From d38ed349cc3a8678c86614a3055f061774e8074b Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Sun, 12 Sep 2010 10:57:05 +0200 Subject: [PATCH] Moved to RST format. --- doc/Acct-Type.rst | 58 +++---- doc/Autz-Type.rst | 117 +++++++-------- doc/CYGWIN.rst | 442 +++++++++++++++++++++++++++++++++--------------------- 3 files changed, 361 insertions(+), 256 deletions(-) diff --git a/doc/Acct-Type.rst b/doc/Acct-Type.rst index 9e12d4f..0c8d3ad 100644 --- a/doc/Acct-Type.rst +++ b/doc/Acct-Type.rst @@ -1,3 +1,6 @@ +Acct-Type +========= + FreeRADIUS supports the Acct-Type attribute to select between accounting methods based on arbitrary attribute/value pairs contained in an accounting packet. Its use follows the same general configuration @@ -17,55 +20,52 @@ addition, there is one RADIUS client sending accounting data that is to be logged only to a specific detail file. Everything else should use a third SQL instance. -The acct_users file would look something like this: - ---- -DEFAULT Realm == "foo.com", Acct-Type := "SQLFOO" +The acct_users file would look something like this:: -DEFAULT Realm == "bar.com", Acct-Type := "SQLBAR" + DEFAULT Realm == "foo.com", Acct-Type := "SQLFOO" + + DEFAULT Realm == "bar.com", Acct-Type := "SQLBAR" -DEFAULT Client-IP-Address == "10.0.0.1", Acct-Type := "OTHERNAS" ---- + DEFAULT Client-IP-Address == "10.0.0.1", Acct-Type := "OTHERNAS" -And in radiusd.conf: ---- -$INCLUDE ${confdir}/sql0.conf # Instance named 'sql0'. -$INCLUDE ${confdir}/sql1.conf # Instance named 'sql1'. -$INCLUDE ${confdir}/sql2.conf # Instance named 'sql2'. +And in radiusd.conf:: -detail othernas { + $INCLUDE ${confdir}/sql0.conf # Instance named 'sql0'. + $INCLUDE ${confdir}/sql1.conf # Instance named 'sql1'. + $INCLUDE ${confdir}/sql2.conf # Instance named 'sql2'. + + detail othernas { detailfile = ${radacctdir}/10.0.0.1/detail-%Y%m%d -} - -preacct { + } + + preacct { suffix # Add the Realm A/V pair. files # Add the Acct-Type A/V pair based on the Realm A/V pair. -} - -accounting { - + } + + accounting { + # If Acct-Type is SQLFOO use the 'sql1' instance of the SQL module. - + Acct-Type SQLFOO { sql1 } - + # If Acct-Type is SQLBAR, use the 'sql2' instance of the SQL module. - + Acct-Type SQLBAR { sql2 } - + # If Acct-Type is OTHERNAS, use the 'othernas' instance of the detail # module - + Acct-Type OTHERNAS { othernas } - + # If we've made it this far, we haven't matched an Acct-Type, so use # the sql0 instance. - + sql0 -} ---- + } diff --git a/doc/Autz-Type.rst b/doc/Autz-Type.rst index 6533f73..d880241 100644 --- a/doc/Autz-Type.rst +++ b/doc/Autz-Type.rst @@ -1,3 +1,6 @@ +Autz-Type +========= + Like Auth-Type for authentication method selection freeradius also supports the Autz-Type to select between authorization methods. The only problem is that authorization is the first thing to be called when an @@ -5,31 +8,30 @@ authentication request is handled. As a result we first have to call the authorize section without checking for Autz-Type. After that we check for Autz-Type and if it exists we call the corresponding subsection in the authorize section. In other words the authorize section in radiusd.conf -should look like this: - - -authorize{ - suffix - preprocess - # whatever other authorize modules here - Autz-Type Ldap{ - ldap - } - Autz-Type SQL{ - sql - } - files -} +should look like this:: + + authorize{ + suffix + preprocess + # whatever other authorize modules here + Autz-Type Ldap{ + ldap + } + Autz-Type SQL{ + sql + } + files + } What happens is that the first time the authorize section is examined the suffix, preprocess and files modules are executed. If Autz-Type is set after that the server core checks