diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | radsecproxy.c | 4 | ||||
-rw-r--r-- | radsecproxy.conf-example | 20 | ||||
-rw-r--r-- | radsecproxy.conf.5 | 2 |
6 files changed, 30 insertions, 9 deletions
@@ -17,3 +17,10 @@ Supports multiple client blocks for same source address with different certificate checks Removed weekday from log timestamps +2008-07-24 1.1 + Logging stationid attribute + Added LoopPrevention option + Failover also without status-server + Options for RetryCount and RetryInterval + Working accounting and AccountingResponse option + CRL checking and option for enabling it @@ -1,4 +1,4 @@ -This is radsecproxy 1.1-beta. +This is radsecproxy 1.1 radsecproxy is a generic RADIUS proxy that can support various RADIUS clients over UDP or TLS (RadSec). @@ -37,4 +37,4 @@ let me know if you feel left out. For more information, feedback etc. please see the information at http://software.uninett.no/radsecproxy/ -Stig Venaas <venaas@uninett.no> -- 2008.05.14 +Stig Venaas <venaas@uninett.no> -- 2008.07.24 diff --git a/configure.ac b/configure.ac index 2812d67..e9b3b0d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT(radsecproxy, 1.1-beta, venaas@uninett.no) +AC_INIT(radsecproxy, 1.1, venaas@uninett.no) AM_INIT_AUTOMAKE AC_PROG_CC AM_PROG_CC_C_O diff --git a/radsecproxy.c b/radsecproxy.c index e837e49..935b192 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -3216,7 +3216,7 @@ void getargs(int argc, char **argv, uint8_t *foreground, uint8_t *pretend, uint8 *pretend = 1; break; case 'v': - debugx(0, DBG_ERR, "radsecproxy 1.1-beta"); + debugx(0, DBG_ERR, "radsecproxy 1.1"); default: goto usage; } @@ -3301,7 +3301,7 @@ int main(int argc, char **argv) { if (!foreground && (daemon(0, 0) < 0)) debugx(1, DBG_ERR, "daemon() failed: %s", strerror(errno)); - debug(DBG_INFO, "radsecproxy 1.1-beta starting"); + debug(DBG_INFO, "radsecproxy 1.1 starting"); sigemptyset(&sigset); /* exit on all but SIGPIPE, ignore more? */ diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index 4a0457c..f88bfad 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -1,4 +1,4 @@ -#Master config file, must be in /etc/radsecproxy or proxy's current directory +#Master config file, must be in /etc/radsecproxy or specified with -c option # All possible config options are listed below # First you may define any global options, these are: @@ -9,6 +9,12 @@ #listenUDP localhost #listenTCP 10.10.10.10:2084 #ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084 +# To listen to the default or other Accounting port for UDP you need e.g. +#ListenAccountingUDP *:1813 + +# To specify a certain address/port for UDP/TLS requests you can use e.g. +#SourceUDP 127.0.0.1:33000 +#SourceTCP *:33001 # Optional log level. 3 is default, 1 is less, 4 is more #LogLevel 3 #Optional LogDestinatinon, else stderr used for logging @@ -20,6 +26,9 @@ #LogDestination x-syslog:/// #LogDestination x-syslog:///log_local2 +#There is an option for doing some simple loop prevention +#LoopPrevention on + #If we have TLS clients or servers we must define at least one tls block. #You can name them whatever you like and then reference them by name when #specifying clients or servers later. There are however three special names @@ -40,6 +49,8 @@ tls default { CertificateKeyFile /etc/hostcertkey/host.example.com.key.pem # Optionally specify password if key is encrypted (not very secure) CertificateKeyPassword "follow the white rabbit" + # Optionally enable CRL checking + # CRLCheck on } #If you want one cert for all clients and another for all servers, use @@ -85,6 +96,8 @@ server 127.0.0.1 { } realm eduroam.cc { server 127.0.0.1 +# If also want to use this server for accounting, specify +# accountingServer 127.0.0.1 } server 2001:db8::1 { @@ -110,12 +123,13 @@ realm /@example\.com$ { } # One can define a realm without servers, the proxy will then reject # and requests matching this. Optionally one can specify ReplyMessage -# attribute to be included in the reject message. -# +# attribute to be included in the reject message. One can also use +# AccountingResponse option to specify that the proxy should send such. realm /\.com$ { } realm /^anonymous$ { replymessage "No Access" +# AccountingResponse On } # The realm below is equivalent to /.* realm * { diff --git a/radsecproxy.conf.5 b/radsecproxy.conf.5 index 6d538da..4d95717 100644 --- a/radsecproxy.conf.5 +++ b/radsecproxy.conf.5 @@ -1,4 +1,4 @@ -.TH radsecproxy.conf 5 "14 May 2008" +.TH radsecproxy.conf 5 "23 July 2008" .SH "NAME" radsecproxy.conf - Radsec proxy configuration file |