--- /dev/null
+
+Please note that the radiusd does run as user 'radiusd' and
+group 'radiusd' per default after installation.
+(/etc/raddb/radiusd.conf)
+This was done because of security reasons and is possible with many
+authentication types (users, LDAP, SQL ...)
+
+If you would like to use unix (shadow) authentication (Auth-Type = System)
+or PAM (Auth-Type = Pam) you have to change the values to run the daemon
+as user/group root:
+
+user = root
+group = root
+
--- /dev/null
+Alias /radius/ /usr/share/dialup_admin/htdocs/
+<Directory /usr/share/dialup_admin/htdocs/>
+ Options None
+ order deny,allow
+ deny from all
+ allow from 127.0.0.1
+</Directory>
+
+# RECOMMENDED
+# For SSL-servers and user authentication
+#<Directory /usr/share/dialup_admin/htdocs/>
+# Options None
+# SSLRequireSSL
+# order deny,allow
+# deny from all
+# AuthType Basic
+# AuthUserFile /site/cfg/passwd
+# AuthGroupFile /site/cfg/group
+# AuthName "Radius"
+# require group radius
+# Satisfy Any
+#</Directory>
+
--- /dev/null
+--- dialup_admin/bin/clean_radacct
++++ dialup_admin/bin/clean_radacct
+@@ -6,7 +6,7 @@
+ #
+ use POSIX;
+
+-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
+ $back_days = 35;
+
+
+--- dialup_admin/bin/dialup_admin.cron
++++ dialup_admin/bin/dialup_admin.cron
+@@ -1,4 +1,4 @@
+-1 0 * * * /usr/local/dialup_admin/bin/tot_stats >/dev/null 2>&1
+-5 0 * * * /usr/local/dialup_admin/bin/monthly_tot_stats >/dev/null 2>&1
+-10 0 1 * * /usr/local/dialup_admin/bin/truncate_radacct >/dev/null 2>&1
+-15 0 1 * * /usr/local/dialup_admin/bin/clean_radacct >/dev/null 2>&1
++1 0 * * * /usr/share/dialup_admin/bin/tot_stats >/dev/null 2>&1
++5 0 * * * /usr/share/dialup_admin/bin/monthly_tot_stats >/dev/null 2>&1
++10 0 1 * * /usr/share/dialup_admin/bin/truncate_radacct >/dev/null 2>&1
++15 0 1 * * /usr/share/dialup_admin/bin/clean_radacct >/dev/null 2>&1
+--- dialup_admin/bin/log_badlogins
++++ dialup_admin/bin/log_badlogins
+@@ -17,7 +17,7 @@
+ $|=1;
+
+ $file=shift||'none';
+-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
+ $all_file=shift||'no';
+ #
+ # Uncomment to force inserts even if there are sql errors. That can
+--- dialup_admin/bin/monthly_tot_stats
++++ dialup_admin/bin/monthly_tot_stats
+@@ -8,7 +8,7 @@
+ # Works only with mysql and postgresql
+ #
+
+-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
+
+
+ open CONF, "<$conf"
+--- dialup_admin/bin/showmodem
++++ dialup_admin/bin/showmodem
+@@ -7,7 +7,7 @@
+ $comm=shift || "public";
+ $type=shift|| "xml";
+
+-$conf='/usr/local/dialup_admin/conf/admin.conf';
++$conf='/usr/share/dialup_admin/conf/admin.conf';
+ open CONF, "<$conf"
+ or die "Could not open configuration file\n";
+ while(<CONF>){
+--- dialup_admin/bin/snmpfinger
++++ dialup_admin/bin/snmpfinger
+@@ -6,7 +6,7 @@
+ $comm=shift || 'public';
+ $type=shift || 'cisco';
+
+-$conf='/usr/local/dialup_admin/conf/admin.conf';
++$conf='/usr/share/dialup_admin/conf/admin.conf';
+ open CONF, "<$conf"
+ or die "Could not open configuration file\n";
+ while(<CONF>){
+--- dialup_admin/bin/tot_stats
++++ dialup_admin/bin/tot_stats
+@@ -7,7 +7,7 @@
+ # Works with mysql and postgresql
+ #
+
+-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
+
+
+ open CONF, "<$conf"
+--- dialup_admin/bin/truncate_radacct
++++ dialup_admin/bin/truncate_radacct
+@@ -6,7 +6,7 @@
+ #
+ use POSIX;
+
+-$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
++$conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
+ $back_days = 90;
+
+
+--- dialup_admin/conf/admin.conf
