diff --git a/README.md b/README.md index 34ff3fe..c7426c8 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,7 @@ # freeradius-server +The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. +The server is similar in some respects to Livingston's 2.0 server. +While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. +It now has many more features than Cistron or Livingston, and is much more configurable. + diff --git a/freeradius-1.0.0-samba3.patch b/freeradius-1.0.0-samba3.patch new file mode 100644 index 0000000..f2591ce --- /dev/null +++ b/freeradius-1.0.0-samba3.patch @@ -0,0 +1,15 @@ +--- freeradius-1.0.0-pre3/raddb/ldap.attrmap.samba3 2004-07-05 11:57:14.861611615 +0200 ++++ freeradius-1.0.0-pre3/raddb/ldap.attrmap 2004-07-05 11:57:47.134087708 +0200 +@@ -24,9 +24,9 @@ + checkItem Simultaneous-Use radiusSimultaneousUse + checkItem Called-Station-Id radiusCalledStationId + checkItem Calling-Station-Id radiusCallingStationId +-checkItem LM-Password lmPassword +-checkItem NT-Password ntPassword +-checkItem SMB-Account-CTRL-TEXT acctFlags ++checkItem LM-Password sambaLMPassword ++checkItem NT-Password sambaNTPassword ++checkItem SMB-Account-CTRL-TEXT sambaAcctFlags + checkItem Expiration radiusExpiration + + replyItem Service-Type radiusServiceType diff --git a/freeradius-1.0.5-configure_libgdbm.patch b/freeradius-1.0.5-configure_libgdbm.patch new file mode 100644 index 0000000..5edc835 --- /dev/null +++ b/freeradius-1.0.5-configure_libgdbm.patch @@ -0,0 +1,20 @@ +--- freeradius-1.0.5/src/modules/rlm_dbm/configure.orig 2005-11-16 17:37:42.000000000 +0100 ++++ freeradius-1.0.5/src/modules/rlm_dbm/configure 2005-11-16 17:38:56.000000000 +0100 +@@ -1450,7 +1450,7 @@ + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do +- LIBS="-L$try -lgdbm $old_LIBS" ++ LIBS="-L$try -lgdbm -lgdbm_compat $old_LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* +- smart_lib="-L$try -lgdbm" ++ smart_lib="-L$try -lgdbm -lgdbm_compat" + else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 diff --git a/freeradius-2.1.3-qafixes.patch b/freeradius-2.1.3-qafixes.patch new file mode 100644 index 0000000..2dce55e --- /dev/null +++ b/freeradius-2.1.3-qafixes.patch @@ -0,0 +1,49 @@ +diff -Nru freeradius-server-2.1.3.orig/configure.in freeradius-server-2.1.3/configure.in +--- freeradius-server-2.1.3.orig/configure.in 2008-12-05 16:37:56.000000000 +0000 ++++ freeradius-server-2.1.3/configure.in 2009-03-05 22:25:53.000000000 +0000 +@@ -544,7 +544,19 @@ + ], + [ AC_MSG_WARN([pcap library not found, silently disabling the RADIUS sniffer.]) ]) + +-AC_LIB_READLINE ++AC_CHECK_LIB(readline, readline, ++ [ LIBREADLINE="-lreadline" ++ AC_DEFINE(HAVE_LIBREADLINE, 1, ++ [Define to 1 if you have a readline compatible library.]) ++ AC_DEFINE(HAVE_READLINE_READLINE_H, 1, ++ [Define to 1 if you have the header file.]) ++ AC_DEFINE(HAVE_READLINE_HISTORY, 1, ++ [Define if your readline library has \`add_history']) ++ AC_DEFINE(HAVE_READLINE_HISTORY_H, 1, ++ [Define to 1 if you have the header file.]) ++ ], ++ [ LIBREADLINE="" ]) ++AC_SUBST(LIBREADLINE) + + dnl ############################################################# + dnl # +diff -Nru freeradius-server-2.1.3.orig/src/lib/Makefile freeradius-server-2.1.3/src/lib/Makefile +--- freeradius-server-2.1.3.orig/src/lib/Makefile 2009-03-05 22:24:10.000000000 +0000 ++++ freeradius-server-2.1.3/src/lib/Makefile 2009-03-05 22:25:53.000000000 +0000 +@@ -41,7 +41,7 @@ + + $(TARGET).la: $(LT_OBJS) + $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \ +- $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ ++ $(LDFLAGS) $(LINK_MODE) -o $@ -rpath $(libdir) $^ $(LIBS) + + $(LT_OBJS): $(INCLUDES) + +diff -Nru freeradius-server-2.1.3.orig/src/main/listen.c freeradius-server-2.1.3/src/main/listen.c +--- freeradius-server-2.1.3.orig/src/main/listen.c 