Freeradius.inc file changes
-
Hi,
Just posting this here so I don't lose what I did again; doing an upgrade of pfSense wipes out the changes to the freeradius.inc file so I keep having to do this, and I lost what I did last time.
Modified freeradius_clients_resync function:
Basically add the $varclientipsubnet variable so that netmask lines are configured from the GUI when clients with /24 are input.
function freeradius_clients_resync() { global $config; $conf = ''; $arrclients = $config['installedpackages']['freeradiusclients']['config']; if (is_array($arrclients) && !empty($arrclients)) { foreach ($arrclients as $item) { $varclientip = $item['varclientip']; $varclientipsubnet = ''; $varclientipissubnet = strpos($varclientip, '/'); if ($varclientipissubnet > 0) { $varclientipsubnet = substr($varclientip, (strlen($varclientip) - $varclientipissubnet - 1) * -1); $varclientip = substr($varclientip, 0, $varclientipissubnet); $varclientipsubnet = 'netmask = ' . $varclientipsubnet; } $varclientsharedsecret = $item['varclientsharedsecret']; $varclientipversion = $item['varclientipversion']; $varclientshortname = $item['varclientshortname']; $varclientproto = $item['varclientproto']; $varrequiremessageauthenticator = $item['varrequiremessageauthenticator']; $varclientnastype = $item['varclientnastype']; $varclientmaxconnections = $item['varclientmaxconnections']; $varclientlogininput = ($item['varclientlogininput']?$item['varclientlogininput']:'### login = !root ###'); $varclientpasswordinput = ($item['varclientpasswordinput']?$item['varclientpasswordinput']:'### password = someadminpass ###'); if ($item['varclientlogininput'] == '') { $varclientlogin = '### login = !root ###'; } else { $varclientlogin = "login = $varclientlogininput"; } if ($item['varclientpasswordinput'] == '') { $varclientpassword = '### password = someadminpass ###'; } else { $varclientpassword = "password = $varclientpasswordinput"; } $conf .= << <eod<br>client "$varclientshortname" { $varclientipversion = $varclientip $varclientipsubnet proto = $varclientproto secret = $varclientsharedsecret require_message_authenticator = $varrequiremessageauthenticator max_connections = $varclientmaxconnections shortname = $varclientshortname nastype = $varclientnastype $varclientlogin $varclientpassword } EOD; } } else { $conf .= <<<eod<br>client pfsense { ipaddr = 127.0.0.1 secret = pfsense shortname = pfsense } EOD; } conf_mount_rw(); file_put_contents(FREERADIUS_ETC . '/raddb/clients.conf', $conf); conf_mount_ro(); freeradius_sync_on_changes(); restart_service("radiusd"); }</eod<br></eod<br>Also uncomment the below two lines:
#proxy_requests = yes #\$INCLUDE proxy.confIf whoever maintains this file finds this post, it would be useful if these could be incorporated in future releases, thanks.
Regards,
Rob. -
Disclaimer: I have not thought for a moment about FreeRadius and what the actual changes are here.
Principle: This is an Open Source project. The project code is on GitHub https://github.com/pfsense/pfsense and https://github.com/pfsense/pfsense-packages
If you are into gory backend code and OS patches, there is also pfsense-tools for which there is an extra hoop to jump for access.
It is very easy to create a GitHub account if you do not already have one. Then for small things you do not need to install Git on your own device, just use the GitHub web interface. Drill down to the file in question, click the pencil to edit, make your changes, put a decent title and description of what and why it is "a good thing", save, press the button to make a pull request.Those in charge of reviewing will be nice to you on your first try (I hope)