Freeradius server 3.2.1 released
The FreeRADIUS Server Project is a high performance and highly configurable multi-protocol policy server, supporting RADIUS, DHCPv4, and VMPS. It is available under the terms of the GNU GPLv2. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the number of changes that have to be done when adding or deleting new users to a network.
FreeRADIUS can authenticate users on systems such as 802.1x (WiFi), dial-up, PPPoE, VPN’s, VoIP, and many others. It supports back-end databases such as MySQL, PostgreSQL, Oracle, Microsoft Active Directory, Apache Cassandra, Redis, OpenLDAP, and many more. It is used daily to authenticate Internet access for hundreds of millions of people, in sites ranging from 10 to 10 million+ users.
Changelog v3.2.1
Feature improvements
- Add
dictionary.ciena
,dictionary.nile
, and DHCPv4 dictionaries, - Add simultaneous-use queries for MS SQL.
- Add radmin command for
stats pool <module-name>
which prints out statistics about the connection pools. - Client statistics now shows “conflicts”, to count conflicting packets.
- New optional “lightweight accounting-on/off” strategy. When refreshing
queries.conf
you should also add the newnasreload
table and corresponding GRANTs to your DB schema. - Add
TLS-Client-Cert-X509v3-Certificate-Policies
, which helps with eduroam. Suggested by Stefan Winter. - Allow auth+acct for TCP sockets, too.
- Add
rlm_cache_redis
. Seeraddb/mods-available/cache
for details. - Allow radmin to look up home servers by name, too.
- Ensure that dynamic clients don’t create loops on duplicates. Reported by Sam Yee.
- Removed
rlm_sqlhpwippool
. There was no documentation, no configuration, and the module was ~15 years old with no one using it. - Marked
rlm_python3
as stable. - Add
sigalgs_list
. Seeraddb/mods-available/eap
. Patch from Boris Lytochkin. - For
rlm_linelog
, when opening files in/dev
, look at “permissions” to see whether to open them r/w. - More flexibility for dynamic home servers. See
doc/configuration/dynamic_home_servers.md
andraddb/home_servers/README.md
. - Allow setting of application_name for PostgreSQL. See
mods-available/sql
.
Bug fixes
- Correct test for open sessions in radacct for MS SQL.
- The linelog module now opens
/dev/stdout
in “write-only” mode if the permissions are set to “u+w” (0002). - Various fixes to
rlm_unbound
from Nick Porter. - PEAP now correctly runs
Post-Auth-Type Accept
. - Create
TLS-Cert-*
for outbound RadSec, instead ofTLS-Client-Cert-*
. Fixes #4698. Seesites-available/tls
, andfix_cert_order
. - Minor updates and fixes to CI, Dockerfiles and packaging.
- Fix
rlm_python3
build with Python >= 3.10. Fixes #4441
Install
git clone https://github.com/FreeRADIUS/freeradius-server.git
./configure
make
make install
Configuring the server
- Start off with the default configuration files.
- Save a copy of the default configuration: It WORKS. Don’t change it!
- Verify that the server starts – in debugging mode (
radiusd -X
). - Send it test packets using “radclient”, or a NAS or AP.
- Verify that the server does what you expect
- If it does not work, change the configuration, and go to step (3)
- If you’re stuck, revert to using the “last working” configuration.
- If it works, proceed to step (6).
- Save a copy of the working configuration, along with a note of what you changed, and why.
- Make a SMALL change to the configuration.
- Repeat from step (3).
Tutorial
Copyright (C) 1999-2018 The FreeRADIUS Server Project
Source: https://github.com/FreeRADIUS/