is simpler and safer to migrate your configurations.
If you are upgrading an existing installation, please be aware that
-at least one default virtual server MUST be used. If you are
-upgrading from a previous version of FreeRADIUS, this change can be
-done by editing radiusd.conf, and wrapping all of the authorize,
+at least one default virtual server SHOULD be used. If you don't need
+virtual servers, your configuration can remain mostly unchanged.
+
+ If you do need virtual servers, we recommend creating a default one
+by editing radiusd.conf, and wrapping all of the authorize,
authenticate, etc. sections in one server block, as follows:
...
} # matching line to add
...
- If this change is not made, the server WILL NOT START. It will
-instead complain about "no server defined".
-
- See "raddb/sites-available/default" for an example of how this
-should be done.
-
4. CUSTOM INSTALLATION
and MAY install the configuration files. If you have not installed a
RADIUS server before, then the configuration files for FreeRADIUS will
be installed. If you already have a RADIUS server installed, then
-FreeRADIUS WILL NOT over-write your current configuration. The "make
-install" process will warn you about the files it could not install.
+
+ ** FreeRADIUS WILL NOT over-write your current configuration. **
+
+ The "make install" process will warn you about the files it could
+not install.
If you DO see a warning message about files that could not be
installed, the it is YOUR RESPONSIBILITY to ensure that the new server
The FreeRADIUS Server Project is a high performance and highly
configurable RADIUS server that is available under the terms of the
GNU GPLv2. Using RADIUS allows authentication and authorization for a
-network to be centralized, and minimizes the amount of
-re-configuration which has to be done when adding or deleting new
-users.
+network to be centralized, and minimizes the number of changes that
+have to be done when adding ordeleting new users.
FreeRADIUS can authenticate users on systems such as 802.1x (WiFi),
dialup, PPPoE, VPN's, VoIP, and many others. It supports back-end
Version 2.0 of the server is similar in many respects to previous
versions. It also contains many new features, such as "virtual
-server" support, and a simple policy language ("man unlang").
-Administrators upgrading from a previous version should install this
-version in a different location from their existing systems. They
-should then migrate their current configuration to the new server,
-being careful to take advantage of the new features which can greatly
-simply the servers configuration.
+server" support (raddb/sites-available/README), and a simple policy
+language ("man unlang"). Administrators upgrading from a previous
+version should install this version in a different location from their
+existing systems. They should then migrate their current
+configuration to the new server, being careful to take advantage of
+the new features which can greatly simply the servers configuration.
Please see the web page http://www.freeradius.org for more
-information.
+information. The wiki (http://wiki.freeradius.org) also contains a
+large amount of documentation that addresses common scenarios.
+
2. INSTALLATION
To install the server, please see the INSTALL file in this
directory.
+
3. DEBUGGING THE SERVER
Run the server in debugging mode, (radiusd -X) and READ the output.
-We really can't emphasize this enough. The vast majority of problems
-can be solved by carefully reading the debugging output, which
-includes WARNINGs about common issues, and suggestions for how they
-may be fixed.
+We cannot emphasize this point strongly enough. The vast majority of
+problems can be solved by carefully reading the debugging output,
+which includes WARNINGs about common issues, and suggestions for how
+they may be fixed.
Read the FAQ. Many questions are answered there. See the Wiki
See 'doc/README' for more information about FreeRADIUS.
There is an O'Reilly book available, which we recommend for people
-new to RADIUS. It is almost 5 years old, however, and does not serve
-as much more than a basic introduction to the subject matter.
+new to RADIUS. It is almost 5 years old, however, and is not much
+more than a basic introduction to the subject.
http://www.amazon.com/exec/obidos/ASIN/0596003226/freeradiusorg-20/
For other RADIUS information, the Livington internet site had a lot
of information on radius online. Unfortunately Livingston, and the
-site, don't exist anymore but there's a copy of the site still at:
+site, don't exist anymore but there is a copy of the site still at:
http://portmasters.com/www.livingston.com/
We understand that the server may be difficult to configure,
install, or administer. It is, after all, a complex system with many
-different configuration possibilities. If you have any comments, bug
-reports, problems, or concerns, please send them to the
-'freeradius-users' list (see the URL above). We will do our best to
-answer your questions, to fix the problems, and to generally improve
-the server in any way we can.
+different configuration possibilities.
+
+ The most common problem is that people change large amounts of the
+configuration without understanding what they're doing, and without
+testing their changes. The preferred method of operation is the
+following:
+
+ 1) Start off with the default configuration files.
+ 2) Save a copy of the default configuration: It WORKS everywhere.
+ 3) Verify that the server starts. (You ARE using debugging mode, right?)
+ 4) Send it test packets using "radclient", or a NAS or AP.
+ 5) Verify that the server does what you expect.
+ a) If it does not work, change the configuration, and go to step (3)
+ If you're stuck, revert to using the "last working" configuration.
+ b) If it works, proceed to step (6).
+ 6) Save a copy of the working configuration, along with a note
+ of what you changed, and why.
+ 7) Make a SMALL change to the configuration.
+ 8) Repeat from step (3).
+
+ This method will ensure that you have a working configuration that
+is customized to your site as quickly as possible. While it may seem
+frustrating to proceed via a series of small steps, the alternative is
+worse.
+
+
+6. FEEDBACK
+
+ If you have any comments, bug reports, problems, or concerns, please
+send them to the 'freeradius-users' list (see the URL above). We will
+do our best to answer your questions, to fix the problems, and to
+generally improve the server in any way we can.
What you should NOT do is complain that the developers aren't
answering your questions quickly enough, or fixing the problems