++++ dialup_admin/conf/admin.conf
+@@ -19,11 +19,11 @@
+ #
+ # The directory where dialupadmin is installed
+ #
+-general_base_dir: /usr/local/dialup_admin
++general_base_dir: /usr/share/dialup_admin
+ #
+ # The base directory of the freeradius radius installation
+ #
+-general_radiusd_base_dir: /usr/local/radiusd
++general_radiusd_base_dir: /
+ general_domain: company.com
+ #
+ # Set it to yes to use sessions and cache the various mappings
+@@ -66,8 +66,8 @@
+ general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb
+ general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap
+ # Need to fix admin.conf file parser
+-#general_clients_conf: %{general_raddb_dir}/clients.conf
+-general_clients_conf: /usr/local/etc/raddb/clients.conf
++general_clients_conf: %{general_raddb_dir}/clients.conf
++#general_clients_conf: /usr/local/etc/raddb/clients.conf
+ general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap
+ general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs
+ general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap
+@@ -235,19 +235,19 @@
+ # This variable is used by the scripts in the bin folder
+ # It should contain the path to the sql binary used to run
+ # sql commands (mysql and psql are only supported for now)
+-sql_command: /usr/local/bin/mysql
++sql_command: /usr/bin/mysql
+ #
+ # This variable is used by the scripts in the bin folder
+ # It should contain the snmp type and path to the binary
+ # used to run snmp commands.
+ # (ucd = UCD-Snmp and net = Net-Snmp are only supported for now)
+ general_snmp_type: net
+-general_snmpwalk_command: /usr/local/bin/snmpwalk
+-general_snmpget_command: /usr/local/bin/snmpget
++general_snmpwalk_command: /usr/bin/snmpwalk
++general_snmpget_command: /usr/bin/snmpget
+ #
+ # Uncomment to enable sql debug
+ #
+-sql_debug: true
++#sql_debug: true
+ #
+ # If set to yes then the HTTP credentials (http authentication)
+ # will be used to connect to the sql server instead of sql_username
--- /dev/null
+--- raddb/radiusd.conf.in
++++ raddb/radiusd.conf.in
+@@ -783,7 +783,7 @@
+ # policy check and intruder detection. This will work *only if*
+ # FreeRADIUS is configured to build with --with-edir option.
+ #
+- # edir_account_policy_check=no
++ edir_account_policy_check=no
+ #
+ # groupname_attribute = cn
+ # groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
#
-# spec file for package freeradius (Version 1.1.0)
+# spec file for package freeradius (Version 1.1.1)
#
-# Copyright (c) 2004 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2005 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
-# Please submit bugfixes or comments via http://www.suse.de/feedback/
+# Please submit bugfixes or comments via http://bugs.opensuse.org
#
-# neededforbuild cyrus-sasl-devel db-devel heimdal-devel heimdal-lib mysql-devel mysql-shared openldap2 openldap2-client openldap2-devel openssl openssl-devel pam-devel postgresql postgresql-devel postgresql-libs python python-devel unixODBC unixODBC-devel
+# neededforbuild apache2-devel-packages cyrus-sasl-devel db-devel kerberos-devel-packages mysql-devel mysql-shared openldap2 openldap2-client openldap2-devel openssl openssl-devel pam-devel postgresql-devel postgresql-libs python python-devel unixODBC unixODBC-devel