2008-12-05 16:37:56.000000000 +0000 ++++ freeradius-server-2.1.3/src/main/listen.c 2009-03-05 22:25:53.000000000 +0000 +@@ -45,6 +45,9 @@ + #include + #endif + ++#ifdef WITH_UDPFROMTO ++#include ++#endif + + /* + * We'll use this below. diff --git a/freeradius-RADIUS-LDAPv3.schema b/freeradius-RADIUS-LDAPv3.schema new file mode 100644 index 0000000..cee7502 --- /dev/null +++ b/freeradius-RADIUS-LDAPv3.schema @@ -0,0 +1,564 @@ +# This is a LDAPv3 schema for RADIUS attributes. +# Tested on OpenLDAP 2.0.7 +# Posted by Javier Fernandez-Sanguino Pena +# LDAP v3 version by Jochen Friedrich +# Updates by Adrian Pavlykevych +############## + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.1 + NAME 'radiusArapFeatures' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.2 + NAME 'radiusArapSecurity' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.3 + NAME 'radiusArapZoneAccess' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.44 + NAME 'radiusAuthType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.4 + NAME 'radiusCallbackId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.5 + NAME 'radiusCallbackNumber' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.6 + NAME 'radiusCalledStationId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.7 + NAME 'radiusCallingStationId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.8 + NAME 'radiusClass' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.45 + NAME 'radiusClientIPAddress' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.9 + NAME 'radiusFilterId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.10 + NAME 'radiusFramedAppleTalkLink' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.11 + NAME 'radiusFramedAppleTalkNetwork' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.12 + NAME 'radiusFramedAppleTalkZone' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.13 + NAME 'radiusFramedCompression' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.14 + NAME 'radiusFramedIPAddress' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.15 + NAME 'radiusFramedIPNetmask' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.16 + NAME 'radiusFramedIPXNetwork' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.17 + NAME 'radiusFramedMTU' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.18 + NAME 'radiusFramedProtocol' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.19 + NAME 'radiusFramedRoute' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.20 + NAME 'radiusFramedRouting' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.46 + NAME 'radiusGroupName' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.47 + NAME 'radiusHint' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.48 + NAME 'radiusHuntgroupName' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.21 + NAME 'radiusIdleTimeout' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.22 + NAME 'radiusLoginIPHost' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.23 + NAME 'radiusLoginLATGroup' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.24 + NAME 'radiusLoginLATNode' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.25 + NAME 'radiusLoginLATPort' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.26 + NAME 'radiusLoginLATService' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.27 + NAME 'radiusLoginService' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.28 + NAME 'radiusLoginTCPPort' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.29 + NAME 'radiusPasswordRetry' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.30 + NAME 'radiusPortLimit' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.49 + NAME 'radiusProfileDn' + DESC '' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.31 + NAME 'radiusPrompt' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.50 + NAME 