From: nolade Date: Fri, 7 Mar 2025 15:15:34 +0000 (-0500) Subject: docs: Module section update and formatting. Partials added (single source) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=739f10d4d85a48adbb515673935871ad2186db1b;p=thirdparty%2Ffreeradius-server.git docs: Module section update and formatting. Partials added (single source) --- diff --git a/doc/antora/modules/reference/nav.adoc b/doc/antora/modules/reference/nav.adoc index 1c8243a139..b2a7e7a816 100644 --- a/doc/antora/modules/reference/nav.adoc +++ b/doc/antora/modules/reference/nav.adoc @@ -34,22 +34,22 @@ **** xref:unlang/try.adoc[try] **** xref:unlang/update.adoc[update] -*** xref:unlang/local.adoc[Local variables] +*** xref:unlang/local.adoc[Local Variables] *** xref:unlang/module.adoc[Modules] -**** xref:unlang/module_method.adoc[Module methods] -**** xref:unlang/module_builtin.adoc[Built-in modules] +**** xref:unlang/module_method.adoc[Module Methods] +**** xref:unlang/module_builtin.adoc[Built-in Modules] *** xref:unlang/condition/index.adoc[Conditional Expressions] **** xref:unlang/condition/cmp.adoc[Comparisons] -**** xref:unlang/condition/expression.adoc[Mathematica Expressions] +**** xref:unlang/condition/expression.adoc[Mathematical Expressions] **** xref:unlang/condition/operands.adoc[Operands] -**** xref:unlang/condition/return_codes.adoc[The return code operator] -**** xref:unlang/condition/eq.adoc[The '==' operator] -**** xref:unlang/condition/and.adoc[The '&&' operator] -**** xref:unlang/condition/or.adoc[The '||' operator] -**** xref:unlang/condition/not.adoc[The '!' operator] -**** xref:unlang/condition/para.adoc[The '( )' operator] +**** xref:unlang/condition/return_codes.adoc[The Return Code Operator] +**** xref:unlang/condition/eq.adoc[The '==' Operator] +**** xref:unlang/condition/and.adoc[The '&&' Operator] +**** xref:unlang/condition/or.adoc[The '||' Operator] +**** xref:unlang/condition/not.adoc[The '!' Operator] +**** xref:unlang/condition/para.adoc[The '( )' Operator] **** xref:unlang/condition/regex.adoc[Regular Expressions] *** xref:unlang/list.adoc[Attribute Lists] @@ -123,11 +123,11 @@ *** xref:raddb/format.adoc[Format of the Configuration Files] *** xref:raddb/certs/index.adoc[Certificates] *** xref:raddb/global.d/index.adoc[Global Configuration] -**** xref:raddb/global.d/ldap.adoc[ldap] -**** xref:raddb/global.d/python.adoc[python] +**** xref:raddb/global.d/ldap.adoc[Ldap] +**** xref:raddb/global.d/python.adoc[Python] ** xref:raddb/mods-available/index.adoc[Modules] -*** xref:raddb/mods-available/all_modules.adoc[Summary of all modules] +*** xref:raddb/mods-available/all_modules.adoc[Summary of Modules] *** xref:raddb/mods-available/doc/authentication.adoc[Authentication] **** xref:raddb/mods-available/chap.adoc[CHAP module] @@ -141,7 +141,7 @@ **** xref:raddb/mods-available/ntlm_auth.adoc[NTLM Auth] **** xref:raddb/mods-available/pam.adoc[Pluggable Authentication] **** xref:raddb/mods-available/pap.adoc[PAP] -xref:raddb/mods-available/rest.adoc[REST] +**** xref:raddb/mods-available/rest.adoc[REST] **** xref:raddb/mods-available/totp.adoc[TOTP] **** xref:raddb/mods-available/winbind.adoc[Winbind] **** xref:raddb/mods-available/yubikey.adoc[Yubikey] @@ -152,7 +152,7 @@ xref:raddb/mods-available/rest.adoc[REST] ***** xref:raddb/mods-available/cache_tls.adoc[Cache TLS Session] **** xref:raddb/mods-available/client.adoc[Client] **** xref:raddb/mods-available/csv.adoc[CSV] -**** xref:raddb/mods-available/etc_group.adoc[etc_group] +**** xref:raddb/mods-available/etc_group.adoc[Etc_group] **** xref:raddb/mods-available/files.adoc[Files] ***** xref:raddb/mods-config/files/users.adoc[File Format] **** xref:raddb/mods-available/ldap.adoc[LDAP] @@ -163,11 +163,11 @@ xref:raddb/mods-available/rest.adoc[REST] ***** xref:raddb/mods-available/smbpasswd.adoc[SMBPasswd] **** xref:raddb/mods-available/redis.adoc[REDIS] ***** xref:raddb/mods-available/redis_ippool.adoc[IP Pool] -***** xref:raddb/mods-available/rediswho.adoc[User tracking] -**** xref:raddb/mods-available/rest.adoc[Rest] +***** xref:raddb/mods-available/rediswho.adoc[User Tracking] +**** xref:raddb/mods-available/rest.adoc[REST] **** xref:raddb/mods-available/sql.adoc[SQL] ***** xref:raddb/mods-available/sqlcounter.adoc[Counter] -***** xref:raddb/mods-available/sqlippool.adoc[IP-Pool] +***** xref:raddb/mods-available/sqlippool.adoc[IP Pool] ***** xref:raddb/mods-available/redundant_sql.adoc[Redundant] **** xref:raddb/mods-available/unix.adoc[Unix] @@ -192,7 +192,7 @@ xref:raddb/mods-available/rest.adoc[REST] **** xref:raddb/mods-available/logtee.adoc[Logtee] **** xref:raddb/mods-available/detail.adoc[Detail] ***** xref:raddb/mods-available/detail.example.com.adoc[Example] -***** xref:raddb/mods-available/detail.log.adoc[Logging] +***** xref:raddb/mods-available/detail.log.adoc[Log