1 Upgrading to Version 3.0
2 ========================
4 The configuration for 3.0 is *largely* compatible with the 2.x
5 configuration. However, it is NOT possible to simply use the 2.x
6 configuration as-is. Instead, you should re-create it.
11 A number of configuration items have moved into the "security"
12 subsection of radiusd.conf. If you use these, you should move them.
13 Otherwise, they can be ignored.
15 The list of moved options is:
28 As of version 3.0, the "modules" directory no longer exists.
30 Instead, all "example" modules have been put into the
31 "mods-available" directory. Modules which can be loaded by the server
32 are placed in the "mods-enabled" directory.
34 Modules can be enabled by creating a soft link. For module "foo", do:
37 $ ln -s mods-available/foo mods-enabled/foo
39 To create "local" versions of the modules, we suggest copying the
40 file instead. This leaves the original file (with documentation) in
41 the "mods-available" directory. Local changes should go into the
42 "mods-enabled" directory.
48 The SQL configuration has been moved from sql.conf to mods-available/sql.
49 The sqlippool.conf file has also been moved.
51 The SQL module configuration has been changed. The old connection
52 pool options are no longer understood:
55 connect_failure_retry_delay
59 Instead, a connection pool configuration is used. This
60 configuration contains all of the functionality of the previous
61 configuration, but in a more generic form. It also is used in
62 multiple modules, meaning that there are fewer different configuration
63 items. The mapping between the configuration items is:
65 num_sql_socks -> pool { max }
66 connect_failure_retry_delay -> NOT SUPPORTED
67 lifetime -> pool { lifetime }
68 max_queries -> pool { uses }
70 The pool configuration adds a number of new configuration options,
71 which allow the administrator to better control how FreeRADIUS uses
78 The EAP configuration has been moved from eap.conf to mods-available/eap.
80 It is otherwise unchanged. You chould be able to copy your old
81 eap.conf file directly to mods-enabled/eap.
87 RadSec (or RADIUS over TLS) is now supported. RADIUS over bare TCP
88 is also supported, but is recommended only for secure networks.
90 See sites-available/tls for complete details on using TLS. The
91 server can both receive incoming TLS connections, and also originate
92 outgoing TLS connections.
94 The TLS configuration is taken from the old EAP-TLS configuration.
95 It is largely identical to the old EAP-TLS configuration, so it should
96 be simple to use and configure. It re-uses much of the EAP-TLS code,