**** xref:unlang/try.adoc[try]
**** xref:unlang/update.adoc[update]
-*** xref:unlang/local.adoc[Local variables]
+*** xref:unlang/local.adoc[Local Variables]
*** xref:unlang/module.adoc[Modules]
-**** xref:unlang/module_method.adoc[Module methods]
-**** xref:unlang/module_builtin.adoc[Built-in modules]
+**** xref:unlang/module_method.adoc[Module Methods]
+**** xref:unlang/module_builtin.adoc[Built-in Modules]
*** xref:unlang/condition/index.adoc[Conditional Expressions]
**** xref:unlang/condition/cmp.adoc[Comparisons]
-**** xref:unlang/condition/expression.adoc[Mathematica Expressions]
+**** xref:unlang/condition/expression.adoc[Mathematical Expressions]
**** xref:unlang/condition/operands.adoc[Operands]
-**** xref:unlang/condition/return_codes.adoc[The return code operator]
-**** xref:unlang/condition/eq.adoc[The '==' operator]
-**** xref:unlang/condition/and.adoc[The '&&' operator]
-**** xref:unlang/condition/or.adoc[The '||' operator]
-**** xref:unlang/condition/not.adoc[The '!' operator]
-**** xref:unlang/condition/para.adoc[The '( )' operator]
+**** xref:unlang/condition/return_codes.adoc[The Return Code Operator]
+**** xref:unlang/condition/eq.adoc[The '==' Operator]
+**** xref:unlang/condition/and.adoc[The '&&' Operator]
+**** xref:unlang/condition/or.adoc[The '||' Operator]
+**** xref:unlang/condition/not.adoc[The '!' Operator]
+**** xref:unlang/condition/para.adoc[The '( )' Operator]
**** xref:unlang/condition/regex.adoc[Regular Expressions]
*** xref:unlang/list.adoc[Attribute Lists]
*** xref:raddb/format.adoc[Format of the Configuration Files]
*** xref:raddb/certs/index.adoc[Certificates]
*** xref:raddb/global.d/index.adoc[Global Configuration]
-**** xref:raddb/global.d/ldap.adoc[ldap]
-**** xref:raddb/global.d/python.adoc[python]
+**** xref:raddb/global.d/ldap.adoc[Ldap]
+**** xref:raddb/global.d/python.adoc[Python]
** xref:raddb/mods-available/index.adoc[Modules]
-*** xref:raddb/mods-available/all_modules.adoc[Summary of all modules]
+*** xref:raddb/mods-available/all_modules.adoc[Summary of Modules]
*** xref:raddb/mods-available/doc/authentication.adoc[Authentication]
**** xref:raddb/mods-available/chap.adoc[CHAP module]
**** xref:raddb/mods-available/ntlm_auth.adoc[NTLM Auth]
**** xref:raddb/mods-available/pam.adoc[Pluggable Authentication]
**** xref:raddb/mods-available/pap.adoc[PAP]
-xref:raddb/mods-available/rest.adoc[REST]
+**** xref:raddb/mods-available/rest.adoc[REST]
**** xref:raddb/mods-available/totp.adoc[TOTP]
**** xref:raddb/mods-available/winbind.adoc[Winbind]
**** xref:raddb/mods-available/yubikey.adoc[Yubikey]
***** xref:raddb/mods-available/cache_tls.adoc[Cache TLS Session]
**** xref:raddb/mods-available/client.adoc[Client]
**** xref:raddb/mods-available/csv.adoc[CSV]
-**** xref:raddb/mods-available/etc_group.adoc[etc_group]
+**** xref:raddb/mods-available/etc_group.adoc[Etc_group]
**** xref:raddb/mods-available/files.adoc[Files]
***** xref:raddb/mods-config/files/users.adoc[File Format]
**** xref:raddb/mods-available/ldap.adoc[LDAP]
***** xref:raddb/mods-available/smbpasswd.adoc[SMBPasswd]
**** xref:raddb/mods-available/redis.adoc[REDIS]
***** xref:raddb/mods-available/redis_ippool.adoc[IP Pool]
-***** xref:raddb/mods-available/rediswho.adoc[User tracking]
-**** xref:raddb/mods-available/rest.adoc[Rest]
+***** xref:raddb/mods-available/rediswho.adoc[User Tracking]
+**** xref:raddb/mods-available/rest.adoc[REST]
**** xref:raddb/mods-available/sql.adoc[SQL]
***** xref:raddb/mods-available/sqlcounter.adoc[Counter]
-***** xref:raddb/mods-available/sqlippool.adoc[IP-Pool]
+***** xref:raddb/mods-available/sqlippool.adoc[IP Pool]
***** xref:raddb/mods-available/redundant_sql.adoc[Redundant]
**** xref:raddb/mods-available/unix.adoc[Unix]
**** xref:raddb/mods-available/logtee.adoc[Logtee]
**** xref:raddb/mods-available/detail.adoc[Detail]
***** xref:raddb/mods-available/detail.example.com.adoc[Example]
-***** xref:raddb/mods-available/detail.log.adoc[Logging]