Example] *** xref:raddb/mods-available/doc/policy.adoc[Policy] **** xref:raddb/mods-available/always.adoc[Always] @@ -241,7 +241,7 @@ xref:raddb/mods-available/rest.adoc[REST] ***** xref:raddb/sites-available/proxy-inner-tunnel.adoc[Proxy Inner Tunnel] **** xref:raddb/sites-available/status.adoc[Status] **** xref:raddb/sites-available/doc/tacacs.adoc[TACACS+] -**** xref:raddb/sites-available/tacacs.adoc[Virtual Server] +***** xref:raddb/sites-available/tacacs.adoc[Virtual Server] **** xref:raddb/sites-available/tls.adoc[TLS] ***** xref:raddb/sites-available/tls-cache.adoc[TLS Cache] **** xref:raddb/sites-available/vmps.adoc[VMPS] diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/all_modules.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/all_modules.adoc index 0827a0281f..cd78cb16ca 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/all_modules.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/all_modules.adoc @@ -1,136 +1,28 @@ -== Authentication Modules -[options="header"] -[cols="20%,80%"] -|===== -| Module | Description -| xref:raddb/mods-available/chap.adoc[chap] | Performs Challenge Handshake Authentication Protocol (CHAP) authentication, as described by RFC 2865. -| xref:raddb/mods-available/digest.adoc[digest] | The digest module performs HTTP digest authentication, usually for a SIP server. See draft-sterman-aaa-sip-00.txt for -details. The module does not support RFC 5090. -| xref:raddb/mods-available/eap.adoc[eap] | Implements the base protocol for EAP (Extensible Authentication Protocol). -| xref:raddb/mods-available/eap_inner.adoc[eap_inner] | EAP/Inner Configuration for secure transmissions. -| xref:raddb/mods-available/imap.adoc[imap] | Allows users to be authenticated against an IMAP server. -| xref:raddb/mods-available/krb5.adoc[krb5] | Implements kerberos authentication, using the result of decrypting the TGT as an indication that the provided password was correct. -| xref:raddb/mods-available/ldap.adoc[ldap] | Can perform user authentication using LDAP binds, or by retrieving the contents of a password attribute for later comparison by a module such as rlm_pap, or an rlm_eap method. -| xref:raddb/mods-available/mschap.adoc[mschap] | Supports MS-CHAP and MS-CHAPv2 authentication. It also enforces the SMB-Account-Ctrl attribute. -| xref:raddb/mods-available/opendirectory.adoc[opendirectory] | Integrates with an Apple OpenDirectory service on the same host as FreeRADIUS to allow OpenDirectory users to authenticate. -| xref:raddb/mods-available/ntlm_auth.adoc[ntlm_auth] | NTLM Auth -| xref:raddb/mods-available/redundant_sql.adoc[redundant_sql] | Configure a redundant sql server. -| xref:raddb/mods-available/pam.adoc[pam] | Performs password checking via the Pluggable Authentication Module (PAM) framework. -| xref:raddb/mods-available/pap.adoc[pap] | Accepts a large number of formats for the "known good" (reference) password, such as crypt hashes, md5 hashes, and etc. The module takes the User-Password and performs the necessary transformations of the user submitted password -to match the copy of the password the server has retrieved. -| xref:raddb/mods-available/smbpasswd.adoc[smbpasswd] | SMBPasswd -| xref:raddb/mods-available/totp.adoc[totp] | Implemments the TOTP algorithm to fufill authentication requests. -| xref:raddb/mods-available/wimax.adoc[wimax] | Implements WiMAX authentication over RADIUS. -| xref:raddb/mods-available/winbind.adoc[winbind] | The module also allows for direct connection to Samba winbindd (version 4.2.1 or above), which communicates with -Active-Directory to retrieve group information and the user's NT-Password. -| xref:raddb/mods-available/yubikey.adoc[yubikey] | Supports authentication of yubikey tokens where the PSK is known to FreeRADIUS, and integrates with the Yubico cloud-based authentication service. -|===== - -== Authorization Modules -[options="header"] -[cols="20%,80%"] -|===== -| Module | Description -| xref:raddb/mods-available/smtp.adoc[smtp] | Allows users to submit smtp formatted, mime-encoded emails to a server Supports User-Name User-Password authentication Supports file attachments, size limited by the MTA. -|===== - -== Datastore Modules -[options="header"] -[cols="20%,80%"] -|===== -| Module | Description -| xref:raddb/mods-available/cache.adoc[cache] | Stores attributes and/or lists and adds them back to a subsequent request or to the current request on a later execution of the module. -| xref:raddb/mods-available/cache_eap.adoc[cache_eap] | Cache EAP -| xref:raddb/mods-available/cache_tls.adoc[cache_tls] | Cache TLS Session -| xref:raddb/mods-available/client.adoc[client] | Reads