Upgrading to Version 3.0
========================

The configuration for 3.0 is *largely* compatible with the 2.x
configuration.  However, it is NOT possible to simply use the 2.x
configuration as-is.  Instead, you should re-create it.

Security
--------

A number of configuration items have moved into the "security"
subsection of radiusd.conf.  If you use these, you should move them.
Otherwise, they can be ignored.

The list of moved options is:

	   chroot
	   user
	   group
	   allow_core_dumps
	   reject_delay
	   status_server


Modules Directory
-----------------

  As of version 3.0, the "modules" directory no longer exists.

  Instead, all "example" modules have been put into the
"mods-available" directory.  Modules which can be loaded by the server
are placed in the "mods-enabled" directory.

  Modules can be enabled by creating a soft link.  For module "foo", do:

    $ cd raddb
    $ ln -s mods-available/foo mods-enabled/foo

  To create "local" versions of the modules, we suggest copying the
file instead.  This leaves the original file (with documentation) in
the "mods-available" directory.  Local changes should go into the
"mods-enabled" directory.


SQL
---

  The SQL configuration has been moved from sql.conf to mods-available/sql.
The sqlippool.conf file has also been moved.

  The SQL module configuration has been changed.  The old connection
pool options are no longer understood:

	num_sql_socks
	connect_failure_retry_delay
	lifetime
	max_queries

  Instead, a connection pool configuration is used.  This
configuration contains all of the functionality of the previous
configuration, but in a more generic form.  It also is used in
multiple modules, meaning that there are fewer different configuration
items.  The mapping between the configuration items is:

	num_sql_socks			-> pool { max }
	connect_failure_retry_delay	-> NOT SUPPORTED
	lifetime			-> pool { lifetime }
	max_queries			-> pool { uses }

  The pool configuration adds a number of new configuration options,
which allow the administrator to better control how FreeRADIUS uses
SQL connection pools.


EAP
---

  The EAP configuration has been moved from eap.conf to mods-available/eap.

  It is otherwise unchanged.  You chould be able to copy your old
eap.conf file directly to mods-enabled/eap.


RadSec
------

  RadSec (or RADIUS over TLS) is now supported.  RADIUS over bare TCP
is also supported, but is recommended only for secure networks.

  See sites-available/tls for complete details on using TLS.  The
server can both receive incoming TLS connections, and also originate
outgoing TLS connections.

  The TLS configuration is taken from the old EAP-TLS configuration.
It is largely identical to the old EAP-TLS configuration, so it should
be simple to use and configure.  It re-uses much of the EAP-TLS code,
too.