+***** xref:raddb/mods-available/detail.log.adoc[Log Example]
*** xref:raddb/mods-available/doc/policy.adoc[Policy]
**** xref:raddb/mods-available/always.adoc[Always]
***** xref:raddb/sites-available/proxy-inner-tunnel.adoc[Proxy Inner Tunnel]
**** xref:raddb/sites-available/status.adoc[Status]
**** xref:raddb/sites-available/doc/tacacs.adoc[TACACS+]
-**** xref:raddb/sites-available/tacacs.adoc[Virtual Server]
+***** xref:raddb/sites-available/tacacs.adoc[Virtual Server]
**** xref:raddb/sites-available/tls.adoc[TLS]
***** xref:raddb/sites-available/tls-cache.adoc[TLS Cache]
**** xref:raddb/sites-available/vmps.adoc[VMPS]
-== Authentication Modules
-[options="header"]
-[cols="20%,80%"]
-|=====
-| Module | Description
-| xref:raddb/mods-available/chap.adoc[chap] | Performs Challenge Handshake Authentication Protocol (CHAP) authentication, as described by RFC 2865.
-| xref:raddb/mods-available/digest.adoc[digest] | The digest module performs HTTP digest authentication, usually for a SIP server. See draft-sterman-aaa-sip-00.txt for
-details. The module does not support RFC 5090.
-| xref:raddb/mods-available/eap.adoc[eap] | Implements the base protocol for EAP (Extensible Authentication Protocol).
-| xref:raddb/mods-available/eap_inner.adoc[eap_inner] | EAP/Inner Configuration for secure transmissions.
-| xref:raddb/mods-available/imap.adoc[imap] | Allows users to be authenticated against an IMAP server.
-| xref:raddb/mods-available/krb5.adoc[krb5] | Implements kerberos authentication, using the result of decrypting the TGT as an indication that the provided password was correct.
-| xref:raddb/mods-available/ldap.adoc[ldap] | Can perform user authentication using LDAP binds, or by retrieving the contents of a password attribute for later comparison by a module such as rlm_pap, or an rlm_eap method.
-| xref:raddb/mods-available/mschap.adoc[mschap] | Supports MS-CHAP and MS-CHAPv2 authentication. It also enforces the SMB-Account-Ctrl attribute.
-| xref:raddb/mods-available/opendirectory.adoc[opendirectory] | Integrates with an Apple OpenDirectory service on the same host as FreeRADIUS to allow OpenDirectory users to authenticate.
-| xref:raddb/mods-available/ntlm_auth.adoc[ntlm_auth] | NTLM Auth
-| xref:raddb/mods-available/redundant_sql.adoc[redundant_sql] | Configure a redundant sql server.
-| xref:raddb/mods-available/pam.adoc[pam] | Performs password checking via the Pluggable Authentication Module (PAM) framework.
-| xref:raddb/mods-available/pap.adoc[pap] | Accepts a large number of formats for the "known good" (reference) password, such as crypt hashes, md5 hashes, and etc. The module takes the User-Password and performs the necessary transformations of the user submitted password
-to match the copy of the password the server has retrieved.
-| xref:raddb/mods-available/smbpasswd.adoc[smbpasswd] | SMBPasswd
-| xref:raddb/mods-available/totp.adoc[totp] | Implemments the TOTP algorithm to fufill authentication requests.
-| xref:raddb/mods-available/wimax.adoc[wimax] | Implements WiMAX authentication over RADIUS.
-| xref:raddb/mods-available/winbind.adoc[winbind] | The module also allows for direct connection to Samba winbindd (version 4.2.1 or above), which communicates with
-Active-Directory to retrieve group information and the user's NT-Password.
-| xref:raddb/mods-available/yubikey.adoc[yubikey] | Supports authentication of yubikey tokens where the PSK is known to FreeRADIUS, and integrates with the Yubico cloud-based authentication service.
-|=====
-
-== Authorization Modules
-[options="header"]
-[cols="20%,80%"]
-|=====
-| Module | Description
-| xref:raddb/mods-available/smtp.adoc[smtp] | Allows users to submit smtp formatted, mime-encoded emails to a server Supports User-Name User-Password authentication Supports file attachments, size limited by the MTA.
