { max_requests_per_server = 0 } modules { - pap { - auto_header = yes - } chap { authtype = CHAP } @@ -85,13 +82,19 @@ $$INCLUDE $${confdir}/eap.conf filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" start_tls = no - access_attr = "$ACCESS_ATTRIBUTE" + profile_attribute = "radiusProfileDn" + default_profile = "uid=ipa_default,cn=profiles,cn=radius,cn=services,cn=etc,$SUFFIX + # FIXME: we'll want to toggle the access_attr feature on/off, + # but it needs a control, so disable it for now. + #access_attr = "$ACCESS_ATTRIBUTE" + #access_attr_used_for_allow = "$ACCESS_ATTRIBUTE_DEFAULT" dictionary_mapping = $${raddbdir}/ldap.attrmap ldap_connections_number = 5 edir_account_policy_check=no timeout = 4 timelimit = 3 net_timeout = 1 + clients_basedn = "$CLIENTS_BASEDN" } realm IPASS { format = prefix @@ -229,6 +232,10 @@ $$INCLUDE $${confdir}/eap.conf override = no maximum-timeout = 0 } + krb5 { + keytab = "$RADIUS_KEYTAB" + service_principal = "$RADIUS_PRINCIPAL" + } } instantiate { exec @@ -242,20 +249,18 @@ authorize { eap #files ldap - pap } authenticate { - Auth-Type PAP { - pap - } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } - unix eap + Auth-Type Kerberos { + krb5 + } } preacct { preprocess |