-BuildRequires: aaa_base acl attr bash bind-utils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db devs diffutils e2fsprogs file filesystem fillup findutils flex gawk gdbm-devel glibc glibc-devel glibc-locale gpm grep groff gzip info insserv less libacl libattr libgcc libnscd libselinux libstdc++ libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch permissions popt procinfo procps psmisc pwdutils rcs readline sed strace syslogd sysvinit tar tcpd texinfo timezone unzip util-linux vim zlib zlib-devel autoconf automake binutils cyrus-sasl-devel db-devel e2fsprogs-devel gcc gdbm gettext heimdal-devel heimdal-lib libtool mysql-devel mysql-shared openldap2 openldap2-devel openssl-devel pam-devel perl perl-devel postgresql postgresql-devel postgresql-libs python python-devel rpm unixODBC unixODBC-devel
+BuildRequires: aaa_base acl attr bash bind-utils bison bzip2 coreutils cpio cpp cracklib cvs cyrus-sasl db diffutils e2fsprogs file filesystem fillup findutils flex gawk gdbm-devel gettext-devel glibc glibc-devel glibc-locale gpm grep groff gzip info insserv klogd less libacl libattr libcom_err libgcc libnscd libstdc++ libxcrypt libzio m4 make man mktemp module-init-tools ncurses ncurses-devel net-tools netcfg openldap2-client openssl pam pam-modules patch permissions popt procinfo procps psmisc pwdutils rcs readline sed strace sysvinit tar tcpd texinfo timezone unzip util-linux vim zlib zlib-devel apache2 apache2-devel apache2-prefork autoconf automake binutils cyrus-sasl-devel db-devel e2fsprogs-devel expat gcc gdbm gettext krb5 krb5-devel libapr0 libtool mysql-devel mysql-shared openldap2 openldap2-devel openssl-devel pam-devel perl postgresql postgresql-devel postgresql-libs python python-devel rpm unixODBC unixODBC-devel
Name: freeradius
License: GPL, LGPL
Group: Productivity/Networking/Radius/Servers
Provides: radiusd
Conflicts: radiusd-livingston radiusd-cistron icradius
-Version: 1.1.0
-Release: 1.suse
+Version: 1.1.1
+Release: 0
URL: http://www.freeradius.org/
Summary: Very highly Configurable Radius-Server
Source0: %{name}-%{version}.tar.gz
+Source1: rcradiusd
+Source2: README.SuSE
+Source3: admin-httpd.conf
+Patch0: edir.patch
+Patch1: dialup_admin.patch
+Patch2: lib64.patch
%if %suse_version > 800
PreReq: /usr/sbin/useradd /usr/sbin/groupadd
PreReq: %insserv_prereq %fillup_prereq
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
+%define apxs2 apxs2-prefork
+%define apache2_sysconfdir %(%{apxs2} -q SYSCONFDIR)
%description
The FreeRADIUS server has a number of features found in other servers,
Alan Curry
various other people
+%package dialupadmin
+Group: Productivity/Networking/Radius/Servers
+Summary: Web management for FreeRADIUS
+Requires: http_daemon apache2-mod_php4 php4
+Requires: php4-ldap php4-mysql perl-DateManip
+Requires: php4-pgsql php4-session
+
+%description dialupadmin
+Dialup Admin supports users either in SQL (MySQL or PostgreSQL are
+supported) or in LDAP. Apart from the web pages, it also includes a
+number of scripts to make the administrator's life a lot easier.
+
+
+
+Authors:
+--------
+ Kostas Kalevras <kkalev at noc.ntua.gr>
+ Basilis Pappas <vpappas at noc.ntua.gr>
+ Panagiotis Christias <christia at noc.ntua.gr>
+ Thanasis Duitsis <aduitsis at noc.ntua.gr>
+
%package devel
Group: Development/Libraries/C and C++
Summary: FreeRADIUS Development Files (static libs)
various other people
%prep
-%setup
+%setup -q
+%patch0
+%patch1
+%ifarch x86_64 s390x
+%patch2
+%endif
rm -rf `find . -name CVS`
%build
-CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" ./configure \
+export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED"
+%ifarch x86_64
+export CFLAGS="$CFLAGS -fPIC"
+%endif
+%if %suse_version > 1000
+export CFLAGS="$CFLAGS -fstack-protector"
+%endif
+# workaround for SLES9