-|=====
-
-== Datastore Modules
-[options="header"]
-[cols="20%,80%"]
-|=====
-| Module | Description
-| xref:raddb/mods-available/cache.adoc[cache] | Stores attributes and/or lists and adds them back to a subsequent request or to the current request on a later execution of the module.
-| xref:raddb/mods-available/cache_eap.adoc[cache_eap] | Cache EAP
-| xref:raddb/mods-available/cache_tls.adoc[cache_tls] | Cache TLS Session
-| xref:raddb/mods-available/client.adoc[client] | Reads client definitions from flat files.
-| xref:raddb/mods-available/csv.adoc[csv] | Maps values in a CSV file to FreeRADIUS attributes and adds them to the request.
-| xref:raddb/mods-available/ldap.adoc[ldap] | Allows LDAP directory entries to be retrieved, modified, inserted and deleted.
-| xref:raddb/mods-available/passwd.adoc[passwd] | Reads and caches line-oriented files that are in a format similar to ``/etc/passwd``.
-| xref:raddb/mods-available/redis.adoc[redis] | Provides connectivity to single and clustered instances of Redis. This module exposes a string expansion that may be
-used to execute queries against Redis.
-| xref:raddb/mods-available/redis_ippool.adoc[redis_ippool] | Implements a fast and scalable IP allocation system using Redis. Supports both IPv4 and IPv6 address and prefix
-allocation, and implements pre-allocation for use with DHCPv4.
-| xref:raddb/mods-available/rediswho.adoc[rediswho] | Records which users are currently logged into the service. The file is used mainly for Simultaneous-Use checking to see
-who has current sessions.
-| xref:raddb/mods-available/redundant_sql.adoc[redundant_sql] | Configure a redundant sql server.
-| xref:raddb/mods-available/sql.adoc[sql] | Provides an abstraction over multiple SQL backends, via database specific drivers.
-| xref:raddb/mods-available/sqlippool.adoc[sqlippool] | SQL based IP allocation module.
-| xref:raddb/mods-available/unix.adoc[unix] | Retrieves a user's encrypted password from the local system and places it into the ``control.Password.Crypt`` attribute.
-The password is retrieved via the ``getpwent()`` and ``getspwent()`` system calls.
-|=====
-
-== IO Modules
-[options="header"]
-[cols="20%,80%"]
-|=====
-| Module | Description
-| xref:raddb/mods-available/detail.adoc[detail] | Writes attributes from a request list to a flat file in 'detail' format.
-|xref:raddb/mods-available/detail.example.com.adoc[Detail Example] | Detail (Sample)
-| xref:raddb/mods-available/detail.log.adoc[detail.log] | Detail Log Example
-| xref:raddb/mods-available/files.adoc[files] | Implements a traditional Livingston-style users file.
-| xref:raddb/mods-available/icmp.adoc[icmp] | Sends an ICMP "echo request" message to a particular IP address.
-
-| xref:raddb/mods-available/radius.adoc[radius] | Allows Access-Requests, Accounting-Requests, CoA-Requests and Disconnect-Messages to be sent during request processing.
-| xref:raddb/mods-available/rest.adoc[rest] | Sends HTTP requests to remote servers and decodes the responses.
-| xref:raddb/mods-available/unbound.adoc[unbound] | Performs queries against a DNS service to allow FQDNs to be resolved during request processing.
-|=====
-
-== Language Modules
-[options="header"]
-[cols="20%,80%"]
-|=====
-| Module | Description
-| xref:raddb/mods-available/exec.adoc[exec] | Executes an external script, passing in FreeRADIUS attributes as environmental variables or as arguments.
-| xref:raddb/mods-available/lua.adoc[lua] | Allows the server to call embedded lua scripts.
-| xref:raddb/mods-available/mruby.adoc[mruby] | Allows the server to call a persistent, embedded mRuby script.
-| xref:raddb/mods-available/perl.adoc[perl] | Allows the server to call a persistent, embedded Perl script.
-| xref:raddb/mods-available/python.adoc[python] | Allows the server to call a persistent, embedded Python script.
-|=====
-
-== Policy Modules
-[options="header"]
-[cols="20%,80%"]
-|=====
-| Module | Description
-| xref:raddb/mods-available/always.adoc[always] | Returns a pre-configured result code such as 'ok', 'noop', 'reject' etc...
-| xref:raddb/mods-available/attr_filter.adoc[attr_filter] | Filters attributes in a request. Can delete attributes or permit them to have only certain values.
-| xref:raddb/mods-available/cipher.adoc[cipher] | Perform cryptographic calculations on data.
-| xref:raddb/mods-available/date.adoc[date] | Converts date strings between user configurable formats.
-| xref:raddb/mods-available/delay.adoc[delay] | Introduces an artificial non-blocking delay when processing a request.
