Need more help?
Network RADIUS has been helping clients around the world design and deploy their RADIUS infrastructure for 20 years. We specialize in complex systems and have seen pretty much every variation and problem out there. If you want help from the people who wrote FreeRADIUS, contact us for a consultation.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
====
That is a *lot* of information to go through. We hope that this page has been useful.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
new syntax. Changes to behaviour should include a description of those
changes.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* Click OK, OK to set it.
If you have control over NAS, then set it to accept only PAP authentication. If you do that, all clients will "listen" and use only PAP. In that case there is no need to configure anything on the client(s).
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
**Solution:** Either use a device that performs flow tracking to match ICMP
messages with their associated data flows and steer them to the same backend,
or broadcast ICMP messages required for PMTUD to all backends.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
AND acctupdatetime < [ XXXXX ]
);
```
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
```
Add the new certificate and key to the servers.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* The debug output shows that the packets are being processed as you expect.
* The response packets contain the attributes you expect to see.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
make install
READ the messages produced during the 'make' and 'make install' stages. While there is a lot of text to wade through, these messages may be the *only* source of information as to what's wrong your system.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
6. Verify that the accounting packets are accepted by the database module. If the module returns "noop", it means that the accounting packets do not have enough information for the server to perform Simultaneous-Use enforcement.
7. In case you have SQL as a database, and you have accounting records in radacct table, you'll need to uncomment sql in session section of radiusd.conf file. Also, you'll need to uncomment Simutaneus check query in sql.conf file.
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
|https://lists.freeradius.org/pipermail/freeradius-devel/[Developer Mailing List Archive]
|An archive of all previous posts and emails from the developement users' email list.
|===
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Contact https://www.inkbridgenetworks.com/[InkBridge Networks] for more details.
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
The accounting summary sent by the NAS to the RADIUS server does not include detailed information such as web sites visited or even how many bytes were transferred using a particular protocol (e.g., SMTP, HTTP). That type of detailed information is only available to the NAS, and it does not send that data to the RADIUS server.
If detailed information about user activity is required, network administrators obtain it through other protocols such as sFlow or NetFlow. Network administrators may find it difficult to tie the pieces together to get a more comprehensive understanding of user activity.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
These dual modules are usually related to protocol-specific
attributes, such as the `pap` module for the `User-Password`
attribute, `chap` for `CHAP-Password`, `mschap` for `MS-CHAP-*`.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
====
Upon receipt of a reply from the RADIUS server, the NAS tries to enforce those properties on the user. If the properties cannot be enforced, the NAS closes the connection.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
This process becomes more complicated when different NAS elements send the same information in different formats.
For example, RADIUS has no MAC address data type, which means that the MAC address is sent as ASCII strings. Some NAS elements send a MAC address in the format of “00:01:02:03:04:05”, while others use the format “00-01-02-03-04-05”. The fact that these differences are not documented makes policy creation very difficult.In most cases, the administrator has to resort to trial and error methods to determine how to implement policies.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
This process becomes more complex when different NAS elements send the same information in different formats.
For example, RADIUS has no MAC address data type, which means that the MAC address is sent as ASCII strings. Some NAS elements send a MAC address in the format of “00:01:02:03:04:05”, while others use the format “00-01-02-03-04-05”. The fact that these differences are not documented makes policy creation very difficult.In most cases, the administrator has to resort to trial and error methods to determine how to implement policies.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* All known RADIUS clients.
* Flexible configurations using attribute pairs.
* Supports virtual servers.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
facility of eDirectory by logging the failed logins into eDirectory.
For configuration information please refer to the https://www.netiq.com/documentation/edir_radius/[Novell documentation].
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
someone breaking into your RADIUS server and stealing a few passwords
are _much, much lower_ than the odds of someone breaking into your
database, and stealing _all_ of the passwords.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
(stop) message indicates the end of the session; the session
* The data stored in the database during the accounting sessions is used to generate billable information and reports.
* Accounting information retained in the database includes the following: time of session, number of packets and amount of data transferred, user and machine identification, network address, and point of attachment information.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
|===
See the xref:reference:unlang/list.adoc[Attribute Lists] reference documentation for more details.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
== xref:sbuff.adoc[sbuff (String Buffers)]
This API is used for managing strings. A sbuff structure manages metrics such as start and end pointers for specific items.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* Standardize dates, phone numbers, and addresses.
include::partial$terminology.adoc[]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
| TCPIP, TCPip, TcpIP | TCP/IP | Standard way to reference protocol.
| Udp, udp | UDP | Standard way to reference protocol.