'radiusProxyToRealm' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.51 + NAME 'radiusReplicateToRealm' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.52 + NAME 'radiusRealm' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.32 + NAME 'radiusServiceType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.33 + NAME 'radiusSessionTimeout' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.34 + NAME 'radiusTerminationAction' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.35 + NAME 'radiusTunnelAssignmentId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.36 + NAME 'radiusTunnelMediumType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.37 + NAME 'radiusTunnelPassword' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.38 + NAME 'radiusTunnelPreference' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.39 + NAME 'radiusTunnelPrivateGroupId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.40 + NAME 'radiusTunnelServerEndpoint' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.41 + NAME 'radiusTunnelType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.42 + NAME 'radiusVSA' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.43 + NAME 'radiusTunnelClientEndpoint' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + + +#need to change asn1.id +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.53 + NAME 'radiusSimultaneousUse' + DESC '' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.54 + NAME 'radiusLoginTime' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.55 + NAME 'radiusUserCategory' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.56 + NAME 'radiusStripUserName' + DESC '' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.57 + NAME 'dialupAccess' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.58 + NAME 'radiusExpiration' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.59 + NAME 'radiusCheckItem' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + +attributetype + ( 1.3.6.1.4.1.3317.4.3.1.60 + NAME 'radiusReplyItem' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) + + +objectclass + ( 1.3.6.1.4.1.3317.4.3.2.1 + NAME 'radiusprofile' + SUP top AUXILIARY + DESC '' + MUST cn + MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ + radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ + radiusCalledStationId $ radiusCallingStationId $ radiusClass $ + radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ + radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ + radiusFramedCompression $ radiusFramedIPAddress $ + radiusFramedIPNetmask $ radiusFramedIPXNetwork $ + radiusFramedMTU $ radiusFramedProtocol $ + radiusCheckItem $ radiusReplyItem $ + radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ + radiusGroupName $ radiusHint $ radiusHuntgroupName $ + radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ + radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ + radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ + radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ + radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ + radiusSessionTimeout $ radiusStripUserName $ + radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ + radiusSimultaneousUse $ radiusTunnelAssignmentId $ + radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ + radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ + radiusTunnelType $ radiusUserCategory $ radiusVSA $ + radiusExpiration $ dialupAccess ) + ) diff --git a/freeradius-initscript b/freeradius-initscript new file mode 100644 index 0000000..a790003 --- /dev/null +++ b/freeradius-initscript @@ -0,0 +1,82 @@ +#!