for any matching Autz-Type subsection. If one is found it is called. The users file should look something -like this: +like this:: -DEFAULT Called-Station-Id == "123456789", Autz-Type := Ldap - -DEFAULT Realm == "other.company.com", Autz-Type := SQL + DEFAULT Called-Station-Id == "123456789", Autz-Type := Ldap + + DEFAULT Realm == "other.company.com", Autz-Type := SQL Autz-Type could also be used to select between multiple instances of a module (ie sql or ldap) which have been configured differently. For @@ -38,52 +40,49 @@ different companies) could be queried. If Auth-Type was also set then we could do both Authentication and Authorization with the user databases belonging to other companies. In detail: -radiusd.conf----------------- - -authenticate{ - Auth-Type customer1{ - ldap1 - } - Auth-Type customer2{ - ldap2 - } -} - -authorize{ - preprocess - suffix - Autz-Type customer1{ - ldap1 - } - Autz-Type customer2{ - ldap2 - } - files -} - ------------------------------ - -users file------------------- - -DEFAULT Realm == "customer1", Autz-Type := customer1, Auth-Type := customer1 - -DEFAULT Realm == "customer2", Autz-Type := customer2, Auth-Type := customer2 +radiusd.conf:: + + authenticate{ + Auth-Type customer1{ + ldap1 + } + Auth-Type customer2{ + ldap2 + } + } + + authorize{ + preprocess + suffix + Autz-Type customer1{ + ldap1 + } + Autz-Type customer2{ + ldap2 + } + files + } + +The users file:: + + DEFAULT Realm == "customer1", Autz-Type := customer1, Auth-Type := customer1 + + DEFAULT Realm == "customer2", Autz-Type := customer2, Auth-Type := customer2 ----------------------------- Apart from Autz-Type the server also supports the use of Acct-Type, Session-Type and Post-Auth-Type for the corresponding sections. The corresponding section names in the radiusd.conf file are the same. So for example: -users file--- +users file:: -DEFAULT Called-Station-Id == "236473", Session-Type := SQL + DEFAULT Called-Station-Id == "236473", Session-Type := SQL -radiusd.conf--- +radiusd.conf:: -session { - radutmp - Session-Type SQL { - sql - } -} + session { + radutmp + Session-Type SQL { + sql + } + } diff --git a/doc/CYGWIN.rst b/doc/CYGWIN.rst index 9fece08..6a15898 100644 --- a/doc/CYGWIN.rst +++ b/doc/CYGWIN.rst @@ -1,3 +1,6 @@ +FreeRADIUS for EAP under CygWin +=============================== + From: "Philip Blow" To: Date: Wed, 29 Jan 2003 15:23:45 +1100 @@ -6,172 +9,275 @@ Here are some brief notes I but together for compiling FreeRADIUS 0.8.1 on Windows XP with EAP/TLS support. Configuring FreeRADIUS for EAP under CygWin. +-------------------------------------------- + +#. Installing CygWin + + Install the latest version of CygWin (at time of writing 1.3.19-1) from http://www.cygwin.com + +#. Install the following packages (make as minimum list) + + +--------------------+-----------------+ + | Package | Version | + +====================+=================+ + | _update-info-dir | 00126-1 | + +--------------------+-----------------+ + | ash | 20020731-1 | + +--------------------+-----------------+ + | autoconf | 2.54-1 | + +--------------------+-----------------+ + | autoconf-devel | 2.57-1 | + +--------------------+-----------------+ + | autoconf-stable | 2.13-4 | + +--------------------+-----------------+ + | automake | 1.7.1-1 | + +--------------------+-----------------+ + | automake-devel | 1.7.2-1 | + +--------------------+-----------------+ + | automake-stable | 1.4p5-5 | + +--------------------+-----------------+ + | base-files | 1.1-1 | + +--------------------+-----------------+ + | base-passwd | 1.0-1 | + +--------------------+-----------------+ + | bash | 2.05b-8 | + +--------------------+-----------------+ + | bc | 1.06-1 | + +--------------------+-----------------+ + | binutils | 20021117-1 | + +--------------------+-----------------+ + | byacc | 1.9-1 | + +--------------------+-----------------+ + | bzip2 | 1.0.2-2 | + +--------------------+-----------------+ + | crypt | 1.0-1 | + +--------------------+-----------------+ + | cygrunsrv | 0.95-1 | + +--------------------+-----------------+ + | cygutils | 1.1.3-1 | + +--------------------+-----------------+ + | cygwin | 1.3.19-1 | + +--------------------+-----------------+ + | cygwin-doc | 1.3-2 | + +--------------------+-----------------+ + | diff | 1.0-1 | + +--------------------+-----------------+ + | diffutils | 2.8.1-1 | + +--------------------+-----------------+ + | ed | 0.2-1 | + +--------------------+-----------------+ + | file | 3.37-1 | + +--------------------+-----------------+ + | fileutils | 4.1-1 | + +--------------------+-----------------+ + | findutils | 4.1.7-4 | + +--------------------+-----------------+ + | gawk | 3.1.1-5 | + +--------------------+-----------------+ + | gcc | 3.2-3 | + +--------------------+-----------------+ + | gcc-mingw | 20020817-5 | + +--------------------+-----------------+ + | gcc2 | 2.95.3-10 | + +--------------------+-----------------+ + | gdb | 20021218-1 | + +--------------------+-----------------+ + | gdbm | 1.8.0-4 | + +--------------------+-----------------+ + | gettext | 0.11.5-1 | + +--------------------+-----------------+ + | grep | 2.5-1 | + +--------------------+-----------------+ + | groff | 1.18.1-2 | + +--------------------+-----------------+ + | gzip | 1.3.3-4 | + +--------------------+-----------------+ + | inetutils | 1.3.2-20 | + +--------------------+-----------------+ + | initscripts | 0.9-1 | + +--------------------+-----------------+ + | less | 378-1 | + +--------------------+-----------------+ + | libbz2_0 | 1.0.2-1 | + +--------------------+-----------------+ + | libbz2_1 | 1.0.2-2 | + +--------------------+-----------------+ + | libiconv2 | 1.8-2 | + +--------------------+-----------------+ + | libintl | 0.10.38-3 | + +--------------------+-----------------+ + | libintl1 | 0.10.40-1 | + +--------------------+-----------------+ + | libintl2 | 0.11.5-1 | + +--------------------+-----------------+ + | libltdl3 | 20030103-1 | + +--------------------+-----------------+ + | libncurses5 | 5.2-1 | + +--------------------+-----------------+ + | libncurses6 | 5.2-8 | + +--------------------+-----------------+ + | libpng10 | 1.0.14-2 | + +--------------------+-----------------+ + | libpng12 | 1.2.4-2 | + +--------------------+-----------------+ + | libpopt0 | 1.6.4-4 | + +--------------------+-----------------+ + | libreadline4 | 4.1-2 | + +--------------------+-----------------+ + | libreadline5 | 4.3-2 | + +--------------------+-----------------+ + | libtool | 20020202a-1 | + +--------------------+-----------------+ + | libtool-devel | 20021227-1 | + +--------------------+-----------------+ + | libtool-stable | 1.4.2-2 | + +--------------------+-----------------+ + | libxml2 | 2.4.23-1 | + +--------------------+-----------------+ + | login | 1.7-1 | + +--------------------+-----------------+ + | m4 | 1.4-1 | + +--------------------+-----------------+ + | make | 3.79.1-7 | + +--------------------+-----------------+ + | man | 1.5j-1 | + +--------------------+-----------------+ + | mingw-runtime | 2.3-1 | + +--------------------+-----------------+ + | mktemp | 1.4-1 | + +--------------------+-----------------+ + | more | 2.11o-1 | + +--------------------+-----------------+ + | nasm | 0.98.35-1 | + +--------------------+-----------------+ + | ncurses | 5.2-8 | + +--------------------+-----------------+ + | newlib-man | 