-| xref:raddb/mods-available/escape.adoc[escape] | Escapes and unescapes strings using the MIME escape format
-| xref:raddb/mods-available/idn.adoc[idn] | Converts internationalized domain names to ASCII.
-| xref:raddb/mods-available/json.adoc[json] | Parses JSON strings into an in memory format using the json-c library.
-| xref:raddb/mods-available/sometimes.adoc[sometimes] | Is a hashing and distribution protocol, that will sometimes return one code or another depending on the input value
-configured.
-| xref:raddb/mods-available/sqlcounter.adoc[sqlcounter] | Records statistics for users such as data transfer and session time, and prevent further logins when limits are reached.
-| xref:raddb/mods-available/unpack.adoc[unpack] | Unpacks binary data from octets type attributes into individual attributes.
-| xref:raddb/mods-available/utf8.adoc[utf8] | Checks all attributes of type string in the current request, to ensure that they only contain valid UTF8 sequences.
-|=====
-
-== Protocol Modules
-[options="header"]
-[cols="20%,80%"]
-|=====
-| xref:raddb/mods-available/dhcpv4.adoc[dhcpv4] | Implements DHCPv4 (Dynamic Host Configuration Protocol for IPv4) client and relay.
-| xref:raddb/mods-available/isc_dhcp.adoc[isc_dhcp] | isc_dhcp
-|=====
-
-== Utility Modules
-[options="header"]
-[cols="20%,80%"]
-|=====
-| Module | Description
-
-| xref:raddb/mods-available/cui.adoc[cui] | CUI
-
-| xref:raddb/mods-available/echo.adoc[echo] | Echo
-| xref:raddb/mods-available/etc_group.adoc[etc_group] | etc_group
-| xref:raddb/mods-available/linelog.adoc[linelog] | Creates log entries from attributes, string expansions, or static strings, and writes them to a variety of backends, including syslog, flat files, and raw UDP/TCP sockets.
-| xref:raddb/mods-available/logtee.adoc[logtee] | Tee's request logging at runtime, sending it to additional log destinations.
-| xref:raddb/mods-available/mac2ip.adoc[mac2ip] | Mac2IP
-| xref:raddb/mods-available/mac2vlan.adoc[mac2vlan] | Mac2Vlan
-| xref:raddb/mods-available/stats.adoc[stats] | Stats
-|=====
+= Summary of All Modules
+
+include::partial$authentication_table.adoc[]
+
+include::partial$datastore_table.adoc[]
+
+include::partial$formatconvert_table.adoc[]
+
+include::partial$language_table.adoc[]
+
+include::partial$logging_table.adoc[]
+
+include::partial$policy_table.adoc[]
+
+include::partial$protocol_table.adoc[]
+
+include::partial$utility_table.adoc[]
+
+
+
+
+
+
+
+
// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
The Authentication modules available are:
-* xref:raddb/mods-available/chap.adoc[CHAP module] - CHAP authentication
-
-* xref:raddb/mods-available/digest.adoc[Digest] - HTTP Digest Authentication
-
-* xref:raddb/mods-available/eap.adoc[EAP] - EAP-MD5, EAP-MSCHAPv2, TTLS, PEAP, FAST, TEAP, etc.
-
-** xref:raddb/mods-available/eap_inner.adoc[EAP/Inner] - limit EAP methods to ones which can be used in an "inner tunnel".
-
-* xref:raddb/mods-available/imap.adoc[IMAP] - check user credentials against an IMAP server
-
-* xref:raddb/mods-available/krb5.adoc[Kerberos] - check user credentials against a Kerberos server
-
-* xref:raddb/mods-available/ldap.adoc[LDAP] - check user credentials against an LDAP server
-
-* xref:raddb/mods-available/mschap.adoc[Microsoft CHAP] - MSCHAPv1 and MSCHAPv2 authentication.
-
-* xref:raddb/mods-available/ntlm_auth.adoc[NTLM Auth] - check user credentials against a Samba / Active Directory server
-
-* xref:raddb/mods-available/pam.adoc[Pluggable Authentication] - check user credentials against the Pluggable Authentication Method (PAM)
-
-* xref:raddb/mods-available/pap.adoc[PAP] - PAP authentication. Supports all common password hashing / encryption methods.
-
-* xref:raddb/mods-available/rest.adoc[REST] - check user credentials against a REST server
-
-* xref:raddb/mods-available/totp.adoc[TOTP] - perform time-based one-time-password (TOTP) checks.
-
-* xref:raddb/mods-available/winbind.adoc[Winbind] - check user credentials against a Samba / Active Directory server
-
-* xref:raddb/mods-available/yubikey.adoc[Yubikey] - check user credentials against a Yubikey server or database.