+%if %suse_version < 920
+ln -sf %{_libdir}/libmysqlclient_r.so.12 %{_libdir}/libmysqlclient_r.so
+ln -sf %{_libdir}/libmysqlclient_r.so.12 %{_libdir}/mysql/libmysqlclient_r.so
+%endif
+./configure \
--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir} \
--infodir=%{_infodir} \
--mandir=%{_mandir} \
- --libdir=/usr/lib/freeradius \
--localstatedir=/var \
+ --libdir=/usr/lib/freeradius \
+ --with-threads \
+ --with-snmp \
--with-large-files \
- --with-udpfromto \
- --with-edir \
--disable-ltdl-install \
- --with-ltdl-lib=/usr/lib \
- --with-ltdl-include=/usr/include \
--with-gnu-ld \
+%if %suse_version <= 920
--enable-heimdal-krb5 \
--with-rlm-krb5-include-dir=/usr/include/heimdal/ \
+%endif
--with-rlm-krb5-lib-dir=%{_libdir} \
- --enable-strict-dependencies
+ --enable-strict-dependencies \
+ --with-edir \
+ --with-udpfromto
+# no parallel build possible
make
%install
-[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf \
-$RPM_BUILD_ROOT
+rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/var/lib/radiusd
make install R=$RPM_BUILD_ROOT
# SuSE
install -d $RPM_BUILD_ROOT/etc/pam.d
install -d $RPM_BUILD_ROOT/etc/logrotate.d
+%if %suse_version > 920
install -m 644 suse/radiusd-pam $RPM_BUILD_ROOT/etc/pam.d/radiusd
+%else
+install -m 644 suse/radiusd-pam-old $RPM_BUILD_ROOT/etc/pam.d/radiusd
+%endif
install -m 644 suse/radiusd-logrotate $RPM_BUILD_ROOT/etc/logrotate.d/radiusd
install -d -m 755 $RPM_BUILD_ROOT/etc/init.d
-install -m 744 suse/rcradiusd $RPM_BUILD_ROOT/etc/init.d/radiusd
+install -m 744 %SOURCE1 $RPM_BUILD_ROOT/etc/init.d/radiusd
ln -sf ../../etc/init.d/radiusd $RPM_BUILD_ROOT/usr/sbin/rcradiusd
mv -v doc/README doc/README.doc
+# install dialup_admin
+mkdir -p $RPM_BUILD_ROOT%{_datadir}/dialup_admin
+cp -r dialup_admin/* $RPM_BUILD_ROOT%{_datadir}/dialup_admin
+# apache2 config
+install -d -m 755 $RPM_BUILD_ROOT%{apache2_sysconfdir}/conf.d
+install -m 644 %SOURCE3 $RPM_BUILD_ROOT%{apache2_sysconfdir}/conf.d/radius.conf
# remove unneeded stuff
rm -rf doc/00-OLD
rm -f $RPM_BUILD_ROOT/etc/raddb/experimental.conf $RPM_BUILD_ROOT/usr/sbin/radwatch $RPM_BUILD_ROOT/usr/sbin/rc.radiusd
rm -rf $RPM_BUILD_ROOT/usr/share/doc/freeradius*
+rm -rf $RPM_BUILD_ROOT/usr/lib/freeradius/*.la
%pre
/usr/sbin/groupadd -r radiusd 2> /dev/null || :
%{insserv_cleanup}
%clean
-[ "$RPM_BUILD_ROOT" != "/" ] && [ -d $RPM_BUILD_ROOT ] && rm -rf $RPM_BUILD_ROOT
+rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
# doc
-%doc %attr(-,root,root) $RPM_SOURCE_DIR/README.SuSE
+%doc $RPM_SOURCE_DIR/README.SuSE
%doc doc/* LICENSE COPYRIGHT CREDITS README
-%doc src/modules/rlm_sql/drivers/rlm_sql_*/*.sql
-%doc scripts/create-users.pl scripts/CA.* scripts/certs.sh
+%doc src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
+%doc scripts/create-users.pl scripts/CA.* scripts/certs.sh
%doc scripts/users2mysql.pl scripts/xpextensions
%doc scripts/cryptpasswd scripts/exec-program-wait scripts/radiusd2ldif.pl
-%doc dialup_admin
# SuSE
%config /etc/init.d/radiusd
%config /etc/pam.d/radiusd
%attr(640,-,radiusd) %config(noreplace) /etc/raddb/snmp.conf
%attr(640,-,radiusd) %config(noreplace) /etc/raddb/sql.conf
%attr(640,-,radiusd) %config(noreplace) /etc/raddb/users
-%config(noreplace) /etc/raddb/x99.conf
-%attr(640,-,radiusd) %config(noreplace) /etc/raddb/x99passwd.sample
+%config(noreplace) /etc/raddb/otp.conf
+%attr(640,-,radiusd) /etc/raddb/otppasswd.sample
%attr(640,-,radiusd) %config(noreplace) /etc/raddb/certs
%attr(640,-,radiusd) %config(noreplace) /etc/raddb/eap.conf
+%attr(640,-,radiusd) /etc/raddb/example.pl
