From: Alan T. DeKok Date: Fri, 23 Jan 2026 23:32:25 +0000 (-0500) Subject: remove raddb/ from more of the documentation X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46e99b1e51cfb321d2d7445e9f6c54858fb6c3d8;p=thirdparty%2Ffreeradius-server.git remove raddb/ from more of the documentation --- diff --git a/doc/antora/modules/ROOT/pages/trouble-shooting/eap_certificates.adoc b/doc/antora/modules/ROOT/pages/trouble-shooting/eap_certificates.adoc index d465d70cf16..af0d39b3b96 100644 --- a/doc/antora/modules/ROOT/pages/trouble-shooting/eap_certificates.adoc +++ b/doc/antora/modules/ROOT/pages/trouble-shooting/eap_certificates.adoc @@ -86,19 +86,19 @@ If a CA is not already in use for signing certificates then FreeRADIUS ships with scripts which can create a CA, server certificates, and client certificates. -See xref:reference:raddb/certs/index.adoc[Certificates] in the Configuration Files section on how to generate certificates and the corresponding `raddb/certs/Makefile` for more details. +See xref:reference:raddb/certs/index.adoc[Certificates] in the Configuration Files section on how to generate certificates and the corresponding `certs/Makefile` for more details. == Loading certificates onto the RADIUS servers Certificates to be loaded onto the RADIUS servers must be copied into -`raddb/certs` directory. Use file names which help to identify +`certs` directory. Use file names which help to identify what the certificates are. The freeradius certificates required at a minimum are: -* ca.pem: `raddb/certs/ca.pem` -* server.pem: `raddb/certs/server.pem` -* server.key: `raddb/certs/server.key` +* ca.pem: `certs/ca.pem` +* server.pem: `certs/server.pem` +* server.key: `certs/server.key` If additional certificates are needed for different EAP methods (e.g. EAP-PEAP using one server certificate and EAP-TLS using another) then generate and add the required certificates into this directory. @@ -106,7 +106,7 @@ using one server certificate and EAP-TLS using another) then generate and add th == Certificates in the FreeRADIUS EAP Configuration Certificate settings for EAP are found in the eap module configuration -located in the `raddb/mods-enabled/eap` directory. +located in the `mods-enabled/eap` directory. If a common set of certificates is used by all EAP methods then it will be set in a `tls-config` section called `tls-common`. This section is referenced diff --git a/doc/antora/modules/ROOT/pages/trouble-shooting/user.adoc b/doc/antora/modules/ROOT/pages/trouble-shooting/user.adoc index 53e98249603..030c6410a03 100644 --- a/doc/antora/modules/ROOT/pages/trouble-shooting/user.adoc +++ b/doc/antora/modules/ROOT/pages/trouble-shooting/user.adoc @@ -25,7 +25,7 @@ This method is used to prevent a user from logging in multiple times across mult .Troubleshooting Checklist [%collapsible] ==== -1. Check that you added your NAS to `raddb/clients.conf` and selected the correct NAS type. Verify the the password. +1. Check that you added your NAS to `clients.conf` and selected the correct NAS type. Verify the the password. 2. Run `radiusd -X` and see if it parses the Simultaneous-Use line. 3. Try to run `checkrad` manually; maybe you may have a wrong version of perl, don't have cmu-snmp installed etc. 4. Check the database. If it says no one is logged in, Simultaneous-Use *won't* work. diff --git a/doc/antora/modules/howto/pages/datastores/ad/ntlm_mschap.adoc b/doc/antora/modules/howto/pages/datastores/ad/ntlm_mschap.adoc index c30589ee1b7..a5319e24a6e 100644 --- a/doc/antora/modules/howto/pages/datastores/ad/ntlm_mschap.adoc +++ b/doc/antora/modules/howto/pages/datastores/ad/ntlm_mschap.adoc @@ -24,7 +24,7 @@ authenticate { == Test ntlm_auth -Add the following text for testing purposes only to the top of the users file. The "users" file is located at `raddb/mods-config/files/authorize`. +Add