+include::partial$authentication_table.adoc[]
The available Datastore modules are:
-* xref:raddb/mods-available/cache.adoc[Cache] - cache data to local disk, memcached, or redis
-
-** xref:raddb/mods-available/cache_eap.adoc[Cache EAP] - example of caching EAP sessions
-
-** xref:raddb/mods-available/cache_tls.adoc[Cache TLS Session] - example of caching TLS sessions
-
-* xref:raddb/mods-available/client.adoc[Client] - read client definitions dynamically from text files
-
-* xref:raddb/mods-available/csv.adoc[CSV] - read data from a CSV file
-
-* xref:raddb/mods-available/etc_group.adoc[etc_group] - read data from `/etc/group`, or similarly formatted files
-
-* xref:raddb/mods-available/files.adoc[Files] - read data from the `users` file.
-
-* xref:raddb/mods-config/files/users.adoc[Users File Format] - format of the `users` file
-
-* xref:raddb/mods-available/ldap.adoc[LDAP] - connect to an LDAP server
-
-* xref:raddb/mods-available/opendirectory.adoc[OpenDirectory] - connect to an OpenDirectory server
-
-* xref:raddb/mods-available/passwd.adoc[Passwd] - read data from `/etc/passwd`, or similarly formatted files
-
-** xref:raddb/mods-available/mac2ip.adoc[Mac2IP] - example of using the `passwd` module to lookup up IP address by MAC address
-
-** xref:raddb/mods-available/mac2vlan.adoc[Mac2Vlan] - example of using the `passwd` module to lookup up VLAN by MAC address
-
-** xref:raddb/mods-available/smbpasswd.adoc[SMBPasswd] - read data from `/etc/smbpasswd`
-
-* xref:raddb/mods-available/redis.adoc[Redis] - connect to a Redis server
-
-** xref:raddb/mods-available/redis_ippool.adoc[Redis IP Pool] - manages IP pools in Redis
-
-** xref:raddb/mods-available/rediswho.adoc[REDISWho] - manages online users in Redis
-
-* xref:raddb/mods-available/rest.adoc[Rest] - connect to a REST server
-
-* xref:raddb/mods-available/sql.adoc[SQL] - connect to an SQL server
-
-** xref:raddb/mods-available/sqlcounter.adoc[Counter] - track user activity (time / bandwidth) in SQL
-
-** xref:raddb/mods-available/sqlippool.adoc[IP-Pool] - manages IP pools in SQL
-
-** xref:raddb/mods-available/redundant_sql.adoc[Redundant] - example of using redundant connections to an SQL sercer
-
-* xref:raddb/mods-available/unix.adoc[Unix] - read passwords from `getpwent()`
+include::partial$datastore_table.adoc[]
= Formatting and Conversion Modules
-The formatting and conversion modules allow the server to read and
-write data in different formats.
+The modules allow the server to read and write data in different formats and storage types.
-* xref:raddb/mods-available/cipher.adoc[Cipher] - encrypt or decrypt data
+The Formatting and Conversions modules available are:
-* xref:raddb/mods-available/date.adoc[Date] - parse or print dates in specific formats
-
-* xref:raddb/mods-available/escape.adoc[Escape] - escape or un-escape strings
-
-* xref:raddb/mods-available/unpack.adoc[Unpack] - decode binary data from octet strings
-
-* xref:raddb/mods-available/utf8.adoc[UTF-8] - check and enforce UTF8 encoding for strings
+include::partial$formatconvert_table.adoc[]
The available Language modules are:
-* xref:raddb/mods-available/exec.adoc[Exec]- run external programs or shell scripts
-
-** xref:raddb/mods-available/echo.adoc[Echo] - example of using `echo`
-
-* xref:raddb/mods-available/lua.adoc[Lua] - run Lua programs
-
-* xref:raddb/mods-available/perl.adoc[Perl] - run Perl programs
-
-* xref:raddb/mods-available/python.adoc[Python] - run Python programs
-
-* xref:raddb/mods-available/mruby.adoc[Ruby] - run Ruby programs
+include::partial$language_table.adoc[]
The available Logging modules are:
-* xref:raddb/mods-available/linelog.adoc[Linelog] - log single lines to syslog, UDP, TCP, etc.
-
-** xref:raddb/mods-available/logtee.adoc[Logtee] - log to multiple destinations
-
-* xref:raddb/mods-available/detail.adoc[Detail] - log packets in the RADIUS "detail" file format
-
-** xref:raddb/mods-available/detail.example.com.adoc[Detail Sample] - example of writing detail files by date
-
-** xref:raddb/mods-available/detail.log.adoc[Detail Log Sample] - example of logging different packets to different files
+include::partial$logging_table.adoc[]
The available Policy modules are:
-* xref:raddb/mods-available/always.adoc[Always] - always return a value (can be programattically changed!)