client definitions from flat files. -| xref:raddb/mods-available/csv.adoc[csv] | Maps values in a CSV file to FreeRADIUS attributes and adds them to the request. -| xref:raddb/mods-available/ldap.adoc[ldap] | Allows LDAP directory entries to be retrieved, modified, inserted and deleted. -| xref:raddb/mods-available/passwd.adoc[passwd] | Reads and caches line-oriented files that are in a format similar to ``/etc/passwd``. -| xref:raddb/mods-available/redis.adoc[redis] | Provides connectivity to single and clustered instances of Redis. This module exposes a string expansion that may be -used to execute queries against Redis. -| xref:raddb/mods-available/redis_ippool.adoc[redis_ippool] | Implements a fast and scalable IP allocation system using Redis. Supports both IPv4 and IPv6 address and prefix -allocation, and implements pre-allocation for use with DHCPv4. -| xref:raddb/mods-available/rediswho.adoc[rediswho] | Records which users are currently logged into the service. The file is used mainly for Simultaneous-Use checking to see -who has current sessions. -| xref:raddb/mods-available/redundant_sql.adoc[redundant_sql] | Configure a redundant sql server. -| xref:raddb/mods-available/sql.adoc[sql] | Provides an abstraction over multiple SQL backends, via database specific drivers. -| xref:raddb/mods-available/sqlippool.adoc[sqlippool] | SQL based IP allocation module. -| xref:raddb/mods-available/unix.adoc[unix] | Retrieves a user's encrypted password from the local system and places it into the ``control.Password.Crypt`` attribute. -The password is retrieved via the ``getpwent()`` and ``getspwent()`` system calls. -|===== - -== IO Modules -[options="header"] -[cols="20%,80%"] -|===== -| Module | Description -| xref:raddb/mods-available/detail.adoc[detail] | Writes attributes from a request list to a flat file in 'detail' format. -|xref:raddb/mods-available/detail.example.com.adoc[Detail Example] | Detail (Sample) -| xref:raddb/mods-available/detail.log.adoc[detail.log] | Detail Log Example -| xref:raddb/mods-available/files.adoc[files] | Implements a traditional Livingston-style users file. -| xref:raddb/mods-available/icmp.adoc[icmp] | Sends an ICMP "echo request" message to a particular IP address. - -| xref:raddb/mods-available/radius.adoc[radius] | Allows Access-Requests, Accounting-Requests, CoA-Requests and Disconnect-Messages to be sent during request processing. -| xref:raddb/mods-available/rest.adoc[rest] | Sends HTTP requests to remote servers and decodes the responses. -| xref:raddb/mods-available/unbound.adoc[unbound] | Performs queries against a DNS service to allow FQDNs to be resolved during request processing. -|===== - -== Language Modules -[options="header"] -[cols="20%,80%"] -|===== -| Module | Description -| xref:raddb/mods-available/exec.adoc[exec] | Executes an external script, passing in FreeRADIUS attributes as environmental variables or as arguments. -| xref:raddb/mods-available/lua.adoc[lua] | Allows the server to call embedded lua scripts. -| xref:raddb/mods-available/mruby.adoc[mruby] | Allows the server to call a persistent, embedded mRuby script. -| xref:raddb/mods-available/perl.adoc[perl] | Allows the server to call a persistent, embedded Perl script. -| xref:raddb/mods-available/python.adoc[python] | Allows the server to call a persistent, embedded Python script. -|===== - -== Policy Modules -[options="header"] -[cols="20%,80%"] -|===== -| Module | Description -| xref:raddb/mods-available/always.adoc[always] | Returns a pre-configured result code such as 'ok', 'noop', 'reject' etc... -| xref:raddb/mods-available/attr_filter.adoc[attr_filter] | Filters attributes in a request. Can delete attributes or permit them to have only certain values. -| xref:raddb/mods-available/cipher.adoc[cipher] | Perform cryptographic calculations on data. -| xref:raddb/mods-available/date.adoc[date] | Converts date strings between user configurable formats. -| xref:raddb/mods-available/delay.adoc[delay] | Introduces an artificial non-blocking delay when processing a request. -| xref:raddb/mods-available/escape.adoc[escape] | Escapes and unescapes strings using the MIME escape format -| xref:raddb/mods-available/idn.adoc[idn] | Converts internationalized domain names to ASCII. -| xref:raddb/mods-available/json.adoc[json] | Parses JSON strings into an in memory format using the json-c library. -| xref:raddb/mods-available/sometimes.adoc[sometimes] | Is a hashing and distribution protocol, that will sometimes return one code or another depending on the input value -configured. -| xref:raddb/mods-available/sqlcounter.adoc[sqlcounter] | Records statistics for users such as data transfer and session time, and prevent