Freeradius server 3.0.23 released
The FreeRADIUS Server Project is a high performance and highly configurable multi-protocol policy server, supporting RADIUS, DHCPv4, and VMPS. It is available under the terms of the GNU GPLv2. Using RADIUS allows authentication and authorization for a network to be centralized, and minimizes the number of changes that have to be done when adding or deleting new users to a network.
FreeRADIUS can authenticate users on systems such as 802.1x (WiFi), dial-up, PPPoE, VPN’s, VoIP, and many others. It supports back-end databases such as MySQL, PostgreSQL, Oracle, Microsoft Active Directory, Apache Cassandra, Redis, OpenLDAP, and many more. It is used daily to authenticate Internet access for hundreds of millions of people, in sites ranging from 10 to 10 million+ users.
Changelog v3.0.23
Feature improvements
- Update dictionary.aruba
- Add
set home_server state ... downin order to mark the home server as administratively down. Usealiveto bring it back to life. - Add
Post-Auth-Type Client-Lostwhich should make it easier to log when clients stop responding. - Add
sites-available/totpas an example of how to use TOTP. - Add
%{mschap:Domain-Name}, fixes #3944. - Cache TLS messages in &session-state, for more debugging.
- Notes in eap configuration about TLS 1.0 / TLS 1.1, and setting
cipher_list = "DEFAULT@SECLEVEL=1" - Added many warning messages about using TLS 1.3 with EAP. In short, don’t use it. Microsoft will support it in fall 2021.
Bug fixes
- Fix crash in some cases when home server is down, in debug mode.
- Fix (again) “read clients from SQL” functionality.
- Fix sql_map to return values in more situations.
- Silently ignore LEAP configuration instead of erroring out.
Install
git clone https://github.com/FreeRADIUS/freeradius-server.git
./configure
make
make install
Configuring the server
- Start off with the default configuration files.
- Save a copy of the default configuration: It WORKS. Don’t change it!
- Verify that the server starts – in debugging mode (
radiusd -X). - Send it test packets using “radclient”, or a NAS or AP.
- Verify that the server does what you expect
- If it does not work, change the configuration, and go to step (3)
- If you’re stuck, revert to using the “last working” configuration.
- If it works, proceed to step (6).
- Save a copy of the working configuration, along with a note of what you changed, and why.
- Make a SMALL change to the configuration.
- Repeat from step (3).
Tutorial
Copyright (C) 1999-2018 The FreeRADIUS Server Project
Source: https://github.com/FreeRADIUS/
