mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-04-28 00:51:44 +02:00
148 lines
4.3 KiB
Diff
148 lines
4.3 KiB
Diff
--- a/raddb/mods-available/cui
|
|
+++ b/raddb/mods-available/cui
|
|
@@ -29,7 +29,7 @@
|
|
driver = "rlm_sql_${dialect}"
|
|
|
|
sqlite {
|
|
- filename = ${radacctdir}/cui.sqlite
|
|
+ filename = ${db_dir}/cui.sqlite
|
|
bootstrap = ${modconfdir}/${..:name}/cui/sqlite/schema.sql
|
|
}
|
|
|
|
--- a/raddb/mods-available/eap
|
|
+++ b/raddb/mods-available/eap
|
|
@@ -504,20 +504,15 @@
|
|
# state and the cached VPs. This will persist session
|
|
# across server restarts.
|
|
#
|
|
- # The default directory is ${logdir}, for historical
|
|
- # reasons. You should ${db_dir} instead. And check
|
|
- # the value of db_dir in the main radiusd.conf file.
|
|
- # It should not point to ${raddb}
|
|
- #
|
|
# The server will need write perms, and the directory
|
|
# should be secured from anyone else. You might want
|
|
# a script to remove old files from here periodically:
|
|
#
|
|
- # find ${logdir}/tlscache -mtime +2 -exec rm -f {} \;
|
|
+ # find ${cachedir}/tlscache -mtime +2 -exec rm -f {} \;
|
|
#
|
|
# This feature REQUIRES "name" option be set above.
|
|
#
|
|
- # persist_dir = "${logdir}/tlscache"
|
|
+ # persist_dir = "${cachedir}/tlscache"
|
|
|
|
#
|
|
# As of 3.0.20, it is possible to partially
|
|
@@ -586,7 +581,7 @@
|
|
# deleted by the server when the command
|
|
# returns.
|
|
#
|
|
- # client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
|
|
+ # client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
|
|
}
|
|
|
|
# OCSP Configuration
|
|
--- a/raddb/mods-available/sql
|
|
+++ b/raddb/mods-available/sql
|
|
@@ -70,7 +70,7 @@
|
|
#
|
|
sqlite {
|
|
# Path to the sqlite database
|
|
- filename = "/tmp/freeradius.db"
|
|
+ filename = "${db_dir}/freeradius.db"
|
|
|
|
# How long to wait for write locks on the database to be
|
|
# released (in ms) before giving up.
|
|
@@ -85,7 +85,7 @@
|
|
mysql {
|
|
# If any of the files below are set, TLS encryption is enabled
|
|
tls {
|
|
- ca_file = "/etc/ssl/certs/my_ca.crt"
|
|
+ ca_file = "/etc/ssl/certs/ca-certificates.crt"
|
|
ca_path = "/etc/ssl/certs/"
|
|
certificate_file = "/etc/ssl/certs/private/client.crt"
|
|
private_key_file = "/etc/ssl/certs/private/client.key"
|
|
--- a/raddb/radiusd.conf.in
|
|
+++ b/raddb/radiusd.conf.in
|
|
@@ -98,10 +98,10 @@
|
|
modconfdir = ${confdir}/mods-config
|
|
certdir = ${confdir}/certs
|
|
cadir = ${confdir}/certs
|
|
-run_dir = ${localstatedir}/run/${name}
|
|
+run_dir = /run/${name}
|
|
|
|
-# Should likely be ${localstatedir}/lib/radiusd
|
|
-db_dir = ${raddbdir}
|
|
+db_dir = ${localstatedir}/lib/radiusd
|
|
+cachedir = ${localstatedir}/cache/radiusd
|
|
|
|
#
|
|
# libdir: Where to find the rlm_* modules.
|
|
@@ -137,18 +137,7 @@
|
|
#
|
|
libdir = @libdir@
|
|
|
|
-# pidfile: Where to place the PID of the RADIUS server.
|
|
#
|
|
-# The server may be signalled while it's running by using this
|
|
-# file.
|
|
-#
|
|
-# This file is written when ONLY running in daemon mode.
|
|
-#
|
|
-# e.g.: kill -HUP `cat /var/run/radiusd/radiusd.pid`
|
|
-#
|
|
-pidfile = ${run_dir}/${name}.pid
|
|
-
|
|
-#
|
|
# correct_escapes: use correct backslash escaping
|
|
#
|
|
# Prior to version 3.0.5, the handling of backslashes was a little
|
|
@@ -501,8 +490,8 @@
|
|
# member. This can allow for some finer-grained access
|
|
# controls.
|
|
#
|
|
-# user = radius
|
|
-# group = radius
|
|
+ user = radius
|
|
+ group = radius
|
|
|
|
# Core dumps are a bad thing. This should only be set to
|
|
# 'yes' if you're debugging a problem with the server.
|
|
--- a/raddb/sites-available/abfab-tls
|
|
+++ b/raddb/sites-available/abfab-tls
|
|
@@ -25,7 +25,7 @@
|
|
enable = no
|
|
lifetime = 24 # hours
|
|
name = "abfab-tls"
|
|
-# persist_dir = ${logdir}/abfab-tls
|
|
+# persist_dir = ${cachedir}/abfab-tls
|
|
}
|
|
|
|
require_client_cert = yes
|
|
@@ -64,7 +64,7 @@
|
|
enable = no
|
|
lifetime = 24 # hours
|
|
name = "abfab-tls"
|
|
- # persist_dir = ${logdir}/abfab-tls
|
|
+ # persist_dir = ${cachedir}/abfab-tls
|
|
}
|
|
require_client_cert = yes
|
|
verify {
|
|
--- a/raddb/sites-available/tls
|
|
+++ b/raddb/sites-available/tls
|
|
@@ -316,11 +316,11 @@
|
|
# should be secured from anyone else. You might want
|
|
# a script to remove old files from here periodically:
|
|
#
|
|
- # find ${logdir}/tlscache -mtime +2 -exec rm -f {} \;
|
|
+ # find ${cachedir}/tlscache -mtime +2 -exec rm -f {} \;
|
|
#
|
|
# This feature REQUIRES "name" option be set above.
|
|
#
|
|
- #persist_dir = "${logdir}/tlscache"
|
|
+ #persist_dir = "${cachedir}/tlscache"
|
|
}
|
|
|
|
#
|