-
-* xref:raddb/mods-available/attr_filter.adoc[Attribute filter] - filter replies so that they contain only limited data
-
-* xref:raddb/mods-available/idn.adoc[IDN] - convert internationalized strings to DNS "punycode" encoding.
-
-* xref:raddb/mods-available/sometimes.adoc[Sometimes] - randomly succeed or fail. Mostly used for testing.
-
+include::partial$policy_table.adoc[]
The available protocol modules are:
-* xref:raddb/mods-available/dhcpv4.adoc[DHCPv4] - send DHCPv4 packets as a relay
-
-* xref:raddb/mods-available/isc_dhcp.adoc[ISC DHCP] - Read ISC DHCP configuration files
-
-* xref:raddb/mods-available/radius.adoc[Radius] - Proxy RADIUS packets
-
-** xref:raddb/mods-available/cui.adoc[CUI] - Manage Chargeable-User-Identifier
-
-** xref:raddb/mods-available/wimax.adoc[WiMAX] - Fix WiMAX issues
+include::partial$protocol_table.adoc[]
The utility modules implement a wide range of functionality which
cannot be placed into one of the other categories.
-* xref:raddb/mods-available/delay.adoc[Delay] - add a controlled delay to responses
-
-* xref:raddb/mods-available/dict.adoc[Dict] - look up dictionary entries by name
-
-* xref:raddb/mods-available/smtp.adoc[SMTP] - send email
-
-* xref:raddb/mods-available/stats.adoc[Stats] - gather internal server statistics
-
-* xref:raddb/mods-available/unbound.adoc[Unbound] - do asynchronous DNS lookips
-
-
-
+include::partial$utility_table.adoc[]
accessing the database, another thread can be applying complex local
policies.
+
== Integration into network seamlessly
Large, complex networks often have a diverse combination of
== Why use FreeRADIUS DHCP?
-* optimized to work with FreeRADIUS
+* Optimized to work with FreeRADIUS.
-* a simple cost-effective solution - comes with packaage and can use the same hardware
+* Simple cost-effective solution - comes with packaage and can use the same hardware.
-* Flexible configuration and can scale up depending on organization's needs
+* Flexible configuration and can scale up depending on organization's needs.
-* includes an xref:raddb/mods-available/isc_dhcp.adoc[ISC DHCP] compatibility module, which allows it to read most common ISC DHCP configuration files.
+* Includes an xref:raddb/mods-available/isc_dhcp.adoc[ISC DHCP] compatibility module, which allows it to read most common ISC DHCP configuration files.
== Related information
The DHCPv6 protocol assigns IPv6 addresses to machines. FreeRADIUS
implements all of the DHCPv6 standards.
+
+
You can create another virtual server by:
-* defining a new "server foo \{…}" section in `radiusd.conf`
-* Putting the normal "authorize", etc. sections inside of it
-* Adding a "listen" section _inside_ of the "server" section.
+* Define a new "server foo \{…}" section in `radiusd.conf`
+* Put the normal "authorize", etc. sections inside of it
+* Add a "listen" section _inside_ of the "server" section.
e.g.
--- /dev/null
+== Authentication Modules
+[options="header"]
+[cols="20%,80%"]
+|=====
+| Module | Description
+| xref:raddb/mods-available/chap.adoc[chap] | Performs Challenge Handshake Authentication Protocol (CHAP) authentication, as described by RFC 2865.
+| xref:raddb/mods-available/digest.adoc[digest] | The digest module performs HTTP digest authentication, usually for a SIP server. See draft-sterman-aaa-sip-00.txt for
+details. The module does not support RFC 5090.
+| xref:raddb/mods-available/eap.adoc[eap] | Implements the base protocol for EAP (Extensible Authentication Protocol).
+| xref:raddb/mods-available/eap_inner.adoc[eap_inner] | EAP/Inner Configuration for secure transmissions.
+| xref:raddb/mods-available/imap.adoc[imap] | Allows users to be authenticated against an IMAP server.
+| xref:raddb/mods-available/krb5.adoc[krb5] | Implements kerberos authentication, using the result of decrypting the TGT as an indication that the provided password was correct.
+| xref:raddb/mods-available/ldap.adoc[ldap] | Can perform user authentication using LDAP binds, or by retrieving the contents of a password attribute for later comparison by a module such as rlm_pap, or an rlm_eap method.
+| xref:raddb/mods-available/mschap.adoc[mschap] | Supports MS-CHAP and MS-CHAPv2 authentication. It also enforces the SMB-Account-Ctrl attribute.
