+++ /dev/null
-1. INTRODUCTION
-
- The FreeRADIUS Server Project is a high performance and highly
-configurable RADIUS server that is available under the terms of the
-GNU GPLv2. Using RADIUS allows authentication and authorization for a
-network to be centralized, and minimizes the number of changes that
-have to be done when adding or deleting new users to a network.
-
- FreeRADIUS can authenticate users on systems such as 802.1x (WiFi),
-dialup, PPPoE, VPN's, VoIP, and many others. It supports back-end
-databases such as MySQL, PostgreSQL, Oracle, Microsoft Active
-Directory, OpenLDAP, and many more. It is used daily to authenticate
-the Internet access for hundreds of millions of people, in sites
-ranging from 10 users, to 10 million and more users.
-
- Version 2.0 of the server is intended to be backwards compatible
-with previous versions, but also to have many new features, such as:
-
- * simple policy language (see "man unlang")
- * virtual servers (raddb/sites-available/README)
- * IPv6 support
- * better proxy support (raddb/proxy.conf)
- * More EAP types
- * Debugging output should be MUCH easier to understand
- * VMPS support
- * More modules are marked "stable" (python, etc.)
- * SQL configuration has been cleaned up (see raddb/sql/*)
- * limited support for HUP
- * check configuration and exit (radiusd -C)
- * Server core is now event based (simpler, more powerful)
-
- Administrators upgrading from a previous version should install this
-version in a different location from their existing systems. Any
-existing configuration should be carefully migrated to the new
-version, in order to take advantage of the new features which can
-greatly simply configuration.
-
- While every attempt has been made to ensure that this version is
-backwards compatible with previous versions, there may be cases where
-it is not backwards compatible. In most cases, incompatibilities are
-a side-effect of fixing bugs, or of adding new features. Some
-configuration differences are noted below:
-
- * The recommended format for clients has changed. See "clients.conf".
- The old format should still work, but should be changed to use the
- new format.
-
- * The recommended formant for realms has changed. See "proxy.conf"
- The old format should still work, but should be changed to use the
- new format. In addition, the new format has much more flexibility.
-
- * Any configuration using TTLS or PEAP should be updated to use
- virtual servers. See "virtual_server" in "eap.conf", and
- "raddb/sites-available/inner-tunnel". In most cases, using an
- "inner-tunnel" virtual server will make the configuration MUCH
- simpler.
-
- * A number of deprecated command-line options have been removed.
- (-y -z -A -l -g) See "man radiusd". These configurations can be
- controlled in "radiusd.conf", so it is not necessary to have them
- as command-line options.
-
- Please see http://freeradius.org and http://wiki.freeradius.org for
-more information.
-
-
-2. INSTALLATION
-
- To install the server, please see the INSTALL file in this
-directory.
-
-
-3. DEBUGGING THE SERVER
-
- Run the server in debugging mode, (radiusd -X) and READ the output.
-We cannot emphasize this point strongly enough. The vast majority of
-problems can be solved by carefully reading the debugging output,
-which includes WARNINGs about common issues, and suggestions for how
-they may be fixed.
-
- Read the FAQ. Many questions are answered there. See the Wiki
-
- http://wiki.freeradius.org
-
- Read the configuration files. Many parts of the server have NO
-documentation, other than comments in the configuration file.
-
- Search the mailing lists. There is a Google link on the bottom of
- the page:
-
- http://www.freeradius.org/list/users.html
-
- Type some key words into the search box, and you should find
-discussions about common problems and solution.
-
-
-4. ADDITIONAL INFORMATION
-
- See 'doc/README' for more information about FreeRADIUS.
-
- There is an O'Reilly book available. It serves as a good
-introduction for anyone new to RADIUS. However, it is almost 5 years
-old, and is not much more than a basic introduction to the subject.
-
-http://www.amazon.com/exec/obidos/ASIN/0596003226/freeradiusorg-20/
-
- For other RADIUS information, the Livington internet site had a lot
-of information about radius online. Unfortunately Livingston, and the
-site, don't exist anymore but there is a copy of the site still at:
-
- http://portmasters.com/www.livingston.com/
-
- Especially worth reading is the "RADIUS for Unix administrators guide"
-
-HTML: http://portmasters.com/tech/docs/radius/1185title.html
-PDF: http://portmasters.com/tech/docs/pdf/radius.pdf
-
-
-5. PROBLEMS AND CONCERNS
-
- We understand that the server may be difficult to configure,
-install, or administer. It is, after all, a complex system with many
-different configuration possibilities.
-
- The most common problem is that people change large amounts of the
-configuration without understanding what they're doing, and without
-testing their changes. The preferred method of operation is the
-following:
-
- 1) Start off with the default configuration files.
- 2) Save a copy of the default configuration: It WORKS. Don't change it!
- 3) Verify that the server starts. (You ARE using debugging mode, right?)
- 4) Send it test packets using "radclient", or a NAS or AP.
- 5) Verify that the server does what you expect.
- a) If it does not work, change the configuration, and go to step (3)
- If you're stuck, revert to using the "last working" configuration.
- b) If it works, proceed to step (6).
- 6) Save a copy of the working configuration, along with a note
- of what you changed, and why.
- 7) Make a SMALL change to the configuration.
- 8) Repeat from step (3).
-
- This method will ensure that you have a working configuration that
-is customized to your site as quickly as possible. While it may seem
-frustrating to proceed via a series of small steps, the alternative
-will always take more time. The "fast and loose" way will be MORE
-frustrating than quickly making forward progress!
-
-
-6. FEEDBACK
-
- If you have any comments, bug reports, problems, or concerns, please
-send them to the 'freeradius-users' list (see the URL above). We will
-do our best to answer your questions, to fix the problems, and to
-generally improve the server in any way we can.
-
- Please do NOT complain that the developers aren't answering your
-questions quickly enough, or aren't fixing the problems quickly
-enough. Please do NOT complain if you're told to go read
-documentation. We recognize that the documentation isn't perfect, but
-it *does* exist, and reading it can solve most common questions.
-
- FreeRADIUS is the cumulative effort of many years of work by many
-people, and you've gotten it for free. No one gets paid to work on
-FreeRADIUS, and no one is getting paid to answer your questions. This
-is free software, and the only way it gets better is if you make a
-contribution back to the project ($$, code, or documentation).
-
- We will note that the people who get most upset about any answers to
-their questions usually do not have any intention of contributing to
-the project. We will repeat the comments above: no one is getting
-paid to answer your questions or to fix your bugs. If you don't like
-the responses you are getting, then fix the bug yourself, or pay
-someone to address your concerns. Either way, make sure that any fix
-is contributed back to the project so that no one else runs into the
-same issue.
-
- Support is available. See the "support" link at the top of the main
-web page:
-
- http://freeradius.org
-
- Please submit bug reports, suggestions, or patches. That feedback
-gives the developers a guide as to where they should focus their work.
-If you like the server, feel free to mail the list and say so.
projects / thirdparty / freeradius-server.git / commitdiff