%attr(700,radiusd,radiusd) %dir /var/run/radiusd/
# binaries
%defattr(-,root,root)
# shared libs
%attr(755,root,root) %dir /usr/lib/freeradius
%attr(755,root,root) /usr/lib/freeradius/*.so*
-%attr(644,root,root) /usr/lib/freeradius/*.la
# man-pages
%doc %{_mandir}/man1/*
%doc %{_mandir}/man5/*
%attr(700,radiusd,radiusd) %dir /var/log/radius/radacct/
%attr(644,radiusd,radiusd) /var/log/radius/radutmp
+%files dialupadmin
+%defattr(-,root,root)
+%dir %{_datadir}/dialup_admin/
+%{_datadir}/dialup_admin/bin/
+%{_datadir}/dialup_admin/doc/
+%{_datadir}/dialup_admin/htdocs/
+%{_datadir}/dialup_admin/html/
+%{_datadir}/dialup_admin/lib/
+%{_datadir}/dialup_admin/sql/
+%dir %{_datadir}/dialup_admin/conf/
+%config(noreplace) %{_datadir}/dialup_admin/conf/*
+%config(noreplace) %{apache2_sysconfdir}/conf.d/radius.conf
+%{_datadir}/dialup_admin/Changelog
+%{_datadir}/dialup_admin/README
+
%files devel
%defattr(-,root,root)
/usr/lib/freeradius/*.a
-
+#%attr(644,root,root) /usr/lib/freeradius/*.la
--- /dev/null
+--- src/modules/rlm_eap/libeap/Makefile
++++ src/modules/rlm_eap/libeap/Makefile
+@@ -40,7 +40,7 @@
+
+ $(TARGET).la: $(DYNAMIC_OBJS)
+ $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
+- -module $(LINK_MODE) $(CFLAGS) -o $@ -rpath $(libdir) $^
++ -module $(LINK_MODE) $(CFLAGS) -o $@ -rpath $(libdir) -L/lib64 -L/usr/lib64 $^
+
+ static: $(TARGET).a
+
+--- src/modules/rlm_sql/drivers/rules.mak
++++ src/modules/rlm_sql/drivers/rules.mak
+@@ -93,7 +93,7 @@
+ $(TARGET).la: $(DYNAMIC_OBJS)
+ $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
+ -module $(LINK_MODE) $(CFLAGS) \
+- $(RLM_SQL_CFLAGS) -o $@ -rpath $(libdir) $^ $(RLM_SQL_LIBS)
++ $(RLM_SQL_CFLAGS) -o $@ -rpath $(libdir) $^ -L/lib64 -L/usr/lib64 $(RLM_SQL_LIBS)
+
+ #######################################################################
+ #
+--- src/modules/rlm_dbm/Makefile.in
++++ src/modules/rlm_dbm/Makefile.in
+@@ -3,7 +3,7 @@
+ HEADERS =
+ RLM_UTILS = @dbm_utils@
+ RLM_CFLAGS = @dbm_cflags@
+-RLM_LIBS = @dbm_ldflags@
++RLM_LIBS = -lgdbm -lgdbm_compat
+ RLM_INSTALL = @dbm_install@
+
+ include ../rules.mak
+--- src/modules/rules.mak.orig 2005-09-20 06:36:41.000000000 +0200
++++ src/modules/rules.mak 2005-09-20 06:36:56.000000000 +0200
+@@ -97,7 +97,7 @@ endif
+ $(TARGET).la: $(DYNAMIC_OBJS)
+ $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
+ -module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) \
+- -o $@ -rpath $(libdir) $^ $(RLM_LIBS) $(LIBS)
++ -o $@ -rpath $(libdir) $^ -L/lib64 -L/usr/lib64 $(RLM_LIBS) $(LIBS)
+
+ #######################################################################
+ #
# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany.
# 2002, 2003 SuSE Linux AG, Nuernberg, Germany.
#
-# Author: Wolfgang Rosenauer <feedback@suse.de>, 2000-2003
+# Author: Wolfgang Rosenauer, 2000-2003
#
# /etc/init.d/radiusd
#
### END INIT INFO
RADIUSD_BIN=/usr/sbin/radiusd
-test -x $RADIUSD_BIN || exit 5
+test -x $RADIUSD_BIN || { echo "$RADIUSD_BIN not installed"; \
+ if [ "$1" = "stop" ]; then exit 0;
+ else exit 5; fi; }
. /etc/rc.status
killproc -TERM $RADIUSD_BIN
rc_status -v
;;
- try-restart)
+ try-restart|condrestart)
## If first returns OK call the second, if first or
## second command fails, set echo return value.
- $0 status >/dev/null && $0 restart
+ if test "$1" = "condrestart"; then
+ echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
+ fi
+ $0 status
+ if test $? = 0; then
+ $0 restart
+ else
+ rc_reset # Not running is not a failure.
+ fi
rc_status
;;
restart)