1. INTRODUCTION
The FreeRADIUS Server Project is a high performance and highly
-configurable GPL'd free RADIUS server. It is stable, and is currently
-being used in many deployments with millions of users.
+configurable RADIUS server that is available under the terms of the
+GNU GPLv2. Using RADIUS allows authentication and authorization for a
+network to be centralized, and minimizes the number of changes that
+have to be done when adding or deleting new users to a network.
+
+ FreeRADIUS can authenticate users on systems such as 802.1x (WiFi),
+dialup, PPPoE, VPN's, VoIP, and many others. It supports back-end
+databases such as MySQL, PostgreSQL, Oracle, Microsoft Active
+Directory, OpenLDAP, and many more. It is used daily to authenticate
+the Internet access for hundreds of millions of people, in sites
+ranging from 10 users, to 10 million and more users.
+
+ Version 2.0 of the server is intended to be backwards compatible
+with previous versions, but also to have many new features, such as:
+
+ * simple policy language (see "man unlang")
+ * virtual servers (raddb/sites-available/README)
+ * IPv6 support
+ * better proxy support (raddb/proxy.conf)
+ * More EAP types
+ * Debugging output should be MUCH easier to understand
+ * VMPS support
+ * More modules are marked "stable" (python, etc.)
+ * SQL configuration has been cleaned up (see raddb/sql/*)
+ * limited support for HUP
+ * check configuration and exit (radiusd -C)
+ * Server core is now event based (simpler, more powerful)
+
+ Administrators upgrading from a previous version should install this
+version in a different location from their existing systems. Any
+existing configuration should be carefully migrated to the new
+version, in order to take advantage of the new features which can
+greatly simply configuration.
+
+ While every attempt has been made to ensure that this version is
+backwards compatible with previous versions, there may be cases where
+it is not backwards compatible. In most cases, incompatibilities are
+a side-effect of fixing bugs, or of adding new features. Some
+configuration differences are noted below:
+
+ * The recommended format for clients has changed. See "clients.conf".
+ The old format should still work, but should be changed to use the
+ new format.
+
+ * The recommended formant for realms has changed. See "proxy.conf"
+ The old format should still work, but should be changed to use the
+ new format. In addition, the new format has much more flexibility.
+
+ * Any configuration using TTLS or PEAP should be updated to use
+ virtual servers. See "virtual_server" in "eap.conf", and
+ "raddb/sites-available/inner-tunnel". In most cases, using an
+ "inner-tunnel" virtual server will make the configuration MUCH
+ simpler.
+
+ * A number of deprecated command-line options have been removed.
+ (-y -z -A -l -g) See "man radiusd". These configurations can be
+ controlled in "radiusd.conf", so it is not necessary to have them
+ as command-line options.
+
+ Please see http://freeradius.org and http://wiki.freeradius.org for
+more information.
- Please see the main web page (http://www.freeradius.org) for more
-information.
2. INSTALLATION
To install the server, please see the INSTALL file in this
directory.
- Version 1.1.4 contains a few key improvements over previous
-versions. The most important is the addition of the
-Cleartext-Password attribute. Using this attribute can make your
-configuration MUCH simpler, and MUCH easier to understand. Please
-read "man rlm_pap" for more details.
-
- New users of FreeRADIUS should prefer using Cleartext-Password over
-User-Password. That is, if the documentation or a web page says to
-configure User-Password in a database or server configuration file,
-the documentation is likely out of date, and you should use
-User-Password instead.
-
- The main differences between 1.1.3 and 1.1.4 are significantly
-improved functionality in rlm_pap. The module is MUCH smarter, which
-means that many previous complicated configurations are now almost
-trivial to do. Please read "man rlm_pap" for details.
-
- The differences between 1.0.x and 1.1.0 are documented in the file
-doc/ChangeLog. What these differences mean for an administrator
-upgrading from 1.0.x are as follows:
-
- * You MUST use the new dictionaries. This is NOT done by default,
- because you may have edited the installed version of /etc/raddb/dictionary.
- If you have not edited /etc/raddb/dictionary, then you can make
- the server use the new dictionaries by copying the
- raddb/dictionary file from this directory to /etc/raddb. Without
- this change, the server WILL NOT WORK PROPERLY.
-
- * Sites using SQL for logging should look into using the new
- rlm_sql_log module. See it's "man" page for details.
-
- * Sites using rlm_x99_token will have to update their configuration
- to use rlm_otp.
3. DEBUGGING THE SERVER
Run the server in debugging mode, (radiusd -X) and READ the output.
-We really can't emphasize this enough.
+We cannot emphasize this point strongly enough. The vast majority of
+problems can be solved by carefully reading the debugging output,
+which includes WARNINGs about common issues, and suggestions for how
+they may be fixed.
- Read the FAQ. Many questions are answered there.
+ Read the FAQ. Many questions are answered there. See the Wiki
+
+ http://wiki.freeradius.org
Read the configuration files. Many parts of the server have NO
documentation, other than comments in the configuration file.
discussions about common problems and solution.