+| xref:raddb/mods-available/ntlm_auth.adoc[ntlm_auth] | NTLM Auth
+| xref:raddb/mods-available/pam.adoc[pam] | Performs password checking via the Pluggable Authentication Module (PAM) framework.
+| xref:raddb/mods-available/pap.adoc[pap] | Accepts a large number of formats for the "known good" (reference) password, such as crypt hashes, md5 hashes, and etc. The module takes the User-Password and performs the necessary transformations of the user submitted password
+to match the copy of the password the server has retrieved.
+| xref:raddb/mods-available/rest.adoc[rest] | Sends HTTP requests to remote servers and decodes the responses.
+| xref:raddb/mods-available/totp.adoc[totp] | Implemments the TOTP algorithm to fufill authentication requests.
+| xref:raddb/mods-available/winbind.adoc[winbind] | The module also allows for direct connection to Samba winbindd (version 4.2.1 or above), which communicates with
+Active-Directory to retrieve group information and the user's NT-Password.
+| xref:raddb/mods-available/yubikey.adoc[yubikey] | Supports authentication of yubikey tokens where the PSK is known to FreeRADIUS, and integrates with the Yubico cloud-based authentication service.
+|=====
--- /dev/null
+== Datastore Modules
+[options="header"]
+[cols="20%,80%"]
+|=====
+| Module | Description
+| xref:raddb/mods-available/cache.adoc[cache] | Stores attributes and/or lists and adds them back to a subsequent request or to the current request on a later execution of the module.
+| xref:raddb/mods-available/cache_eap.adoc[cache_eap] | This cache stores replies for user sessions that are used by eap for authentication purposes.
+| xref:raddb/mods-available/cache_tls.adoc[cache_tls] | Cache TLS Session saves all eap session attributes in backend cache to provide users with robust and fast session reconnections.
+| xref:raddb/mods-available/client.adoc[client] | Reads client definitions from flat files.
+| xref:raddb/mods-available/csv.adoc[csv] | Maps values in a CSV file to FreeRADIUS attributes and adds them to the request.
+| xref:raddb/mods-available/etc_group.adoc[etc_group] | Allow users to be assigned to one or more groups to permit different levels of access.
+| xref:raddb/mods-available/files.adoc[files] | Implements a traditional Livingston-style users file.
+| xref:raddb/mods-config/files/users.adoc[file format] | A users file example.
+| xref:raddb/mods-available/ldap.adoc[ldap] | Allows LDAP directory entries to be retrieved, modified, inserted and deleted.
+| xref:raddb/mods-available/opendirectory.adoc[opendirectory] | Integrates with an Apple OpenDirectory service on the same host as FreeRADIUS to allow OpenDirectory users to authenticate.
+| xref:raddb/mods-available/passwd.adoc[passwd] | Reads and caches line-oriented files that are in a format similar to ``/etc/passwd``.
+| xref:raddb/mods-available/mac2ip.adoc[mac2ip] | Enables the mapping of a MAC address to an ip address.
+| xref:raddb/mods-available/mac2vlan.adoc[mac2vlan] | Enables the mapping of a MAC address to an vlan id.
+| xref:raddb/mods-available/smbpasswd.adoc[smbpasswd] | Performs SMB authentication using a flat password file.
+| xref:raddb/mods-available/redis.adoc[redis] | Provides connectivity to single and clustered instances of Redis. This module exposes a string expansion that may be
+used to execute queries against Redis.
+| xref:raddb/mods-available/redis_ippool.adoc[redis_ippool] | Implements a fast and scalable IP allocation system using Redis. Supports both IPv4 and IPv6 address and prefix allocation, and implements pre-allocation for use with DHCPv4.
+| xref:raddb/mods-available/rediswho.adoc[rediswho] | Records which users are currently logged into the service. The file is used mainly for Simultaneous-Use checking to see who has current sessions.
+| xref:raddb/mods-available/rest.adoc[rest] | Sends HTTP requests to remote servers and decodes the responses.
+| xref:raddb/mods-available/sql.adoc[sql] | Provides an abstraction over multiple SQL backends, via database specific drivers.
+| xref:raddb/mods-available/sqlippool.adoc[sqlippool] | SQL based IP allocation module used to create ip pools.
+| xref:raddb/mods-available/sqlcounter.adoc[sqlcounter] | Records statistics for users such as data transfer and session time, and prevent further logins when limits are reached.
+| xref:raddb/mods-available/redundant_sql.adoc[redundant_sql] | Configure a redundant sql server for redundancy or load-balancing purposes.
+| xref:raddb/mods-available/unix.adoc[unix] | Retrieves a user's encrypted password from the local system and places it into the ``control.Password.Crypt`` attribute.
+The password is retrieved via the ``getpwent()`` and ``getspwent()`` system calls.
