X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=files%2Fetc%2Ffreeradius%2Fproxy.conf.restore;fp=files%2Fetc%2Ffreeradius%2Fproxy.conf.restore;h=0000000000000000000000000000000000000000;hb=4c2c39354418f98a029d6142525042e73a506484;hp=032b7a02ffac8944e4639956ea633d75890e9c58;hpb=8ca348a924a2c02487dc34ca16376d29ded5029d;p=carnet-upgrade.git

diff --git a/files/etc/freeradius/proxy.conf.restore b/files/etc/freeradius/proxy.conf.restore
deleted file mode 100644
index 032b7a0..0000000
--- a/files/etc/freeradius/proxy.conf.restore
+++ /dev/null
@@ -1,288 +0,0 @@
-#
-# proxy.conf - proxy radius and realm configuration directives
-#
-# This file is included by default.  To disable it, you will need
-# to modify the PROXY CONFIGURATION section of "radiusd.conf".
-#
-#######################################################################
-#
-#  Proxy server configuration
-#
-#  This entry controls the servers behaviour towards ALL other servers
-#  to which it sends proxy requests.
-#
-proxy server {
-
-#
-#  If the NAS re-sends the request to us, we can immediately re-send
-#  the proxy request to the end server.  To do so, use 'yes' here.
-#
-#  If this is set to 'no', then we send the retries on our own schedule,
-#  and ignore any duplicate NAS requests.
-#
-#  If you want to have the server send proxy retries ONLY when the NAS
-#  sends it's retries to the server, then set this to 'yes', and
-#  set the other proxy configuration parameters to 0 (zero).
-#
-#  Additionally, if you want 'failover' to work, the server must manage
-#  retries and timeouts.  Therefore, if this is set to yes, then no
-#  failover functionality is possible.
-#
-	synchronous = no
-
-#
-#  The time (in seconds) to wait for a response from the proxy, before
-#  re-sending the proxied request.
-#
-#  If this time is set too high, then the NAS may re-send the request,
-#  or it may give up entirely, and reject the user.
-#
-#  If it is set too low, then the RADIUS server which receives the proxy
-#  request will get kicked unnecessarily.
-#
-	retry_delay = 5
-
-#
-#  The number of retries to send before giving up, and sending a reject
-#  message to the NAS.
-#
-	retry_count = 3
-
-#
-#  If the home server does not respond to any of the multiple retries,
-#  then FreeRADIUS will stop sending it proxy requests, and mark it 'dead'.
-#
-#  If there are multiple entries configured for this realm, then the
-#  server will fail-over to the next one listed.  If no more are listed,
-#  then no requests will be proxied to that realm.
-#
-#
-#  After a configurable 'dead_time', in seconds, FreeRADIUS will
-#  speculatively mark the home server active, and start sending requests
-#  to it again.
-#
-#  If this dead time is set too low, then you will lose requests,
-#  as FreeRADIUS will quickly switch back to the home server, even if
-#  it isn't up again.
-#
-#  If this dead time is set too high, then FreeRADIUS may take too long
-#  to switch back to the primary home server.
-#
-#  Realistic values for this number are in the range of minutes to hours.
-#  (60 to 3600)
-#
-	dead_time = 120
-
-#  An ldflag attribute for all realms to be included in a round-robin 
-#  setup must be specified, and that ldflag must be the same for all
-#  realms of the same name.
-#  Currently (0 or fail_over) and (1 or round_robin) are the 
-#  supported values for ldflag.  Fail over is the default setup.
-#
-#  DO NOT INCLUDE LOCAL AUTH/ACCT HOST REALMS IN A ROUND-ROBIN QUEUE.
-
-
-#
-#  If all exact matching realms did not respond, we can try the
-#  DEFAULT realm, too.  This is what the server normally does.
-#
-#  This behaviour may be undesired for some cases.  e.g. You are proxying
-#  for two different ISP's, and then act as a general dial-up for Gric.
-#  If one of the first two ISP's has their RADIUS server go down, you do
-#  NOT want to proxy those requests to GRIC.  Instead, you probably want
-#  to just drop the requests on the floor.  In that case, set this value
-#  to 'no'.
-#
-#  allowed values: {yes, no}
-#
-	default_fallback = yes
-
-#
-#  Older versions of the server would pass proxy requests through the
-#  'authorize' sections twice; once when the packet was received
-#  from the NAS, and again after the reply was received from the home
-#  server.  Now that we have a 'post_proxy' section, the replies from
-#  the home server should be sent through that, instead of through
-#  the 'authorize' section again.
-#
-#  However, for backwards compatibility, this behaviour is configurable.
-#  The default configuration is 'no', because this option is deprecated
-#  and will be removed in the future.
-#
-#  allowed values: {yes, no}
-#
-	post_proxy_authorize = no
-
-}
-
-#######################################################################
-#
-#  Configuration for the proxy realms.
-#
-#  The information given here is used in conjunction with the 'realms'
-#  file.  This format is preferred, as it is more flexible.  The realms
-#  listed here take priority over those listed in the 'realms' file.