|===
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* xref:datastores/ad/samba.adoc[Using Samba]
* xref:datastores/ad/ntlm_mschap.adoc[Configure NTLM]
* xref:datastores/ad/winbind.adoc[Install Winbind]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
ntlm_auth_username = "username: %{mschap:User-Name}
ntlm_auth_domain = "nt-domain: %{mschap:NT-Domain}"
With the settings above it works correctly, so even if it is unnecessary, it doesn't break anything. It hasn't been tested without this option while denying ntlmv1 overall on the AD DC, but it is thought that it will work without it.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
ntlm_auth_domain = "nt-domain: %{mschap:NT-Domain}"
With the settings above it works correctly, so even if it is unnecessary, it doesn't break anything. It hasn't been tested without this option while denying ntlmv1 overall on the AD DC, but it is thought that it will work without it.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
If it does not work, double-check the password you entered on the supplicant against the password in Active Directory. If it still does not work, it might be a bug in Samba. Change your version of Samba, either by installing a fixed version, or by repeatedly down-grading it (and testing) until it works.
If it does not work, then it is possible to test authentication with just the `ntlm_auth` command-line. Look at the FreeRADIUS debug output, and see the arguments passed to ntlm_auth. Copy and paste them to a command-line, and then use that command line for testing. This limited test is often simpler and faster than running a complex test with a full RADIUS server. When this limited test passes, then authentication with FreeRADIUS will work, too.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
A description of how to test and troubleshoot winbind is provided in the
[Troubleshooting guide].
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Enable the Redis module and configure it to connect to your Redis server. Modify the FreeRADIUS configuration files to specify the Redis server's hostname, port, and password.
=== xref:datastores/sql.adoc[SQL]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
== Why use LDAP
== Setting up a LDAP Datastore
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
== Why use REDIS?
== Setting up a REDIS Datastore
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
== Why use SQL?
== Setting up a SQL Datastore
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
while the attribute configured in the `attribute_name` configuration item
(e.g. `Framed-IP-Address`) already exists then no action is taken.
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
If accounting requests are received reliably then `lease_duration` could be set a little longer than *twice the accounting interim interval* to handle the
occasional lost interim-update. Otherwise the lease duration might need to be
set several times longer.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
On/Off`) request is received. Ensure that users receive their previous IP
address when they authenticate using a device whose recent session is
disconnected.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Auditing refers to the proactive analysis of accounting logs and other data sources. This ongoing process makes up part of the maintenance and xref:optimization/monitoring/index.adoc[monitoring] of the entire system. Auditing examines data to comprehend user patterns and system behavior. These insights detail how users interact with the network after successful authentication. Audits help to identify unauthorized access, policy violations, compromised NASes, and other anomalies.
For example, a user manages to override site policy and log into a particular server. The site policy failed to deny that user access. by performing an audit of the AAA records, you would see that policy violation. The audit shows that the site policy needs an update by the network administrator to prevent future policy violations. Subsequent audits would track long-term behavior ensuring that the policy is being enforced.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
=== xref:tuning/tuning_guide.adoc[Tuning Guide]
Tuning the FreeRADIUS server and relevant components ensures optimal performance across the network.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* FreeRADIUS xref:optimization/monitoring/statistics.adoc[internal statistics].
* Analyzing logs with some external tool.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
ERROR 1213 (Deadlock found when trying to get lock; \
try restarting transaction): 40001
```
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
FreeRADIUS-Total-Acct-Dropped-Requests = 0
FreeRADIUS-Total-Acct-Unknown-Types = 0
----
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
a test suite to ensure that changes to the server configuration do not
affect the flow of requests and responses, or even the content of the
responses.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
nwkrad@radius-fe-01:~$ cat acct_request.txt | \
radclient -x 127.0.0.1 acct testing123
```
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
radmin> debug file
radmin> show debug file
```
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
"bob",172.16.246.129,
noreq,4, ... ,,Access-Reject,eth0,192.0.2.100,1812,2.3.4.5,1812,209, \
,,"Subscriber carol not found"
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
EAP-TLS is a secure authentication method that relies on digital certificates to verify the identity of both the client and the server. See the following section to learn how to install and manage your certificates:
* xref:os/letsencrypt.adoc[LetsEncrypt]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
----
Now xref:protocols/dhcp/test.adoc[test the DHCP service] to ensure that it is responding to requests.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
2. xref:protocols/dhcp/enable.adoc[Enable the DHCP service]
3. xref:protocols/dhcp/test.adoc[Test the DHCP service]
4. xref:protocols/dhcp/policy.adoc[Define the DHCP policy]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* xref:protocols/dhcp/policy_subnet_options.adoc[Define the options for the subnet to which this issued IP address belongs.]
* xref:protocols/dhcp/policy_device_options.adoc[Define the device, class and group based options specific to the device.]
* xref:protocols/dhcp/policy_ippool_access.adoc[Configure device properties to restrict access to certain pools.]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Here `IP-Pool.Name` is being set to a constant value (`local`) indicating
that a single pool is to be used. If you have multiple pools, then replace this
assignment with logic to map clients to the correct pool, as described below.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Boot-Filename := "http://my.web.server/boot_script.php"
...