further logins when limits are reached. -| xref:raddb/mods-available/unpack.adoc[unpack] | Unpacks binary data from octets type attributes into individual attributes. -| xref:raddb/mods-available/utf8.adoc[utf8] | Checks all attributes of type string in the current request, to ensure that they only contain valid UTF8 sequences. -|===== - -== Protocol Modules -[options="header"] -[cols="20%,80%"] -|===== -| xref:raddb/mods-available/dhcpv4.adoc[dhcpv4] | Implements DHCPv4 (Dynamic Host Configuration Protocol for IPv4) client and relay. -| xref:raddb/mods-available/isc_dhcp.adoc[isc_dhcp] | isc_dhcp -|===== - -== Utility Modules -[options="header"] -[cols="20%,80%"] -|===== -| Module | Description - -| xref:raddb/mods-available/cui.adoc[cui] | CUI - -| xref:raddb/mods-available/echo.adoc[echo] | Echo -| xref:raddb/mods-available/etc_group.adoc[etc_group] | etc_group -| xref:raddb/mods-available/linelog.adoc[linelog] | Creates log entries from attributes, string expansions, or static strings, and writes them to a variety of backends, including syslog, flat files, and raw UDP/TCP sockets. -| xref:raddb/mods-available/logtee.adoc[logtee] | Tee's request logging at runtime, sending it to additional log destinations. -| xref:raddb/mods-available/mac2ip.adoc[mac2ip] | Mac2IP -| xref:raddb/mods-available/mac2vlan.adoc[mac2vlan] | Mac2Vlan -| xref:raddb/mods-available/stats.adoc[stats] | Stats -|===== += Summary of All Modules + +include::partial$authentication_table.adoc[] + +include::partial$datastore_table.adoc[] + +include::partial$formatconvert_table.adoc[] + +include::partial$language_table.adoc[] + +include::partial$logging_table.adoc[] + +include::partial$policy_table.adoc[] + +include::partial$protocol_table.adoc[] + +include::partial$utility_table.adoc[] + + + + + + + + // Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/doc/authentication.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/doc/authentication.adoc index 61c40a9f1b..6fc2bf0705 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/doc/authentication.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/doc/authentication.adoc @@ -23,32 +23,4 @@ authentication methods such as CHAP or EAP will pretty much never work. The Authentication modules available are: -* xref:raddb/mods-available/chap.adoc[CHAP module] - CHAP authentication - -* xref:raddb/mods-available/digest.adoc[Digest] - HTTP Digest Authentication - -* xref:raddb/mods-available/eap.adoc[EAP] - EAP-MD5, EAP-MSCHAPv2, TTLS, PEAP, FAST, TEAP, etc. - -** xref:raddb/mods-available/eap_inner.adoc[EAP/Inner] - limit EAP methods to ones which can be used in an "inner tunnel". - -* xref:raddb/mods-available/imap.adoc[IMAP] - check user credentials against an IMAP server - -* xref:raddb/mods-available/krb5.adoc[Kerberos] - check user credentials against a Kerberos server - -* xref:raddb/mods-available/ldap.adoc[LDAP] - check user credentials against an LDAP server - -* xref:raddb/mods-available/mschap.adoc[Microsoft CHAP] - MSCHAPv1 and MSCHAPv2 authentication. - -* xref:raddb/mods-available/ntlm_auth.adoc[NTLM Auth] - check user credentials against a Samba / Active Directory server - -* xref:raddb/mods-available/pam.adoc[Pluggable Authentication] - check user credentials against the Pluggable Authentication Method (PAM) - -* xref:raddb/mods-available/pap.adoc[PAP] - PAP authentication. Supports all common password hashing / encryption methods. - -* xref:raddb/mods-available/rest.adoc[REST] - check user credentials against a REST server - -* xref:raddb/mods-available/totp.adoc[TOTP] - perform time-based one-time-password (TOTP) checks. - -* xref:raddb/mods-available/winbind.adoc[Winbind] - check user credentials against a Samba / Active Directory server - -* xref:raddb/mods-available/yubikey.adoc[Yubikey] - check user credentials against a Yubikey server or database. +include::partial$authentication_table.adoc[] diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/doc/datastore.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/doc/datastore.adoc index 98ca6c651b..171c982271 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/doc/datastore.