20020801 | + +--------------------+-----------------+ + | openssh | 3.5p1-3 | + +--------------------+-----------------+ + | openssl | 0.9.7-1 | + +--------------------+-----------------+ + | openssl-devel | 0.9.7-1 | + +--------------------+-----------------+ + | openssl096 | 0.9.6h-1 | + +--------------------+-----------------+ + | patch | 2.5.8-2 | + +--------------------+-----------------+ + | pcre | 3.7-1 | + +--------------------+-----------------+ + | perl | 5.6.1-2 | + +--------------------+-----------------+ + | readline | 4.3-2 | + +--------------------+-----------------+ + | sed | 4.0.5-1 | + +--------------------+-----------------+ + | sh-utils | 2.0.15-3 | + +--------------------+-----------------+ + | sharutils | 4.2.1-2 | + +--------------------+-----------------+ + | sysvinit | 2.84-3 | + +--------------------+-----------------+ + | tar | 1.13.25-1 | + +--------------------+-----------------+ + | tcltk | 20021218-1 | + +--------------------+-----------------+ + | termcap | 20020930-1 | + +--------------------+-----------------+ + | terminfo | 5.2-3 | + +--------------------+-----------------+ + | texinfo | 4.2-4 | + +--------------------+-----------------+ + | textutils | 2.0.21-1 | + +--------------------+-----------------+ + | tiff | 3.5.7-1 | + +--------------------+-----------------+ + | time | 1.7-1 | + +--------------------+-----------------+ + | unzip | 5.50-1 | + +--------------------+-----------------+ + | vim | 6.1-2 | + +--------------------+-----------------+ + | w32api | 2.1-1 | + +--------------------+-----------------+ + | wget | 1.8.2-2 | + +--------------------+-----------------+ + | which | 1.5-1 | + +--------------------+-----------------+ + | xinetd | 2.3.9-1 | + +--------------------+-----------------+ + | zip | 2.3-2 | + +--------------------+-----------------+ + | zlib | 1.1.4-1 | + +--------------------+-----------------+ + +#. Download + + Download the FreeRADIUS source code from http://www.freeradius.org/ + +#. Expand the FreeRADIUS source file. + +#. Make the following changes to the source code + (the diffs are reversed) + + :: + + src/main/Makefile.in + + 145,148c145,148 + < $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) + radiusd.exe $(R)$(sbindir) + < $(INSTALL) -m 755 $(INSTALLSTRIP) radwho.exe + $(R)$(bindir) + < $(INSTALL) -m 755 $(INSTALLSTRIP) raduse.exe + $(R)$(bindir) + < $(INSTALL) -m 755 $(INSTALLSTRIP) radzap.exe + $(R)$(bindir) + --- + > $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) + radiusd $(R)$(sbindir) + > $(INSTALL) -m 755 $(INSTALLSTRIP) radwho + $(R)$(bindir) + > $(INSTALL) -m 755 $(INSTALLSTRIP) raduse + $(R)$(bindir) + > $(INSTALL) -m 755 $(INSTALLSTRIP) radzap + $(R)$(bindir) + 150,151c150,151 + < $(INSTALL) -m 755 radclient.exe $(R)$(bindir) + < $(INSTALL) -m 755 radrelay.exe $(R)$(bindir) + --- + > $(INSTALL) -m 755 radclient $(R)$(bindir) + > $(INSTALL) -m 755 radrelay $(R)$(bindir) + + src/modules/rlm_dbm/Makefile.in + + 22,23c22,23 + < $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser.exe + $(R)$(bindir) + < $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat.exe + $(R)$(bindir) + --- + > $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser $(R)$(bindir) + > $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat $(R)$(bindir) + + src/modules/rlm_mschap/Makefile + + 20c20 + < $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt.exe $(R)$(bindir) + --- + > $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt $(R)$(bindir) + +#. Run configure with the following command line + + :: + + ./configure -without-snmp -disable-shared -enable-static + +#. Execute make and then make install + +:: -1. Installing CygWin - -Install the latest version of CygWin (at time of writing 1.3.19-1) from -the web download (http://www.cygwin.com). - -2. Install the following packages (make as minimum list) - -Package Version -_update-info-dir 00126-1 -ash 20020731-1 -autoconf 2.54-1 -autoconf-devel 2.57-1 -autoconf-stable 2.13-4 -automake 1.7.1-1 -automake-devel 1.7.2-1 -automake-stable 1.4p5-5 -base-files 1.1-1 -base-passwd 1.0-1 -bash 2.05b-8 -bc 1.06-1 -binutils 20021117-1 -byacc 1.9-1 -bzip2 1.0.2-2 -crypt 1.0-1 -cygrunsrv 0.95-1 -cygutils 1.1.3-1 -cygwin 1.3.19-1 -cygwin-doc 1.3-2 -diff 1.0-1 -diffutils 2.8.1-1 -ed 0.2-1 -file 3.37-1 -fileutils 4.1-1 -findutils 4.1.7-4 -gawk 3.1.1-5 -gcc 3.2-3 -gcc-mingw 20020817-5 -gcc2 2.95.3-10 -gdb 20021218-1 -gdbm 1.8.0-4 -gettext 0.11.5-1 -grep 2.5-1 -groff 1.18.1-2 -gzip 1.3.3-4 -inetutils 1.3.2-20 -initscripts 0.9-1 -less 378-1 -libbz2_0 1.0.2-1 -libbz2_1 1.0.2-2 -libiconv2 1.8-2 -libintl 0.10.38-3 -libintl1 0.10.40-1 -libintl2 0.11.5-1 -libltdl3 20030103-1 -libncurses5 5.2-1 -libncurses6 5.2-8 -libpng10 1.0.14-2 -libpng12 1.2.4-2 -libpopt0 1.6.4-4 -libreadline4 4.1-2 -libreadline5 4.3-2 -libtool 20020202a-1 -libtool-devel 20021227-1 -libtool-stable 1.4.2-2 -libxml2 2.4.23-1 -login 1.7-1 -m4 1.4-1 -make 3.79.1-7 -man 1.5j-1 -mingw-runtime 2.3-1 -mktemp 1.4-1 -more 2.11o-1 -nasm 0.98.35-1 -ncurses 5.2-8 -newlib-man 20020801 -openssh 3.5p1-3 -openssl 0.9.7-1 -openssl-devel 0.9.7-1 -openssl096 0.9.6h-1 -patch 2.5.8-2 -pcre 3.7-1 -perl 5.6.1-2 -readline 4.3-2 -sed 4.0.5-1 -sh-utils 2.0.15-3 -sharutils 4.2.1-2 -sysvinit 2.84-3 -tar 1.13.25-1 -tcltk 20021218-1 -termcap 20020930-1 -terminfo 5.2-3 -texinfo 4.2-4 -textutils 2.0.21-1 -tiff 3.5.7-1 -time 1.7-1 -unzip 5.50-1 -vim 6.1-2 -w32api 2.1-1 -wget 1.8.2-2 -which 1.5-1 -xinetd 2.3.9-1 -zip 2.3-2 -zlib 1.1.4-1 - -3. Download the FreeRADIUS source code form -http://www.freeradius.org/. - -4. Expand the FreeRADIUS source file. - -5. Make the following changes to the source code - (the diffs are reversed) - -src/main/Makefile.in - -145,148c145,148 -< $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) -radiusd.exe $(R)$(sbindir) -< $(INSTALL) -m 755 $(INSTALLSTRIP) radwho.exe -$(R)$(bindir) -< $(INSTALL) -m 755 $(INSTALLSTRIP) raduse.exe -$(R)$(bindir) -< $(INSTALL) -m 755 $(INSTALLSTRIP) radzap.exe -$(R)$(bindir) ---- -> $(LIBTOOL) --mode=install $(INSTALL) -m 755 $(INSTALLSTRIP) -radiusd $(R)$(sbindir) -> $(INSTALL) -m 755 $(INSTALLSTRIP) radwho -$(R)$(bindir) -> $(INSTALL) -m 755 $(INSTALLSTRIP) raduse -$(R)$(bindir) -> $(INSTALL) -m 755 $(INSTALLSTRIP) radzap -$(R)$(bindir) -150,151c150,151 -< $(INSTALL) -m 755 radclient.exe $(R)$(bindir) -< $(INSTALL) -m 755 radrelay.exe $(R)$(bindir) ---- -> $(INSTALL) -m 755 radclient $(R)$(bindir) -> $(INSTALL) -m 755 radrelay $(R)$(bindir) - -src/modules/rlm_dbm/Makefile.in - -22,23c22,23 -< $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser.exe -$(R)$(bindir) -< $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat.exe -$(R)$(bindir) ---- -> $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_parser $(R)$(bindir) -> $(INSTALL) -m 755 $(INSTALLSTRIP) rlm_dbm_cat $(R)$(bindir) - -src/modules/rlm_mschap/Makefile - -20c20 -< $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt.exe $(R)$(bindir) ---- -> $(INSTALL) -m 755 $(INSTALLSTRIP) smbencrypt $(R)$(bindir) - -6. Run configure with the following command line - -./configure -without-snmp -disable-shared -enable-static - -7. Execute make and then make install - - -Philip Blow -Senior Technical Manager -Simply Wireless -philipb@simplywireless.com.au + Philip Blow + Senior Technical Manager + Simply Wireless + philipb@simplywireless.com.au -- 2.1.4