Freeradius server 3.2 released
The FreeRADIUS Server Project is a high performance and highly configurable multi-protocol policy server, supporting RADIUS, DHCPv4, and VMPS. It is available under the terms of the GNU GPLv2. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the number of changes that have to be done when adding or deleting new users to a network.
FreeRADIUS can authenticate users on systems such as 802.1x (WiFi), dial-up, PPPoE, VPN’s, VoIP, and many others. It supports back-end databases such as MySQL, PostgreSQL, Oracle, Microsoft Active Directory, Apache Cassandra, Redis, OpenLDAP, and many more. It is used daily to authenticate Internet access for hundreds of millions of people, in sites ranging from 10 to 10 million+ users.
Changelog v3.2
Configuration changes
correct_escapes
has been removed, and is always set to “true” internally. Configuration changes may be required if you are using configurations from before 3.0.5. Other than this difference, 3.2.x is compatible with 3.0.x, and configurations from 3.0.x can be simply copied into a system running 3.2.x.
Feature improvements
- All features from 3.0.x are included in the 3.2.x releases. In addition:
- Add
reset_day
and%%r
parameter forrlm_sqlcounter
to specify which day of the month the counter should be reset. - Partial backport of
rlm_json
from v4, providing thejson_encode
xlat. Seemods-available/json
for documentation. - Support for haproxy “PROXY” protocol. See
sites-available/tls
,proxy_protocol
anddoc/antora/modules/howto/pages/protocols/proxy/
- Support for sending CoA-Request and Disconnect-Request packets in “reverse” down RadSec tunnels. Experimental for now, and undocumented.
- It is now possible to run a virtual server when saving / loading TLS cache attributes. See
sites-available/tls-cache
for more information. - Removed the
cram
module. It was undocumented, and used old and insecure authentication methods. - Remove the
otp
module. Theotpd
program it needs is no longer available, and the module has not been usable since at least 2015. - 3.2.0 requires OpenSSL 1.0.2 or greater.
Bug fixes
- All bug fixes from 3.0.x are included in the 3.2.x releases.
Install
git clone https://github.com/FreeRADIUS/freeradius-server.git
./configure
make
make install
Configuring the server
- Start off with the default configuration files.
- Save a copy of the default configuration: It WORKS. Don’t change it!
- Verify that the server starts – in debugging mode (
radiusd -X
). - Send it test packets using “radclient”, or a NAS or AP.
- Verify that the server does what you expect
- If it does not work, change the configuration, and go to step (3)
- If you’re stuck, revert to using the “last working” configuration.
- If it works, proceed to step (6).
- Save a copy of the working configuration, along with a note of what you changed, and why.
- Make a SMALL change to the configuration.
- Repeat from step (3).
Tutorial
Copyright (C) 1999-2018 The FreeRADIUS Server Project
Source: https://github.com/FreeRADIUS/