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/doc/datastore.adoc @@ -12,48 +12,4 @@ credentials. The available Datastore modules are: -* xref:raddb/mods-available/cache.adoc[Cache] - cache data to local disk, memcached, or redis - -** xref:raddb/mods-available/cache_eap.adoc[Cache EAP] - example of caching EAP sessions - -** xref:raddb/mods-available/cache_tls.adoc[Cache TLS Session] - example of caching TLS sessions - -* xref:raddb/mods-available/client.adoc[Client] - read client definitions dynamically from text files - -* xref:raddb/mods-available/csv.adoc[CSV] - read data from a CSV file - -* xref:raddb/mods-available/etc_group.adoc[etc_group] - read data from `/etc/group`, or similarly formatted files - -* xref:raddb/mods-available/files.adoc[Files] - read data from the `users` file. - -* xref:raddb/mods-config/files/users.adoc[Users File Format] - format of the `users` file - -* xref:raddb/mods-available/ldap.adoc[LDAP] - connect to an LDAP server - -* xref:raddb/mods-available/opendirectory.adoc[OpenDirectory] - connect to an OpenDirectory server - -* xref:raddb/mods-available/passwd.adoc[Passwd] - read data from `/etc/passwd`, or similarly formatted files - -** xref:raddb/mods-available/mac2ip.adoc[Mac2IP] - example of using the `passwd` module to lookup up IP address by MAC address - -** xref:raddb/mods-available/mac2vlan.adoc[Mac2Vlan] - example of using the `passwd` module to lookup up VLAN by MAC address - -** xref:raddb/mods-available/smbpasswd.adoc[SMBPasswd] - read data from `/etc/smbpasswd` - -* xref:raddb/mods-available/redis.adoc[Redis] - connect to a Redis server - -** xref:raddb/mods-available/redis_ippool.adoc[Redis IP Pool] - manages IP pools in Redis - -** xref:raddb/mods-available/rediswho.adoc[REDISWho] - manages online users in Redis - -* xref:raddb/mods-available/rest.adoc[Rest] - connect to a REST server - -* xref:raddb/mods-available/sql.adoc[SQL] - connect to an SQL server - -** xref:raddb/mods-available/sqlcounter.adoc[Counter] - track user activity (time / bandwidth) in SQL - -** xref:raddb/mods-available/sqlippool.adoc[IP-Pool] - manages IP pools in SQL - -** xref:raddb/mods-available/redundant_sql.adoc[Redundant] - example of using redundant connections to an SQL sercer - -* xref:raddb/mods-available/unix.adoc[Unix] - read passwords from `getpwent()` +include::partial$datastore_table.adoc[] diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/doc/format.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/doc/format.adoc index acf6a2cabf..7546e3e092 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/doc/format.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/doc/format.adoc @@ -1,14 +1,7 @@ = Formatting and Conversion Modules -The formatting and conversion modules allow the server to read and -write data in different formats. +The modules allow the server to read and write data in different formats and storage types. -* xref:raddb/mods-available/cipher.adoc[Cipher] - encrypt or decrypt data +The Formatting and Conversions modules available are: -* xref:raddb/mods-available/date.adoc[Date] - parse or print dates in specific formats - -* xref:raddb/mods-available/escape.adoc[Escape] - escape or un-escape strings - -* xref:raddb/mods-available/unpack.adoc[Unpack] - decode binary data from octet strings - -* xref:raddb/mods-available/utf8.adoc[UTF-8] - check and enforce UTF8 encoding for strings +include::partial$formatconvert_table.adoc[] diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/doc/language.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/doc/language.adoc index e439822c61..e2812c12bd 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/doc/language.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/doc/language.adoc @@ -16,14 +16,4 @@ faster. The available Language modules are: -* xref:raddb/mods-available/exec.adoc[Exec]- run external programs or shell scripts - -** xref:raddb/mods-available/echo.adoc[Echo] - example of using `echo` - -* xref:raddb/mods-available/lua.adoc[Lua] - run Lua programs - -* xref:raddb/mods-available/perl.adoc[Perl] - run Perl programs - -* xref:raddb/mods-available/python.adoc[Python] - run Python programs - -* xref:raddb/mods-available/mruby.adoc[Ruby] - run Ruby programs +include::partial$language_table.adoc[] diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/doc/logging.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/doc/logging.adoc index 2f5add11e3..9e78773ca2 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/doc/logging.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/doc/logging.adoc @@ -4,12 +4,4 @@ The logging modules write data to external destinations such as files, syslog, e The available Logging modules are: -* xref:raddb/mods-available/linelog.adoc[Linelog] - log single lines to syslog, UDP, TCP, etc. - -** xref:raddb/mods-available/logtee.adoc[Logtee] - log to multiple destinations - -* xref:raddb/mods-available/detail.adoc[Detail] - log packets in the RADIUS "detail" file format - -** xref:raddb/mods-available/detail.example.com.adoc[Detail Sample] - example of writing detail files by date - -** xref:raddb/mods-available/detail.log.adoc[Detail Log Sample] - example of logging different packets to different files +include::partial$logging_table.adoc[] diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/doc/policy.