-
-#  A standard realm entry. A request from "user@company.com" will be
-#  sent to radius.company.com as "user", unless the 'nostrip'
-#  configuration item is specified.  If the 'nostrip' configuration
-#  item is specified, then the request will be proxied as
-#  "user@company.com"
-#
-#realm company.com {
-#	type		= radius
-#	authhost	= radius.company.com:1600
-#	accthost	= radius.company.com:1601
-#	secret		= testing123
-#}
-
-#  A realm entry with an optional fail-over realm.  A request from
-#  "user@isp2.com" will be sent to radius.isp2.com as "user@isp2.com",
-#  because the 'nostrip' directive is specified for this realm.
-#
-#realm isp2.com {
-#	type        = radius
-#	authhost    = radius.isp2.com:1645
-#	accthost    = radius.isp2.com:1646
-#	secret      = TheirKey
-#	nostrip
-#}
-#
-#  The fail-over realm for isp2.com
-#
-#realm isp2.com {
-#	type        = radius
-#	authhost    = radius2.isp2.com:1645
-#	accthost    = radius2.isp2.com:1646
-#	secret      = TheirKey2
-#	nostrip
-#}
-
-#
-#  1st node serv.com...set up for round-robin.
-#
-#  The load balancing 'ldflag' attribute can be used to perform
-#  load balancing.  Allowed values are 'fail_over' and 'round_robin'.
-#
-#  If there is no ldflag attribute, or it is set to 'fail_over', then
-#  the realms are treated as "fail-over".  That is, the first matching
-#  realm is used, unless it is down, in which case the realm "fails
-#  over" to the second matching realm.  The process continues until an
-#  active matching realm is found, OR the DEFAULT realm is returned.
-#
-#  If the ldflag attribute is set to 'round_robin', then all active
-#  realms of the same name are put into a pool internally in the
-#  server, and the proxied requests are evenly divided among the
-#  realms in the pool.  For this to work, all realms of the same name
-#  MUST have the same value of their 'ldflag' attributes.  Mixing up
-#  different types of load balancing schemes for the same realm will
-#  cause problems.
-#
-#  The round_robin load balancing method is a probabilistic method
-#  which evenly scatters the requests among the home servers.
-#
-#  Note that you CANNOT include local auth/acct host realms in a
-#  round-robin queue.  Having a server load balance requests to itself
-#  doesn't make any sense, as it only doubles the amount of work
-#  which is needed to be done.
-#
-#realm serv.com {
-#	type        = radius
-#	authhost    = radius.serv.com:1645
-#	accthost    = radius.serv.com:1646
-#	secret      = TheirKey
-#	ldflag      = round_robin
-#	nostrip
-#}
-
-#
-#  Another node for serv.com
-#
-#realm serv.com {
-#	type        = radius
-#	authhost    = radius2.serv.com:1645
-#	accthost    = radius2.serv.com:1646
-#	secret      = TheirKey2
-#	ldflag	    = round_robin
-#	nostrip
-#}
-
-#
-#  A third round-robin node realm for serv.com
-#
-#realm serv.com {
-#	type        = radius
-#	authhost    = radius3.serv.com:1645
-#	accthost    = radius3.serv.com:1646
-#	secret      = TheirKey2
-#	ldflag      = round_robin
-#	nostrip
-#}
-#
-#
-
-#
-#  This is a local realm.  The requests are NOT proxied,
-#  but instead are authenticated by the RADIUS server itself.
-#
-#  You don't need a secret if BOTH 'authhost' and 'accthost' are
-#  set to LOCAL.
-#
-#realm bla.com {
-#	type		= radius
-#	authhost	= LOCAL
-#	accthost	= LOCAL
-#}
-
-#
-#  This is a sample entry for iPass.
-#
-#realm IPASS {
-#	type		= radius
-#	authhost	= ipass.server.hostname:11812
-#	accthost	= ipass.server.hostname:11813
-#
-	#  The shared secret here must be the same
-	#  value as the secret of the NetServer found in the
-	#  /usr/ipass/raddb/clients file of your NetServer software.
-#	secret		= mysecret
-#	nostrip
-#}
-
-#
-#  This realm is used mainly to cancel proxying.  You can have
-#  the "realm suffix" module configured to proxy all requests for
-#  a realm, and then later cancel the proxying, based on other
-#  configuration.
-#
-#  For example, you want to terminate PEAP or EAP-TTLS locally,
-#  you can add the following to the "users" file:
-#
-#  DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL
-#
-realm LOCAL {
-	type		= radius
-	authhost	= LOCAL
-	accthost	= LOCAL
-}
-
-#
-#  This realm is for requests which don't have an explicit realm
-#  prefix or suffix.  User names like "bob" will match this one.
-#
-#realm NULL {
-#	type		= radius
-#	authhost	= radius.company.com:1600
-#	accthost	= radius.company.com:1601
-#	secret		= testing123
-#}
-
-#
-#  This realm is for ALL OTHER requests.
-#
-#realm DEFAULT {
-#	type		= radius
-#	authhost	= radius.company.com:1600
-#	accthost	= radius.company.com:1601
-#	secret		= testing123
-#}