===============================
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Any number of additional filters can be added to the initial "check"
line to restrict matches to the network block.
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
----
rlm_iscfixed2ippool -c /etc/dhcp/dhcpd.conf -t fr_ippool -k mac -f /etc/raddb
----
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
custom criteria it is necessary to include different variations for the
parameters on which the policy makes the decision. The testing example for the
class-specific options later in this document provides such an example.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
to "`disabled`" to cause offers to be made more readily with IP addresses in
different subnets.
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
"stickiness".
Now xref:protocols/dhcp/enable.adoc[enable the DHCP service].
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
setup the IP pools and define a DHCP policy. It's recommended to develop your policy by making small, incremental changes to the provided configuration and then test those changes with the approach described above, using `dhcpclient` and `radius -X`, modifying the sample DHCP packet as required. If you break the policy then revert the last change, attempt to understand what went wrong, and try something else.
Now xref:protocols/dhcp/policy.adoc[define the DHCP policy].
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Vendor-Specific.Cisco.AVPair = "subscriber:sub-qos-policy-out=q_out_uncapped"
EOF
```
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
handles the RadSec requests as though they have been received directly
from the originating client.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
** xref:protocols/radius/coa_examples.adoc[CoA Examples]
* xref:protocols/radius/proxy_config.adoc[Proxy Configuration]
** xref:protocols/radius/proxy_extensions.adoc[Proxy Extensions]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
This change was made in order to permit new features which were long requested in previous versions of the server. Due to design limitations, these features were impossible to implement.
Please see the xref:howto:protocols/radius/proxy_extensions.adoc[Proxy Extensions] page for new proxy features. These include proxying to multiple destinations, failing over to local authentication if proxying fails, and more.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
```
Because the server does not wait for a response to any of the replicated packets, a parallel section is not necessary here.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
xref:protocols/radius/radsec_with_haproxy.adoc[configure HAproxy to proxy RadSec
connections] or to xref:protocols/radius/radsec_with_traefik.adoc[configure
Traefik to proxy RadSec connections].
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Once proxied connections are working we are ready to
xref:protocols/radius/enable_proxy_protocol.adoc[enable the PROXY
Protocol] on both HAproxy and the RadSec server.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
xref:protocols/radius/enable_proxy_protocol.adoc[enable the PROXY Protocol] on
both Traefik and the RadSec server.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
3. xref:protocols/radius/radsec_with_haproxy.adoc[Proxying RadSec with HAproxy]
4. xref:protocols/radius/radsec_with_traefik.adoc[Proxying RadSec with Traefik]
5. xref:protocols/radius/enable_proxy_protocol.adoc[Enabling PROXY Protocol for RadSec]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
`coa-reply`, `disconnect`, and `disconnect-reply`. The underlying
functionality still exists, but it has been moved to different
keywords, such as `subrequest`.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
|===
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
FreeRADIUS 4 organizes its configuration files in a specific directory structure, typically within /etc/freeradius/ (on Debian-based systems) or /etc/raddb/. The files are text-based and loaded once when the server starts; changes require a server restart to take effect. The files are text-based and include extensive comments to explain their purpose and usage.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
This change requires modifications to all configuration files and
databases which use tags. This change means also that `detail` files
from v3 are not readable by v4.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
The `sites-available/originate-coa` virtual server has been updated to
use the new `subrequest` feature. Please see that virtual server, and
the `subrequest` keyword for details.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
----
In this case, this definition creates a `redundant_sql` virtual module.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
...
}
----
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
As with any upgrade across major version numbers, there are caveats.
See the full xref:reference:unlang/update.adoc[update] documentation
for further guidance.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
The dynamic client functionality behaves the same for all protocols
supported by the server. e.g. RADIUS, DHCP, VMPS, TACACS+, etc.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* xref:vendors/bay.adoc[Bay]
* xref:vendors/cisco.adoc[Cisco]
* xref:vendors/proxim.adoc[ProxIM]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
server. Following them lets you create complex configurations with a
minimum of effort. Failure to follow them leads to days of frustration
and wasted effort.*
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
server receiving and processing test packets. You may want to
scrub "secret" information from the output before posting it
(shared secrets, passwords, etc).
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* https://www.freeradius.org/releases/[the FreeRADIUS web site]; or
* from https://github.com/FreeRADIUS/freeradius-server/[GitHub].
* from https://hub.docker.com/r/freeradius/freeradius-server/[Docker Hub].