+|=====
--- /dev/null
+== Formatting and Conversion Modules
+[options="header"]
+[cols="20%,80%"]
+|=====
+| Module | Description
+| xref:raddb/mods-available/cipher.adoc[cipher] | Perform cryptographic calculations on data.
+| xref:raddb/mods-available/date.adoc[date] | Converts date strings between user configurable formats.
+| xref:raddb/mods-available/escape.adoc[escape] | Escapes and unescapes strings using the MIME escape format
+| xref:raddb/mods-available/json.adoc[json] | Parses JSON strings into an in memory format using the json-c library.
+| xref:raddb/mods-available/unpack.adoc[unpack] | Unpacks binary data from octets type attributes into individual attributes.
+| xref:raddb/mods-available/utf8.adoc[utf8] | Checks all attributes of type string in the current request, to ensure that they only contain valid UTF8 sequences.
+|=====
--- /dev/null
+== Language Modules
+[options="header"]
+[cols="20%,80%"]
+|=====
+| Module | Description
+| xref:raddb/mods-available/echo.adoc[echo] | Echo is used in conjunction with the exec module to display output from a program or command.
+| xref:raddb/mods-available/exec.adoc[exec] | Executes an external script, passing in FreeRADIUS attributes as environmental variables or as arguments.
+| xref:raddb/mods-available/lua.adoc[lua] | Allows the server to call embedded lua scripts.
+| xref:raddb/mods-available/mruby.adoc[mruby] | Allows the server to call a persistent, embedded mRuby script.
+| xref:raddb/mods-available/perl.adoc[perl] | Allows the server to call a persistent, embedded Perl script.
+| xref:raddb/mods-available/python.adoc[python] | Allows the server to call a persistent, embedded Python script.
+|=====
--- /dev/null
+== Logging Modules
+[options="header"]
+[cols="20%,80%"]
+|=====
+| xref:raddb/mods-available/linelog.adoc[linelog] | Creates log entries from attributes, string expansions, or static strings, and writes them to a variety of backends, including syslog, flat files, and raw UDP/TCP sockets.
+| xref:raddb/mods-available/logtee.adoc[logtee] | Tee's request logging at runtime, sending it to additional log destinations.
+| xref:raddb/mods-available/detail.adoc[detail] | Writes attributes from a request list to a flat file in 'detail' format.
+|xref:raddb/mods-available/detail.example.com.adoc[example] | Detail file example for configuration.
+| xref:raddb/mods-available/detail.log.adoc[log example] | Log example.
+|=====
--- /dev/null
+== Policy Modules
+[options="header"]
+[cols="20%,80%"]
+|=====
+| Module | Description
+| xref:raddb/mods-available/always.adoc[always] | Returns a pre-configured result code such as 'ok', 'noop', 'reject' etc...
+| xref:raddb/mods-available/attr_filter.adoc[attr_filter] | Filters attributes in a request. Can delete attributes or permit them to have only certain values.
+| xref:raddb/mods-available/idn.adoc[idn] | Converts internationalized domain names to ASCII.
+| xref:raddb/mods-available/sometimes.adoc[sometimes] | Is a hashing and distribution protocol, that will sometimes return one code or another depending on the input value configured.
+|=====
--- /dev/null
+== Protocol Modules
+[options="header"]
+[cols="20%,80%"]
+|=====
+| xref:raddb/mods-available/cui.adoc[cui] | CUI
+| xref:raddb/mods-available/dhcpv4.adoc[dhcpv4] | Implements DHCPv4 (Dynamic Host Configuration Protocol for IPv4) client and relay.
+| xref:raddb/mods-available/isc_dhcp.adoc[isc_dhcp] | isc_dhcp
+| xref:raddb/mods-available/radius.adoc[radius] | Allows Access-Requests, Accounting-Requests, CoA-Requests and Disconnect-Messages to be sent during request processing.
+| xref:raddb/mods-available/wimax.adoc[wimax] | Implements WiMAX authentication over RADIUS.
+|=====
--- /dev/null
+== Utility Modules
+[options="header"]
+[cols="20%,80%"]
+|=====
+| Module | Description
+| xref:raddb/mods-available/dict.adoc[dict] | Dictionary file for main definitions that used for lookups by name.
+| xref:raddb/mods-available/smtp.adoc[smtp] | Allows users to submit smtp formatted, mime-encoded emails to a server Supports User-Name User-Password authentication. Supports file attachments, size limited by the MTA.
+| xref:raddb/mods-available/stats.adoc[stats] | Gather internal server statistics.
+| xref:raddb/mods-available/unbound.adoc[unbound] | Performs queries against a DNS service to allow FQDNs to be resolved during request processing.
+|=====
projects / thirdparty / freeradius-server.git / commitdiff