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/doc/policy.adoc index 0856cebb33..439e2b2f2e 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/doc/policy.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/doc/policy.adoc @@ -5,11 +5,4 @@ transmission, storage, server configs and behaviors. The available Policy modules are: -* xref:raddb/mods-available/always.adoc[Always] - always return a value (can be programattically changed!) - -* xref:raddb/mods-available/attr_filter.adoc[Attribute filter] - filter replies so that they contain only limited data - -* xref:raddb/mods-available/idn.adoc[IDN] - convert internationalized strings to DNS "punycode" encoding. - -* xref:raddb/mods-available/sometimes.adoc[Sometimes] - randomly succeed or fail. Mostly used for testing. - +include::partial$policy_table.adoc[] diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/doc/protocol.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/doc/protocol.adoc index 720ed20d2a..d0ed1531f1 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/doc/protocol.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/doc/protocol.adoc @@ -4,12 +4,4 @@ The protocol modules implement protocol-specific functionality. The available protocol modules are: -* xref:raddb/mods-available/dhcpv4.adoc[DHCPv4] - send DHCPv4 packets as a relay - -* xref:raddb/mods-available/isc_dhcp.adoc[ISC DHCP] - Read ISC DHCP configuration files - -* xref:raddb/mods-available/radius.adoc[Radius] - Proxy RADIUS packets - -** xref:raddb/mods-available/cui.adoc[CUI] - Manage Chargeable-User-Identifier - -** xref:raddb/mods-available/wimax.adoc[WiMAX] - Fix WiMAX issues +include::partial$protocol_table.adoc[] diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/doc/utility.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/doc/utility.adoc index 3847f6ad95..34ab89880f 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/doc/utility.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/doc/utility.adoc @@ -3,15 +3,4 @@ The utility modules implement a wide range of functionality which cannot be placed into one of the other categories. -* xref:raddb/mods-available/delay.adoc[Delay] - add a controlled delay to responses - -* xref:raddb/mods-available/dict.adoc[Dict] - look up dictionary entries by name - -* xref:raddb/mods-available/smtp.adoc[SMTP] - send email - -* xref:raddb/mods-available/stats.adoc[Stats] - gather internal server statistics - -* xref:raddb/mods-available/unbound.adoc[Unbound] - do asynchronous DNS lookips - - - +include::partial$utility_table.adoc[] diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/doc/dhcpv4.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/doc/dhcpv4.adoc index 05ef4128a4..02385556dc 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/doc/dhcpv4.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/doc/dhcpv4.adoc @@ -22,6 +22,7 @@ higher performance in high load scenarios. While one thread is accessing the database, another thread can be applying complex local policies. + == Integration into network seamlessly Large, complex networks often have a diverse combination of @@ -103,13 +104,13 @@ FreeRADIUS supports: == Why use FreeRADIUS DHCP? -* optimized to work with FreeRADIUS +* Optimized to work with FreeRADIUS. -* a simple cost-effective solution - comes with packaage and can use the same hardware +* Simple cost-effective solution - comes with packaage and can use the same hardware. -* Flexible configuration and can scale up depending on organization's needs +* Flexible configuration and can scale up depending on organization's needs. -* includes an xref:raddb/mods-available/isc_dhcp.adoc[ISC DHCP] compatibility module, which allows it to read most common ISC DHCP configuration files. +* Includes an xref:raddb/mods-available/isc_dhcp.adoc[ISC DHCP] compatibility module, which allows it to read most common ISC DHCP configuration files. == Related information diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/doc/dhcpv6.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/doc/dhcpv6.adoc index e04a50033d..9de59f25b4 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/doc/dhcpv6.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/doc/dhcpv6.adoc @@ -2,3 +2,5 @@ The DHCPv6 protocol assigns IPv6 addresses to machines. FreeRADIUS implements all of the DHCPv6 standards. + + diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/index.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/index.adoc index c7f5ebb02b..d46cca8435 100755 --- a/doc/antora/modules/reference/pages/raddb/sites-available/index.