Total Pageviews

Sunday, 5 August 2018

FreeRADIUS server

FreeRADIUS - A multi-protocol policy server.
Travis CI build status Coverity Status

Introduction

The FreeRADIUS Server Project is a high performance and highly configurable multi-protocol policy server, supporting RADIUS, DHCPv4 and VMPS. It is available under the terms of the GNU GPLv2. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the number of changes that have to be done when adding or deleting new users to a network.
FreeRADIUS can authenticate users on systems such as 802.1x (WiFi), dialup, PPPoE, VPN's, VoIP, and many others. It supports back-end databases such as MySQL, PostgreSQL, Oracle, Microsoft Active Directory, Apache Cassandra, Redis, OpenLDAP, and many more. It is used daily to authenticate the Internet access for hundreds of millions of people, in sites ranging from 10 to 10 million+ users.

Upgrading

Version 4.0.x of the server is largely compatible with version 3.0.x, but be sure to address any warnings when starting v3.0.x before attempting to use en existing configuration with v4.0.x.
For a list of changes in version 4.0, please see doc/ChangeLog
See raddb/README.md for information on what to do to update your configuration.
Administrators upgrading from a previous version should install this version in a different location from their existing systems. Any existing configuration should be carefully migrated to the new version, in order to take advantage of the new features which can greatly simply configuration.
Please see https://freeradius.org and https://wiki.freeradius.org for more information.

Installation

To install the server, please see the INSTALL.md file in this directory.

Configuring the server

We understand that the server may be difficult to configure, install, or administer. It is, after all, a complex system with many different configuration possibilities.
The most common problem is that people change large amounts of the configuration without understanding what they're doing, and without testing their changes. The preferred method of operation is the following:
  1. Start off with the default configuration files.
  2. Save a copy of the default configuration: It WORKS. Don't change it!
  3. Verify that the server starts - in debugging mode (radiusd -X).
  4. Send it test packets using "radclient", or a NAS or AP.
  5. Verify that the server does what you expect
    • If it does not work, change the configuration, and go to step (3)
    • If you're stuck, revert to using the "last working" configuration.
    • If it works, proceed to step (6).
  6. Save a copy of the working configuration, along with a note of what you changed, and why.
  7. Make a SMALL change to the configuration.
  8. Repeat from step (3).
This method will ensure that you have a working configuration that is customized to your site as quickly as possible. While it may seem frustrating to proceed via a series of small steps, the alternative will always take more time. The "fast and loose" way will be MORE frustrating than quickly making forward progress!

Debugging the Server

Run the server in debugging mode, (radiusd -X) and READ the output. We cannot emphasize this point strongly enough. The vast majority of problems can be solved by carefully reading the debugging output, which includes WARNINGs about common issues, and suggestions for how they may be fixed.
Many questions are answered on the Wiki:
https://wiki.freeradius.org
Read the configuration files. Many parts of the server are documented only with extensive comments in the configuration files.
Search the mailing lists. For example, using Google, searching "site:lists.freeradius.org " will return results from the FreeRADIUS mailing lists.
https://freeradius.org/support/

from  https://github.com/FreeRADIUS/freeradius-server

No comments:

Post a Comment

Note: only a member of this blog may post a comment.