the following text for testing purposes only to the top of the users file. The "users" file is located at `mods-config/files/authorize`. ``` DEFAULT Auth-Type = ntlm_auth diff --git a/doc/antora/modules/howto/pages/eduroam_logging.adoc b/doc/antora/modules/howto/pages/eduroam_logging.adoc index 2f0a6bd1c8f..9bc2d4fc760 100644 --- a/doc/antora/modules/howto/pages/eduroam_logging.adoc +++ b/doc/antora/modules/howto/pages/eduroam_logging.adoc @@ -56,7 +56,7 @@ first packet the list will be empty. Update the list at the same time to ensure that it is not empty on the next round; we can use Tmp-String-1 to note the type of log record. -Make these changes in the default server (`raddb/sites-enabled/default`). +Make these changes in the default server (`sites-enabled/default`). authorize { if (!session-state.) { @@ -72,7 +72,7 @@ Make these changes in the default server (`raddb/sites-enabled/default`). ## Recording the inner User-Name To log the inner User-Name, it needs to be copied from the -inner-tunnel to the outer. In `raddb/sites-enabled/inner-tunnel`, +inner-tunnel to the outer. In `sites-enabled/inner-tunnel`, update `post-auth`: server inner-tunnel { diff --git a/doc/antora/modules/howto/pages/installation/source.adoc b/doc/antora/modules/howto/pages/installation/source.adoc index 08c15277f91..20a2645b799 100644 --- a/doc/antora/modules/howto/pages/installation/source.adoc +++ b/doc/antora/modules/howto/pages/installation/source.adoc @@ -160,7 +160,7 @@ received the request, and responded to it. You can now edit the configuration files for your local system. You will usually want to start with `sites-enabled/default` for main configurations. To set which NASes (clients) can communicate with this -server, edit `raddb/clients.conf`. Please read the configuration files +server, edit `clients.conf`. Please read the configuration files carefully, as many configuration options are only documented in comments in the file. diff --git a/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc b/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc index f3f94f8f60d..3867516ceb0 100644 --- a/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc +++ b/doc/antora/modules/howto/pages/modules/ldap/authentication.adoc @@ -71,7 +71,7 @@ Here FreeRADIUS is describing what it did: ldapsearch -LL -H ldap://localhost -x -D cn=freeradius,dc=example,dc=com -w mypassword -b dc=example,dc=com '(uid=john)' ---- ** found `uid=john,ou=people,dc=example,dc=com` - *** if for you no user is found, but you know the user is in your directory, recheck the `user { ... }` section in `raddb/mods-available/ldap` as you may have a filter or attribute configuration set incorrectly + *** if for you no user is found, but you know the user is in your directory, recheck the `user { ... }` section in `mods-available/ldap` as you may have a filter or attribute configuration set incorrectly ** found some useful attributes associated with that user *** the password which it placed into `control.Password.With-Header` *** as RADIUS attributes were changed, it returns `updated` as a result code to unlang diff --git a/doc/antora/modules/howto/pages/modules/ldap_authentication_testing.adoc b/doc/antora/modules/howto/pages/modules/ldap_authentication_testing.adoc index 4e2ffd1d061..b59717e8e4d 100644 --- a/doc/antora/modules/howto/pages/modules/ldap_authentication_testing.adoc +++ b/doc/antora/modules/howto/pages/modules/ldap_authentication_testing.adoc @@ -67,7 +67,7 @@ Here FreeRADIUS is describing what it did: ldapsearch -LL -H ldap://localhost -x -D cn=freeradius,dc=example,dc=com -w mypassword -b dc=example,dc=com '(uid=john)' ---- ** found `uid=john,ou=people,dc=example,dc=com` - *** if for you no user is found, but you know the user is in your directory, recheck the `user { ... }` section in `raddb/mods-available/ldap` as you may have a filter or attribute configuration set incorrectly + *** if for you no user is found, but you know the user is in your directory, recheck the `user { ... }` section in `mods-available/ldap` as you may have a filter or attribute configuration set incorrectly ** found some useful attributes associated with that user *** the password which it placed into `control.Password-With-Header` *** as RADIUS attributes were changed, it returns `updated` as a result code to unlang diff --git a/doc/antora/modules/howto/pages/modules/sql/index.adoc b/doc/antora/modules/howto/pages/modules/sql/index.adoc index c744f36f708..d240e81c369 100644 --- a/doc/antora/modules/howto/pages/modules/sql/index.adoc +++ b/doc/antora/modules/howto/pages/modules/sql/index.adoc @@ -18,7 +18,7 @@ examples in the users file. == Schema and usage -The schemas are available in `raddb/sql/*`, where is the name of the +The schemas are available in `sql/*`, where is the name of the database (mysql, postgresql, etc.) The SQL module employs two sets of check and reply item tables for diff --git a/doc/antora/modules/howto/pages/modules/sqlcounter/index.adoc b/doc/antora/modules/howto/pages/modules/sqlcounter/index.adoc index 3e18e68b4d1..2d9d0717e94 100644 --- a/doc/antora/modules/howto/pages/modules/sqlcounter/index.adoc +++ b/doc/antora/modules/howto/pages/modules/sqlcounter/index.adoc @@ -20,13 +20,13 @@ exceeded, the module will return `reject` == Configuration -A sample module configuration is provided in `raddb/mods-available/sqlcounter`. +A sample module configuration is provided in `mods-available/sqlcounter`. This includes configurations which cover daily and monthly periods, plus a couple of examples where there are no reset dates on the periods being considered. The SQL queries associated with these sample module configurations are found -in `raddb/mods-config/sql/counter//*.conf` with each instances query +in `mods-config/sql/counter//*.conf` with each instances query in a different file. As provided, the counters are all based on session time, using the `acctsessiontime`, diff --git a/doc/antora/modules/howto/pages/optimization/monitoring/statistics.adoc b/doc/antora/modules/howto/pages/optimization/monitoring/statistics.adoc index 516c1d2bbd4..dfecdd5eb2d 100644 --- a/doc/antora/modules/howto/pages/optimization/monitoring/statistics.adoc +++ b/doc/antora/modules/howto/pages/optimization/monitoring/statistics.adoc @@ -22,7 +22,7 @@ do this, create a symlink from `sites-enabled/status` to [NOTE] ==== If you are not starting from the default configuration, check that -`status_server` is still set to `yes` in `raddb/radiusd.conf` as +`status_server` is still set to `yes` in `radiusd.conf` as well. ==== diff --git a/doc/antora/modules/howto/pages/upgrade/attribute_names.adoc b/doc/antora/modules/howto/pages/upgrade/attribute_names.adoc index 9245ee1cce7..56feb465422 100644 --- a/doc/antora/modules/howto/pages/upgrade/attribute_names.adoc +++ b/doc/antora/modules/howto/pages/upgrade/attribute_names.adoc @@ -53,7 +53,7 @@ attributes, such as from the `users` file or `sql`. When the server prints attributes, it will always print the new v4 names. These alias dictionaries can be enabled by editing the -`raddb/dictionary` file. Please see that file for more information. +`dictionary` file. Please see that file for more information. == Tools to help diff --git a/doc/antora/modules/howto/pages/upgrade/attributes.adoc b/doc/antora/modules/howto/pages/upgrade/attributes.adoc index 07a3e2e342d..4373807f7f2 100644 --- a/doc/antora/modules/howto/pages/upgrade/attributes.adoc +++ b/doc/antora/modules/howto/pages/upgrade/attributes.adoc @@ -2,7 +2,7 @@ = Attributes Much of the information in this section is also in the -`raddb/dictionary` file +`dictionary` file All of the attributes