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/index.adoc @@ -41,9 +41,9 @@ above. You can create another virtual server by: -* defining a new "server foo \{…}" section in `radiusd.conf` -* Putting the normal "authorize", etc. sections inside of it -* Adding a "listen" section _inside_ of the "server" section. +* Define a new "server foo \{…}" section in `radiusd.conf` +* Put the normal "authorize", etc. sections inside of it +* Add a "listen" section _inside_ of the "server" section. e.g. diff --git a/doc/antora/modules/reference/partials/authentication_table.adoc b/doc/antora/modules/reference/partials/authentication_table.adoc new file mode 100644 index 0000000000..e0a9666491 --- /dev/null +++ b/doc/antora/modules/reference/partials/authentication_table.adoc @@ -0,0 +1,24 @@ +== Authentication Modules +[options="header"] +[cols="20%,80%"] +|===== +| Module | Description +| xref:raddb/mods-available/chap.adoc[chap] | Performs Challenge Handshake Authentication Protocol (CHAP) authentication, as described by RFC 2865. +| xref:raddb/mods-available/digest.adoc[digest] | The digest module performs HTTP digest authentication, usually for a SIP server. See draft-sterman-aaa-sip-00.txt for +details. The module does not support RFC 5090. +| xref:raddb/mods-available/eap.adoc[eap] | Implements the base protocol for EAP (Extensible Authentication Protocol). +| xref:raddb/mods-available/eap_inner.adoc[eap_inner] | EAP/Inner Configuration for secure transmissions. +| xref:raddb/mods-available/imap.adoc[imap] | Allows users to be authenticated against an IMAP server. +| xref:raddb/mods-available/krb5.adoc[krb5] | Implements kerberos authentication, using the result of decrypting the TGT as an indication that the provided password was correct. +| xref:raddb/mods-available/ldap.adoc[ldap] | Can perform user authentication using LDAP binds, or by retrieving the contents of a password attribute for later comparison by a module such as rlm_pap, or an rlm_eap method. +| xref:raddb/mods-available/mschap.adoc[mschap] | Supports MS-CHAP and MS-CHAPv2 authentication. It also enforces the SMB-Account-Ctrl attribute. +| xref:raddb/mods-available/ntlm_auth.adoc[ntlm_auth] | NTLM Auth +| xref:raddb/mods-available/pam.adoc[pam] | Performs password checking via the Pluggable Authentication Module (PAM) framework. +| xref:raddb/mods-available/pap.adoc[pap] | Accepts a large number of formats for the "known good" (reference) password, such as crypt hashes, md5 hashes, and etc. The module takes the User-Password and performs the necessary transformations of the user submitted password +to match the copy of the password the server has retrieved. +| xref:raddb/mods-available/rest.adoc[rest] | Sends HTTP requests to remote servers and decodes the responses. +| xref:raddb/mods-available/totp.adoc[totp] | Implemments the TOTP algorithm to fufill authentication requests. +| xref:raddb/mods-available/winbind.adoc[winbind] | The module also allows for direct connection to Samba winbindd (version 4.2.1 or above), which communicates with +Active-Directory to retrieve group information and the user's NT-Password. +| xref:raddb/mods-available/yubikey.adoc[yubikey] | Supports authentication of yubikey tokens where the PSK is known to FreeRADIUS, and integrates with the Yubico cloud-based authentication service. +|===== diff --git a/doc/antora/modules/reference/partials/datastore_table.adoc b/doc/antora/modules/reference/partials/datastore_table.adoc new file mode 100644 index 0000000000..c6ededd429 --- /dev/null +++ b/doc/antora/modules/reference/partials/datastore_table.adoc @@ -0,0 +1,31 @@ +== Datastore Modules +[options="header"] +[cols="20%,80%"] +|===== +| Module | Description +| xref:raddb/mods-available/cache.adoc[cache] | Stores attributes and/or lists and adds them back to a subsequent request or to the current request on a later execution of the module. +| xref:raddb/mods-available/cache_eap.adoc[cache_eap] | This cache stores replies for user sessions that are used by eap for authentication purposes. +| xref:raddb/mods-available/cache_tls.adoc[cache_tls] | Cache TLS Session saves all eap session attributes in backend cache to provide users with robust and fast session reconnections. +| xref:raddb/mods-available/client.adoc[client] | Reads client definitions from flat files. +| xref:raddb/mods-available/csv.adoc[csv] | Maps values in a CSV file to FreeRADIUS attributes and adds them to the request. +| xref:raddb/mods-available/etc_group.adoc[etc_group] | Allow users to be assigned to one or more groups to permit different levels of access. +| xref:raddb/mods-available/files.adoc[files] | Implements a traditional Livingston-style users file. +| xref:raddb/mods-config/files/users.adoc[file format] | A users file example. +| xref:raddb/mods-available/ldap.adoc[ldap] | Allows