8 # Changed in 1.1.5-1 for new installs (we used to start at S50
9 # and stop at K50) We now start at S50 and stop at K19 so we
10 # start after services which may be used and stop before them.
11 update-rc.d freeradius start 50 2 3 4 5 . stop 19 0 1 6 . >/dev/null
13 # Set up initial permissions on all the freeradius directories
15 if ! dpkg-statoverride --list | grep -q /var/run/freeradius$; then
16 dpkg-statoverride --add --update freerad freerad 0755 /var/run/freeradius
19 if ! dpkg-statoverride --list | grep -q /var/log/freeradius$; then
20 dpkg-statoverride --add --update freerad freerad 0750 /var/log/freeradius
23 for file in radius.log radwtmp; do
24 [ ! -f "/var/log/freeradius/${file}" ] && install -o freerad -g freerad -m 644 /dev/null /var/log/freeradius/${file}
27 for file in /etc/freeradius/preproxy_users \
28 /etc/freeradius/experimental.conf \
29 /etc/freeradius/huntgroups \
30 /etc/freeradius/proxy.conf \
31 /etc/freeradius/attrs.pre-proxy \
32 /etc/freeradius/hints \
33 /etc/freeradius/attrs \
34 /etc/freeradius/policy.txt \
35 /etc/freeradius/attrs.accounting_response \
36 /etc/freeradius/attrs.access_reject \
37 /etc/freeradius/attrs.access_challenge \
38 /etc/freeradius/clients.conf \
39 /etc/freeradius/acct_users
41 if ! dpkg-statoverride --list | grep -qw $file$; then
42 dpkg-statoverride --add --update root freerad 0640 $file
46 for dir in /etc/freeradius/certs/ \
47 /etc/freeradius/sites-available/ \
48 /etc/freeradius/sites-enabled/ \
49 /etc/freeradius/policy.d/
51 if ! dpkg-statoverride --list | grep -qw $dir$; then
52 dpkg-statoverride --add --update freerad freerad 2751 $dir
61 # Create links for default sites, but only if this is an initial
62 # install or an upgrade from before there were links; users may
63 # want to remove them...
64 if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.0.4+dfsg-4; then
65 for site in default inner-tunnel; do
66 if [ ! -e /etc/freeradius/sites-enabled/$site ]; then
67 ln -s ../sites-available/$site /etc/freeradius/sites-enabled/$site
72 # Create stub SSL certificate file that became necessary in 2.1.8,
73 # with analogous disclaimers, because the admin may yet choose to
74 # switch to /usr/share/doc/freeradius/examples/certs/ stuff.
75 if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.1.8+dfsg-1; then
76 if egrep -q '^[ ]*\$INCLUDE eap.conf' /etc/freeradius/radiusd.conf && \
77 egrep -q '^[ ]*certdir = \${confdir}/certs' /etc/freeradius/modules/eap && \
78 egrep -q '^[ ]*cadir = \${confdir}/certs' /etc/freeradius/modules/eap
80 echo "Updating default SSL certificate settings, if any..." >&2
81 test -d /etc/freeradius/certs || mkdir /etc/freeradius/certs
82 if test ! -e /etc/ssl/certs/ssl-cert-snakeoil.pem || \
83 test ! -e /etc/ssl/private/ssl-cert-snakeoil.key
85 make-ssl-cert generate-default-snakeoil
87 if egrep -q '^[ ]*certificate_file = \${certdir}/server.pem' /etc/freeradius/modules/eap && \
88 test ! -f /etc/freeradius/certs/server.pem
91 ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/freeradius/certs/server.pem
93 if egrep -q '^[ ]*private_key_file = \${certdir}/server.pem' /etc/freeradius/modules/eap && \
94 [ "$serverpem" = "wasnotthere" ]
96 ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/freeradius/certs/server.key
97 sed -i -e 's,^\([ ]*private_key_file = \${certdir}\)/server.pem$,\1/server.key,' /etc/freeradius/modules/eap
98 if getent group ssl-cert >/dev/null; then
99 # freeradius-common dependency also provides us with adduser
100 adduser --quiet freerad ssl-cert
103 if egrep -q '^[ ]*CA_file = \${cadir}/ca.pem' /etc/freeradius/modules/eap && \
104 test ! -f /etc/freeradius/certs/ca.pem
106 ln -s /etc/ssl/certs/ca.pem /etc/freeradius/certs/ca.pem
108 if egrep -q '^[ ]*random_file = \${certdir}/random' /etc/freeradius/modules/eap && \
109 test ! -f /etc/freeradius/certs/random
111 ln -s /dev/urandom /etc/freeradius/certs/random
113 if egrep -q '^[ ]*dh_file = \${certdir}/dh' /etc/freeradius/modules/eap && \
114 test ! -f /etc/freeradius/certs/dh
116 # ssl-cert dependency also provides us with openssl
117 openssl dhparam -out /etc/freeradius/certs/dh 1024
122 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
123 invoke-rc.d freeradius $action || true
125 /etc/init.d/freeradius $action
129 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
130 invoke-rc.d freeradius restart || true
132 /etc/init.d/freeradius restart
136 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
137 invoke-rc.d freeradius start || true
139 /etc/init.d/freeradius start