7 # On a fresh install, add the necessary user and group.
8 if ! id freerad >/dev/null 2>&1; then
9 addgroup --system freerad || true
10 groups freerad 2>/dev/null || adduser --system --no-create-home --home /etc/freeradius --ingroup freerad --disabled-password freerad
12 # Put user freerad in group shadow, so the daemon can auth
13 # locally. Only do this on fresh install as the admin may not
14 # want freerad in shadow group if authenticating by another
16 adduser freerad shadow
19 # Changed in 1.1.5-1 for new installs (we used to start at S50
20 # and stop at K50) We now start at S50 and stop at K19 so we
21 # start after services which may be used and stop before them.
22 update-rc.d freeradius start 50 2 3 4 5 . stop 19 0 1 6 . >/dev/null
24 # Set up initial permissions on all the FreeRADIUS directories.
25 if [ ! -d /var/log/freeradius ]; then
26 mkdir -p /var/log/freeradius
29 if [ ! -f /var/log/freeradius/radius.log ]; then
30 touch /var/log/freeradius/radius.log
33 if [ ! -f /var/log/freeradius/radwtmp ]; then
34 touch /var/log/freeradius/radwtmp
37 if [ ! -d /var/run/freeradius ]; then
38 mkdir /var/run/freeradius
41 chown -R freerad:freerad /var/log/freeradius
42 chown -R freerad:freerad /var/run/freeradius
43 chgrp -R freerad /etc/freeradius
44 find /etc/freeradius -type d -print0 | xargs -0 chmod 2750
45 find /etc/freeradius -type f -print0 | xargs -0 chmod 0640
47 # Relax permissions on local dictionary: it should not contain
48 # secrets, and this allows to run radclient with a non-privileged
49 # user. At any rate, only do it on fresh install.
50 chmod 2751 /etc/freeradius
51 chmod 0644 /etc/freeradius/dictionary
53 # Create default certificates to enable the EAP modules (tls, ttls,
54 # and peap) when the server starts for the first time.
55 # Comment the last line when building a package without OpenSSL for
57 chmod 0750 /etc/freeradius/certs/bootstrap
58 /etc/freeradius/certs/bootstrap
70 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
71 invoke-rc.d freeradius $action || true
73 /etc/init.d/freeradius $action
79 if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
80 invoke-rc.d freeradius start || true
82 /etc/init.d/freeradius start