Note changes for 3.0

diff --git a/raddb/README b/raddb/README
new file mode 100644 (file)
index 0000000..b13033b
--- /dev/null
+++ b/raddb/README
@@ -0,0 +1,98 @@
+Upgrading to Version 3.0
+========================
+
+The configuration for 3.0 is *largely* compatible with the 2.x
+configuration.  However, it is NOT possible to simply use the 2.x
+configuration as-is.  Instead, you should re-create it.
+
+Security
+--------
+
+A number of configuration items have moved into the "security"
+subsection of radiusd.conf.  If you use these, you should move them.
+Otherwise, they can be ignored.
+
+The list of moved options is:
+
+          chroot
+          user
+          group
+          allow_core_dumps
+          reject_delay
+          status_server
+
+
+Modules Directory
+-----------------
+
+  As of version 3.0, the "modules" directory no longer exists.
+
+  Instead, all "example" modules have been put into the
+"mods-available" directory.  Modules which can be loaded by the server
+are placed in the "mods-enabled" directory.
+
+  Modules can be enabled by creating a soft link.  For module "foo", do:
+
+    $ cd raddb
+    $ ln -s mods-available/foo mods-enabled/foo
+
+  To create "local" versions of the modules, we suggest copying the
+file instead.  This leaves the original file (with documentation) in
+the "mods-available" directory.  Local changes should go into the
+"mods-enabled" directory.
+
+
+SQL
+---
+
+  The SQL configuration has been moved from sql.conf to mods-available/sql.
+The sqlippool.conf file has also been moved.
+
+  The SQL module configuration has been changed.  The old connection
+pool options are no longer understood:
+
+       num_sql_socks
+       connect_failure_retry_delay
+       lifetime
+       max_queries
+
+  Instead, a connection pool configuration is used.  This
+configuration contains all of the functionality of the previous
+configuration, but in a more generic form.  It also is used in
+multiple modules, meaning that there are fewer different configuration
+items.  The mapping between the configuration items is:
+
+       num_sql_socks                   -> pool { max }
+       connect_failure_retry_delay     -> NOT SUPPORTED
+       lifetime                        -> pool { lifetime }
+       max_queries                     -> pool { uses }
+
+  The pool configuration adds a number of new configuration options,
+which allow the administrator to better control how FreeRADIUS uses
+SQL connection pools.
+
+
+EAP
+---
+
+  The EAP configuration has been moved from eap.conf to mods-available/eap.
+
+  It is otherwise unchanged.  You chould be able to copy your old
+eap.conf file directly to mods-enabled/eap.
+
+
+RadSec
+------
+
+  RadSec (or RADIUS over TLS) is now supported.  RADIUS over bare TCP
+is also supported, but is recommended only for secure networks.
+
+  See sites-available/tls for complete details on using TLS.  The
+server can both receive incoming TLS connections, and also originate
+outgoing TLS connections.
+
+  The TLS configuration is taken from the old EAP-TLS configuration.
+It is largely identical to the old EAP-TLS configuration, so it should
+be simple to use and configure.  It re-uses much of the EAP-TLS code,
+too.
+