/bin/sh +# +# chkconfig: 2345 88 10 +# description: Start/Stop the RADIUS server daemon +# pidfile: /var/run/radiusd/radiusd.pid +# processname: radiusd +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Copyright (C) 2001 The FreeRADIUS Project http://www.freeradius.org +# + +# Source function library. +. /etc/rc.d/init.d/functions + +RADIUSD=/usr/sbin/radiusd +LOCKF=/var/lock/subsys/radiusd +CONFIG=/etc/raddb/radiusd.conf + +[ -f $RADIUSD ] || exit 0 +[ -f $CONFIG ] || exit 0 + +RETVAL=0 + +case "$1" in + start) + echo -n $"Starting RADIUS server: " + daemon $RADIUSD -y + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch $LOCKF && + ln -s /var/run/radiusd/radiusd.pid /var/run/radiusd.pid 2>/dev/null + ;; + stop) + echo -n $"Stopping RADIUS server: " + killproc $RADIUSD + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f $LOCKF + ;; + status) + status radiusd + RETVAL=$? + ;; + reload) + echo -n $"Reloading RADIUS server: " + killproc $RADIUSD -HUP + RETVAL=$? + echo + ;; + restart) + $0 stop + sleep 3 + $0 start + RETVAL=$? + ;; + condrestart) + if [ -f $LOCKF ]; then + $0 stop + sleep 3 + $0 start + RETVAL=$? + fi + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|reload|condrestart}" + exit 1 +esac + +exit $RETVAL diff --git a/freeradius-pam b/freeradius-pam new file mode 100644 index 0000000..8858f25 --- /dev/null +++ b/freeradius-pam @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required pam_unix_auth.so shadow nullok +auth required pam_nologin.so +account required pam_unix_acct.so +password required pam_cracklib.so +password required pam_unix_passwd.so shadow nullok use_authtok +session required pam_unix_session.so diff --git a/freeradius-server.spec b/freeradius-server.spec new file mode 100644 index 0000000..d35cf69 --- /dev/null +++ b/freeradius-server.spec @@ -0,0 +1,422 @@ +%define radiusd_uid 65024 +%define radiusd_gid 65024 + +%define libname libfreeradius + +Name: freeradius-server +Version: 2.2.1 +Release: 1mamba +Summary: A high performance and highly configurable GPL'd free RADIUS server +Group: System/Servers +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.freeradius.org +Source0: ftp://ftp.freeradius.org/pub/radius/freeradius-server-%{version}.tar.gz +Source1: freeradius-RADIUS-LDAPv3.schema +Source2: freeradius-initscript +Source3: freeradius-pam +Patch0: freeradius-1.0.5-configure_libgdbm.patch +Patch1: freeradius-1.0.0-samba3.patch +Patch2: freeradius-2.1.3-qafixes.patch +License: GPL +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libe2fs-devel +BuildRequires: libgdbm-devel +BuildRequires: libgssapi-devel +BuildRequires: libkrb5-devel +BuildRequires: libltdl-devel +BuildRequires: libmysql5-devel +BuildRequires: libodbc-devel +BuildRequires: libopenldap-devel +BuildRequires: libopenssl-devel +BuildRequires: libpcap-devel +BuildRequires: libpostgresql-devel +BuildRequires: libsasl-devel +BuildRequires: libsqlite-devel +BuildRequires: libstdc++6-devel +BuildRequires: libz-devel +BuildRequires: pam-devel +BuildRequires: perl-DBI +BuildRequires: perl-devel +## AUTOBUILDREQ-END +BuildRequires: libopenldap-devel >= 2.2.20 +Provides: freeradius +Obsoletes: freeradius +Requires: %{libname} = %{version} +Requires: openldap-servers >= 2.1.22 +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. +The server is similar in some respects to Livingston's 2.0 server. +While FreeRADIUS started as a variant of the Cistron RADIUS server, they don't share a lot in common any more. +It now has many more features than Cistron or Livingston, and is much more configurable. + +%package -n %{libname} +Summary: Libraries for %{name} +Group: System/Libraries + +%description -n %{libname} +The FreeRADIUS Server Project is a high performance and highly configurable GPL'd free RADIUS server. +This package contrains the dynamic libraries needed by FreeRADIUS. + +%package -n %{libname}-devel +Summary: Static libraries and headers for %{name} +Group: Development/Libraries +Requires: %{name} = %{version} +Requires: %{libname} = %{version} + +%description -n %{libname}-devel +Development headers and libraries for %{name} + +%package -n %{libname}-krb5 +Summary: The Kerberos module for %{name} +Group: System/Servers +Requires: libkrb5 +Requires: %{name} = %{version} + +%description -n %{libname}-krb5 +The FreeRADIUS server can use Kerberos to authenticate users, and this module is necessary for that. + +%package -n %{libname}-ldap +Summary: The LDAP module for %{name} +Group: System/Servers +Requires: %{name} = %{version} + +%description -n %{libname}-ldap +The FreeRADIUS server can use LDAP to authenticate users, and this module is necessary for that. + +%package -n %{libname}-postgresql +Summary: The PostgreSQL module for %{name} +Group: System/Servers +Requires: %{name} = %{version} + +%description -n %{libname}-postgresql +The FreeRADIUS server can use PostgreSQL to authenticate users and do accounting, and this module is necessary for that. + +%package -n %{libname}-mysql +Summary: The MySQL module for %{name} +Group: System/Servers +Requires: %{name} = %{version} + +%description -n %{libname}-mysql +The FreeRADIUS server can use MySQL to authenticate users and do accounting, and this module is necessary for that. + +%package -n %{libname}-unixODBC +Summary: The unixODBC module for %{name} +Group: System/Servers +Requires: %{name} = %{version} + +%description -n %{libname}-unixODBC +The FreeRADIUS server can use unixODBC to authenticate users and do accounting, and this module is necessary for that. + +%prep +%setup -q +#%patch0 -p1 -b .libgdbm +#%patch1 -p1 -b .samba3 +%patch2 -p1 + +find -type f -name "configure*" | xargs perl -pi -e "s|/lib\b|/%{_lib}|g" + +export CFLAGS="%{optflags} -fPIC -DLDAP_DEPRECATED" +export CXXFLAGS="%{optflags} -fPIC -DLDAP_DEPRECATED" + +%build +#libtoolize --force --copy +#autoreconf +%configure \ + --with-gnu-ld \ + --with-threads \ + --with-thread-pool \ + --libdir=%{_libdir}/%{name} \ + --libexecdir=%{_libdir}/%{name} \ + --disable-ltdl-install \ + --with-ltdl-lib=%{_libdir} \ + --with-rlm-dbm-lib-dir=%{_libdir} \ + --with-snmp \ + --with-experimental-modules \ + --with-large-files \ + --with-system-libltdl \ + --with-system-libtool + +%make -j1 + +[ -e doc/README ] && mv -f doc/README doc/README-FreeRadius + +%install +[ "%{buildroot}" != / ] && rm -rf %{buildroot} + +install -d %{buildroot}%{_libdir}/%{name} + +%makeinstall R=%{buildroot} + +sed -i "s|#user = .*|user=radiusd| + s|#group = .*|group=radiusd|" \ + %{buildroot}%{_sysconfdir}/raddb/radiusd.conf + +install -D -m0644 %{SOURCE1} \ + %{buildroot}%{_sysconfdir}/openldap/schema/radius.schema +install -D -m0755 %{SOURCE2} \ + %{buildroot}%{_initrddir}/radiusd +install -D -m0644 %{SOURCE3} \ + %{buildroot}%{_sysconfdir}/pam.d/radiusd + +install -D redhat/freeradius-radiusd-init \ + %{buildroot}%{_initrddir}/radiusd +install -D -m0644 redhat/freeradius-logrotate \ + %{buildroot}%{_sysconfdir}/logrotate.d/freeradius + +# fix the naming of the sql.conf file +mv %{buildroot}%{_sysconfdir}/raddb/sql.conf \ + %{buildroot}%{_sysconfdir}/raddb/mysql.conf + +# install header files +install -d %{buildroot}%{_includedir}/%{name} +install -m0644 src/include/*.h %{buildroot}%{_includedir}/%{name}/ + +# put the mibs in place +install -d %{buildroot}%{_datadir}/snmp/mibs +install -m0644 mibs/FREERADIUS* mibs/RADIUS* %{buildroot}%{_datadir}/snmp/mibs/ + +install -d %{buildroot}/var/log/radius/radacct + +touch %{buildroot}/var/log/radius/radutmp +touch %{buildroot}/var/log/radius/radwtmp +touch %{buildroot}/var/log/radius/radius.log + +install -d %{buildroot}/var/run/radiusd + +# remove unpackages files +rm -f %{buildroot}%{_sysconfdir}/raddb/mssql.conf +rm -f %{buildroot}%{_sysconfdir}/raddb/oraclesql.conf + +%clean +[ "%{buildroot}" != / ] && rm -rf %{buildroot} + +%pre +if [ $1 -eq 1 ]; then +# new install + /usr/sbin/groupadd -g %{radiusd_gid} radiusd + /usr/sbin/useradd -u %{radiusd_uid} -c radiusd -d /dev/null -g radiusd -s /bin/false radiusd +fi +exit 0 + +%preun +if [ $1 -eq 0 ]; then +# erase + chkconfig --del radiusd + /sbin/service radiusd stop &>/dev/null + /usr/sbin/userdel radiusd + /usr/sbin/groupdel radiusd +fi +exit 0 + +%postun +if [ $1 -eq 1 ]; then +# upgrade + /sbin/service radiusd condrestart +fi +exit 0 + +%post -n %{libname}-krb5 -p /sbin/ldconfig +%postun -n %{libname}-krb5 -p /sbin/ldconfig + +%post -n %{libname}-ldap +/sbin/ldconfig +if [ $1 -eq 1 ]; then + if [ ! `grep radius.schema /etc/openldap/slapd.conf` ]; then + sed -i -e '/# Define global ACLs/i \ + include /etc/openldap/schema/radius.schema' \ + /etc/openldap/slapd.conf + /bin/chgrp ldap /etc/openldap/slapd.conf + /sbin/service openldap condrestart + fi +fi +exit 0 + +%postun -n %{libname}-ldap -p /sbin/ldconfig + +%preun -n %{libname}-ldap +if [ $1 -eq 0 ]; then + sed -i 's/include.*qmail.schema//' /etc/openldap/slapd.conf + /bin/chgrp ldap /etc/openldap/slapd.conf + /sbin/service openldap restart +fi +exit 0 + +%post -n %{libname}-postgresql -p /sbin/ldconfig +%postun -n %{libname}-postgresql -p /sbin/ldconfig + +%post -n %{libname}-mysql -p /sbin/ldconfig +%postun -n %{libname}-mysql -p /sbin/ldconfig + +%post -n %{libname}-unixODBC -p /sbin/ldconfig +%postun -n %{libname}-unixODBC -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%config(noreplace) %{_sysconfdir}/logrotate.d/freeradius +%config(noreplace) %{_sysconfdir}/pam.d/radiusd +%dir %{_sysconfdir}/raddb +%config(noreplace) %attr(-,root,root) %{_sysconfdir}/raddb/certs/* +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/acct_users +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/attrs* +#%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/clients +%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/clients.conf +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/dictionary +%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/eap.conf +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/example.pl +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/experimental.conf +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/hints +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/huntgroups +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/modules +#%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/naspasswd +#%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/postgresql.conf +%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/policy.conf +%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/policy.txt +%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/proxy.conf +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/radiusd.conf +#%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/realms +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/sites-available +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/sites-enabled +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/sql +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/sqlippool.conf +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/templates.conf +#%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/snmp.conf +#%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/x99.conf +#%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/x99passwd.sample +%config(noreplace) %attr(0640,root,radiusd) %{_sysconfdir}/raddb/preproxy_users +%config(noreplace) %attr(0640,root,radiusd) %{_sysconfdir}/raddb/users +%{_sysconfdir}/openldap/schema/radius.schema +%attr(0755,root,root) %{_initrddir}/radiusd +%{_bindir}/* +%{_sbindir}/* +%dir %{_datadir}/freeradius +%{_datadir}/freeradius/* +%attr(0644,root,root) %{_datadir}/snmp/mibs/* +%dir %attr(0755,radiusd,radiusd) /var/log/radius +%dir %attr(0755,radiusd,radiusd) /var/log/radius/radacct +%dir %attr(0755,radiusd,radiusd) /var/run/radiusd +%attr(0644,radiusd,radiusd) %ghost /var/log/radius/radutmp +%attr(0644,radiusd,radiusd) %ghost /var/log/radius/radwtmp +%attr(0644,radiusd,radiusd) %ghost /var/log/radius/radius.log +%{_datadir}/doc/freeradius/* +%{_mandir}/man1/* +%{_mandir}/man5/* +%{_mandir}/man8/* +%doc COPYRIGHT CREDITS LICENSE doc/* + +%files -n %{libname} +%defattr(-,root,root) +#%{_libdir}/%{name}/libradius*.la +#%{_libdir}/%{name}/libradius*.so +#%{_libdir}/%{name}/libeap*.la +#%{_libdir}/%{name}/libeap*.so +%{_libdir}/%{name}/rlm_*.la +%{_libdir}/%{name}/rlm_*.so +%{_libdir}/%{name}/libfreeradius-eap*.la +%{_libdir}/%{name}/libfreeradius-eap*.so +%{_libdir}/%{name}/libfreeradius-radius*.la +%{_libdir}/%{name}/libfreeradius-radius*.so +%exclude %{_libdir}/%{name}/rlm_sql_mysql* +%exclude %{_libdir}/%{name}/rlm_sql_postgresql* +%exclude %{_libdir}/%{name}/rlm_sql_unixodbc* +%exclude %{_libdir}/%{name}/rlm_ldap* + +%files -n %{libname}-devel +%defattr(-,root,root) +%{_libdir}/%{name}/*.a +%{_includedir}/%{name} +%{_includedir}/freeradius/*.h + +%files -n %{libname}-krb5 +%defattr(-,root,root) +#%{_libdir}/%{name}/rlm_krb5-%{version}.so* + +%files -n %{libname}-ldap +%defattr(-,root,root) +%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/raddb/ldap.attrmap +%{_libdir}/%{name}/rlm_ldap*.so* +%{_libdir}/%{name}/rlm_ldap*.la + +%files -n %{libname}-postgresql +%defattr(-,root,root) +#%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/postgresql.conf +%{_libdir}/%{name}/rlm_sql_postgresql*.so* +%{_libdir}/%{name}/rlm_sql_postgresql*.la + +%files -n %{libname}-mysql +%defattr(-,root,root) +%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/raddb/mysql.conf +%{_libdir}/%{name}/rlm_sql_mysql*.so* +%{_libdir}/%{name}/rlm_sql_mysql*.la + +%files -n %{libname}-unixODBC +%defattr(-,root,root) +%{_libdir}/%{name}/rlm_sql_unixodbc*.so* +%{_libdir}/%{name}/rlm_sql_unixodbc*.la + +%changelog +* Thu Sep 19 2013 Automatic Build System 2.2.1-1mamba +- automatic update by autodist + +* Fri Nov 23 2012 Automatic Build System 2.2.0-1mamba +- automatic version update by autodist + +* Tue Jun 22 2010 Automatic Build System 2.1.9-1mamba +- automatic update by autodist + +* Mon Feb 08 2010 Silvan Calarco 2.1.8-2mamba +- rebuilt without libshadow + +* Thu Jan 14 2010 Automatic Build System 2.1.8-1mamba +- automatic update by autodist + +* Sun Sep 20 2009 Automatic Build System 2.1.7-1mamba +- automatic update by autodist + +* Sat May 30 2009 Automatic Build System 2.1.6-1mamba +- automatic update by autodist + +* Fri Apr 03 2009 Silvan Calarco 2.1.4-1mamba +- update to 2.1.4 + +* Fri Apr 03 2009 Silvan Calarco 1.0.5-4mamba +- automatic rebuild by autodist + +* Tue Mar 21 2006 Davide Madrisan 1.0.5-3qilnx +- install freeradius mibs and headers files +- libraries splitted into several packages +- added ghost logging files to main package + +* Wed Nov 16 2005 Davide Madrisan 1.0.5-2qilnx +- fixed test for gdbm library usability in the configure script + +* Wed Nov 16 2005 Davide Madrisan 1.0.5-1qilnx +- update to version 1.0.5 by autospec + +* Wed Mar 09 2005 Davide Madrisan 1.0.2-1qilnx +- update to version 1.0.2 by autospec +- also fix security issues QSA-2005-023 (CAN-2004-[0938,0960,0961]) +- added missing build requirements + +* Wed Aug 18 2004 Silvan Calarco 1.0.0-1qilnx +- new version build +- use radiusd userid from QiLinux database + +* Tue Apr 13 2004 Silvan Calarco 0.9.3-3qilnx +- rebuild with libtool's libltdl fixed (don't install freeradius' own) + +* Thu Feb 19 2004 Silvan Calarco 0.9.3-2qilnx +- fixed initscript chkconfig stuff + +* Mon Nov 24 2003 Davide Madrisan 0.9.3-1qilnx +- rebuilt with version 0.9.3 (security fix) + +* Tue Sep 23 2003 Silvan Calarco 0.9.1-1qilnx +- upgrade to new version + +* Mon Sep 22 2003 Silvan Calarco 0.8.1-1qilnx +- first build