- See the Wiki
-
- http://wiki.freeradius.org
-
4. ADDITIONAL INFORMATION
See 'doc/README' for more information about FreeRADIUS.
- There is now an O'Reilly book available, which we recommend for
-people new to RADIUS. It covers an earlier version of the server, but
-much of the information is applicable to this version also.
+ There is an O'Reilly book available. It serves as a good
+introduction for anyone new to RADIUS. However, it is almost 5 years
+old, and is not much more than a basic introduction to the subject.
http://www.amazon.com/exec/obidos/ASIN/0596003226/freeradiusorg-20/
- It contains information about RADIUS in general, and FreeRADIUS in
-particular.
-
-
For other RADIUS information, the Livington internet site had a lot
-of information on radius online. Unfortunately Livingston, and the
-site, don't exist anymore but there's a copy of the site still at:
+of information about radius online. Unfortunately Livingston, and the
+site, don't exist anymore but there is a copy of the site still at:
http://portmasters.com/www.livingston.com/
- Especially worth a read is the "RADIUS for Unix administrators guide"
+ Especially worth reading is the "RADIUS for Unix administrators guide"
HTML: http://portmasters.com/tech/docs/radius/1185title.html
PDF: http://portmasters.com/tech/docs/pdf/radius.pdf
We understand that the server may be difficult to configure,
install, or administer. It is, after all, a complex system with many
-different configuration possibilities. If you have any comments, bug
-reports, problems, or concerns, please send them to the
-'freeradius-users' list (see the URL above). We will do our best to
-answer your questions, to fix the problems, and to generally improve
-the server in any way we can.
-
- What you should NOT do is complain that the developers aren't
-answering your questions quickly enough, or fixing the problems
-quickly enough, or that they're being mean for telling you to do some
-work yourself. FreeRADIUS is the cumulative effort of many years of
-work by many people, and you've gotten it for free. No one gets paid
-to work on FreeRADIUS, and no one is getting paid to answer your
-questions. This is free software, and the only way it gets better is
-if you contribute work back to the project.
-
- We will note that the people who complain the loudest about the
-developers being mean usually can't program, can't write
-documentation, won't pay others to do that work, demand that their
-every desire be satisifed immediately by the developers for free, and
-worst of all, don't understand why their attitude is unproductive.
-They seem to believe that because they've received something (the
-server) for free, that they have every right to demand more free
-support and development from the list. That's simply not true.
-
- So please submit bug reports, suggestions, or patches. That
-feedback gives the developers a guide as to where they should focus
-their work. If you like the server, feel free to mail the list and
-say so.
+different configuration possibilities.
+
+ The most common problem is that people change large amounts of the
+configuration without understanding what they're doing, and without
+testing their changes. The preferred method of operation is the
+following:
+
+ 1) Start off with the default configuration files.
+ 2) Save a copy of the default configuration: It WORKS. Don't change it!
+ 3) Verify that the server starts. (You ARE using debugging mode, right?)
+ 4) Send it test packets using "radclient", or a NAS or AP.
+ 5) Verify that the server does what you expect.
+ a) If it does not work, change the configuration, and go to step (3)
+ If you're stuck, revert to using the "last working" configuration.
+ b) If it works, proceed to step (6).
+ 6) Save a copy of the working configuration, along with a note
+ of what you changed, and why.
+ 7) Make a SMALL change to the configuration.
+ 8) Repeat from step (3).
+
+ This method will ensure that you have a working configuration that
+is customized to your site as quickly as possible. While it may seem
+frustrating to proceed via a series of small steps, the alternative
+will always take more time. The "fast and loose" way will be MORE
+frustrating than quickly making forward progress!
+
+
+6. FEEDBACK
+
+ If you have any comments, bug reports, problems, or concerns, please
+send them to the 'freeradius-users' list (see the URL above). We will
+do our best to answer your questions, to fix the problems, and to
+generally improve the server in any way we can.
+
+ Please do NOT complain that the developers aren't answering your
+questions quickly enough, or aren't fixing the problems quickly
+enough. Please do NOT complain if you're told to go read
+documentation. We recognize that the documentation isn't perfect, but
+it *does* exist, and reading it can solve most common questions.
+
+ FreeRADIUS is the cumulative effort of many years of work by many
+people, and you've gotten it for free. No one gets paid to work on
+FreeRADIUS, and no one is getting paid to answer your questions. This
+is free software, and the only way it gets better is if you make a
+contribution back to the project ($$, code, or documentation).
+
+ We will note that the people who get most upset about any answers to
+their questions usually do not have any intention of contributing to
+the project. We will repeat the comments above: no one is getting
+paid to answer your questions or to fix your bugs. If you don't like
+the responses you are getting, then fix the bug yourself, or pay
+someone to address your concerns. Either way, make sure that any fix
+is contributed back to the project so that no one else runs into the
+same issue.
+
+ Support is available. See the "support" link at the top of the main
+web page:
+
+ http://freeradius.org
+
+ Please submit bug reports, suggestions, or patches. That feedback
+gives the developers a guide as to where they should focus their work.
+If you like the server, feel free to mail the list and say so.
projects / freeradius.git / blobdiff