have been renamed from v3. This change was necessary in order to support new functionality in v4. The diff --git a/doc/antora/modules/howto/pages/upgrade/modules.adoc b/doc/antora/modules/howto/pages/upgrade/modules.adoc index b32da01d740..a1a4f63d66a 100644 --- a/doc/antora/modules/howto/pages/upgrade/modules.adoc +++ b/doc/antora/modules/howto/pages/upgrade/modules.adoc @@ -19,7 +19,7 @@ The `Client-Shortname` attribute has been removed. You should use `%client(shor === rlm_radius The `radius` module has taken over much of the functionality of -`proxy.conf`. See `raddb/mods-available/radius` for documentation +`proxy.conf`. See `mods-available/radius` for documentation and configuration examples. The `radius` module connects to one home server, just like the @@ -107,7 +107,7 @@ it. The in-memory SSL cache was removed. Changes in OpenSSL and FreeRADIUS made it difficult to continue using the OpenSSL implementation of a -cache. See `raddb/sites-available/tls-cache` for a better replacement. +cache. See `sites-available/tls-cache` for a better replacement. The OpenSSL cache can now be placed on disk, in memory, in memcache, or in a redis cache. The result is both higher performance, and more configurable. @@ -115,7 +115,7 @@ configurable. The `use_tunneled_reply` and `copy_request_to_tunnel` configuration items have been removed. Their functionality has been replaced with the `use_tunneled_reply` and `copy_request_to_tunnel` policies. See -`raddb/sites-available/inner-tunnel` and `raddb/policy.d/eap` for +`sites-available/inner-tunnel` and `policy.d/eap` for more information. These configuration items were removed because they caused issues for a @@ -163,7 +163,7 @@ supported. === rlm_expiration The `expiration` module has been replaced with an `unlang` policy. -The policy is located in `raddb/policy.d/time`. The `Expiration` +The policy is located in `policy.d/time`. The `Expiration` attribute should continue to work the same as with v3. [#rlm_ldap] diff --git a/doc/antora/modules/howto/pages/upgrade/proxy.adoc b/doc/antora/modules/howto/pages/upgrade/proxy.adoc index db0db4e0cec..7afab17a6b8 100644 --- a/doc/antora/modules/howto/pages/upgrade/proxy.adoc +++ b/doc/antora/modules/howto/pages/upgrade/proxy.adoc @@ -47,7 +47,7 @@ multiple destinations. == home_server The `home_server` configuration has been replaced with the `radius` -module. See `raddb/mods-available/radius` for examples and +module. See `mods-available/radius` for examples and documentation. == home_server_pool diff --git a/doc/antora/modules/howto/pages/vendors/ascend.adoc b/doc/antora/modules/howto/pages/vendors/ascend.adoc index 35653a94eb9..56d823da4d6 100644 --- a/doc/antora/modules/howto/pages/vendors/ascend.adoc +++ b/doc/antora/modules/howto/pages/vendors/ascend.adoc @@ -42,7 +42,7 @@ Cisco provides an Ascend compatibility mode that accepts only the OLD style Ascend attributes, which may be problematic. You can make FreeRADIUS send the OLD style attributes by prefixing the -Ascend attributes with `X-` in the `raddb/mods-config/files/authorize` file, +Ascend attributes with `X-` in the `mods-config/files/authorize` file, `sql` table, `ldap` directory, `attr_filter` module, etc… The original VSA Ascend attribute: diff --git a/doc/antora/modules/howto/partials/initial_tests.adoc b/doc/antora/modules/howto/partials/initial_tests.adoc index 9bf1a727ba6..186181a1648 100644 --- a/doc/antora/modules/howto/partials/initial_tests.adoc +++ b/doc/antora/modules/howto/partials/initial_tests.adoc @@ -1,5 +1,5 @@ Testing authentication is simple. Edit the `users` file (in v3 this has -been moved to `raddb/mods-config/files/authorize`), and add the +been moved to `mods-config/files/authorize`), and add the following line of text at the top of the file, before anything else: testing Cleartext-Password := "password"