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
The next step is to add more users, and to configure databases. Those
steps are outside of the scope of this short web page, but the general
method to use is important, and is outlined in the next section.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
make
cpack3 -G RPM
yum install *.rpm
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
freeradius-perl (Perl support: rlm_perl)
freeradius-perl-util (Perl rlm_sqlippool_tool utility)
freeradius-python (Python 2 and 3: rlm_python, rlm_python3)
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
This step demonstrates that the server is installed and configured
properly. If the output says `Ready to process requests`, then the installation was successful.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
# Choose option 3 from the dialogue
----
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
| xref:xlat/ipv4/broadcast.adoc[broadcast] | Get the broadcast address from an IPv4 prefix
| xref:xlat/ipv4/netmask.adoc[netmask] | Get the netmask from an IPv4 prefix
|=====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
crl := %file.cat('/etc/ssl/certs/ca.crl')
----
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
%exec("/bin/rm", filename)
----
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
}
----
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
line := %file.head("/var/log/radius.log")
----
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
}
----
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
}
----
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
line := %file.tail("/var/log/radius.log", 2)
----
====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Server installed in /opt/freeradius
Module rlm_exec.shell_escape = yes
```
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
not bob!
```
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Active-Directory to retrieve group information and the user's NT-Password.
| xref:raddb/mods-available/yubikey.adoc[yubikey] | Supports authentication of yubikey tokens where the PSK is known to FreeRADIUS, and integrates with the Yubico cloud-based authentication service.
|=====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
| xref:raddb/mods-available/unix.adoc[unix] | Retrieves a user's encrypted password from the local system and places it into the ``control.Password.Crypt`` attribute.
The password is retrieved via the ``getpwent()`` and ``getspwent()`` system calls.
|=====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
| xref:raddb/mods-available/unpack.adoc[unpack] | Unpacks binary data from octets type attributes into individual attributes.
| xref:raddb/mods-available/utf8.adoc[utf8] | Checks all attributes of type string in the current request, to ensure that they only contain valid UTF8 sequences.
|=====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
| xref:raddb/mods-available/perl.adoc[perl] | Allows the server to call a persistent, embedded Perl script.
| xref:raddb/mods-available/python.adoc[python] | Allows the server to call a persistent, embedded Python script.
|=====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
|xref:raddb/mods-available/detail.example.com.adoc[example] | Detail file example for configuration.
| xref:raddb/mods-available/detail.log.adoc[log example] | Log example.
|=====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
| xref:raddb/mods-available/idn.adoc[idn] | Converts internationalized domain names to ASCII.
| xref:raddb/mods-available/sometimes.adoc[sometimes] | Is a hashing and distribution protocol, that will sometimes return one code or another depending on the input value configured.
|=====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
| xref:raddb/mods-available/radius.adoc[radius] | Allows Access-Requests, Accounting-Requests, CoA-Requests and Disconnect-Messages to be sent during request processing.
| xref:raddb/mods-available/wimax.adoc[wimax] | Implements WiMAX authentication over RADIUS.
|=====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
| xref:raddb/mods-available/stats.adoc[stats] | Gather internal server statistics.
| xref:raddb/mods-available/unbound.adoc[unbound] | Performs queries against a DNS service to allow FQDNs to be resolved during request processing.
|=====
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
** xref:proxy_failover.adoc[Proxy Fail-Over]
** xref:proxy_load_balance.adoc[Proxy Load-Balance]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
** xref:unlang_update_blocks_and_conditions.adoc[Update blocks and conditions]
** xref:unlang_splitting_strings.adoc[Splitting strings]
** xref:unlang_policies.adoc[Policies]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
* xref:virtual.adoc[Virtual]
* xref:radmin.adoc[Radmin]
* xref:final_group_project.adoc[Final group project]
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
Each EAP Type unveils a unique mechanism for securing access. The robust 802.1X standard diligently authenticates both wireless and wired LAN users. It’s your trusted sentry for safeguarding entry into enterprise networks.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
This section covers connectivity and interoperability in FreeRADIUS. It navigates key topics such as variable usage and dynamic translation. It also tackles the art of managing multiple module instances and different authorization types (Autz-Type).
More topics include strategies for module failover, handling prepaid accounts, and working with dictionaries. You’ll find guidance on setting up virtual servers and using the Radmin management tool.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
The xref:reference:unlang/index.adoc[Unlang] policy language in FreeRADIUS enables you to create policies with ease. Unlang enables conditional checks and updates to request or response attributes based on those checks. Unlang’s syntax is similar to configuration files. It supports comments, whitespace, and sections. The main difference is that configuration files are static and declarative. They define variables and values that remain static while the server runs.
In contrast, xref:reference:unlang/index.adoc[Unlang] operates at runtime. It processes each incoming packet and evaluates conditional statements, like xref:reference:unlang/if.adoc[if] for every packet. This allows dynamic editing of attribute contents or lists, making it more flexible for "in-flight" requests.
+
+// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0.
+// This documentation was developed by Network RADIUS SAS.
projects / thirdparty / freeradius-server.git / commitdiff