LDAP directory entries to be retrieved, modified, inserted and deleted. +| xref:raddb/mods-available/opendirectory.adoc[opendirectory] | Integrates with an Apple OpenDirectory service on the same host as FreeRADIUS to allow OpenDirectory users to authenticate. +| xref:raddb/mods-available/passwd.adoc[passwd] | Reads and caches line-oriented files that are in a format similar to ``/etc/passwd``. +| xref:raddb/mods-available/mac2ip.adoc[mac2ip] | Enables the mapping of a MAC address to an ip address. +| xref:raddb/mods-available/mac2vlan.adoc[mac2vlan] | Enables the mapping of a MAC address to an vlan id. +| xref:raddb/mods-available/smbpasswd.adoc[smbpasswd] | Performs SMB authentication using a flat password file. +| xref:raddb/mods-available/redis.adoc[redis] | Provides connectivity to single and clustered instances of Redis. This module exposes a string expansion that may be +used to execute queries against Redis. +| xref:raddb/mods-available/redis_ippool.adoc[redis_ippool] | Implements a fast and scalable IP allocation system using Redis. Supports both IPv4 and IPv6 address and prefix allocation, and implements pre-allocation for use with DHCPv4. +| xref:raddb/mods-available/rediswho.adoc[rediswho] | Records which users are currently logged into the service. The file is used mainly for Simultaneous-Use checking to see who has current sessions. +| xref:raddb/mods-available/rest.adoc[rest] | Sends HTTP requests to remote servers and decodes the responses. +| xref:raddb/mods-available/sql.adoc[sql] | Provides an abstraction over multiple SQL backends, via database specific drivers. +| xref:raddb/mods-available/sqlippool.adoc[sqlippool] | SQL based IP allocation module used to create ip pools. +| xref:raddb/mods-available/sqlcounter.adoc[sqlcounter] | Records statistics for users such as data transfer and session time, and prevent further logins when limits are reached. +| xref:raddb/mods-available/redundant_sql.adoc[redundant_sql] | Configure a redundant sql server for redundancy or load-balancing purposes. +| xref:raddb/mods-available/unix.adoc[unix] | Retrieves a user's encrypted password from the local system and places it into the ``control.Password.Crypt`` attribute. +The password is retrieved via the ``getpwent()`` and ``getspwent()`` system calls. +|===== diff --git a/doc/antora/modules/reference/partials/formatconvert_table.adoc b/doc/antora/modules/reference/partials/formatconvert_table.adoc new file mode 100644 index 0000000000..562ec2af7a --- /dev/null +++ b/doc/antora/modules/reference/partials/formatconvert_table.adoc @@ -0,0 +1,12 @@ +== Formatting and Conversion Modules +[options="header"] +[cols="20%,80%"] +|===== +| Module | Description +| xref:raddb/mods-available/cipher.adoc[cipher] | Perform cryptographic calculations on data. +| xref:raddb/mods-available/date.adoc[date] | Converts date strings between user configurable formats. +| xref:raddb/mods-available/escape.adoc[escape] | Escapes and unescapes strings using the MIME escape format +| xref:raddb/mods-available/json.adoc[json] | Parses JSON strings into an in memory format using the json-c library. +| xref:raddb/mods-available/unpack.adoc[unpack] | Unpacks binary data from octets type attributes into individual attributes. +| xref:raddb/mods-available/utf8.adoc[utf8] | Checks all attributes of type string in the current request, to ensure that they only contain valid UTF8 sequences. +|===== diff --git a/doc/antora/modules/reference/partials/language_table.adoc b/doc/antora/modules/reference/partials/language_table.adoc new file mode 100644 index 0000000000..1ef476cd02 --- /dev/null +++ b/doc/antora/modules/reference/partials/language_table.adoc @@ -0,0 +1,12 @@ +== Language Modules +[options="header"] +[cols="20%,80%"] +|===== +| Module | Description +| xref:raddb/mods-available/echo.adoc[echo] | Echo is used in conjunction with the exec module to display output from a program or command. +| xref:raddb/mods-available/exec.adoc[exec] | Executes an external script, passing in FreeRADIUS attributes as environmental variables or as arguments. +| xref:raddb/mods-available/lua.adoc[lua] | Allows the server to call embedded lua scripts. +| xref:raddb/mods-available/mruby.adoc[mruby] | Allows the server to call a persistent, embedded mRuby script. +| xref:raddb/mods-available/perl.adoc[perl] | Allows the server to call a persistent, embedded Perl script. +| xref:raddb/mods-available/python.adoc[python] | Allows the server to call a persistent, embedded Python script. +|===== diff --git a/doc/antora/modules/reference/partials/logging_table.adoc b/doc/antora/modules/reference/partials/logging_table.adoc new file mode 100644 index 0000000000..899a6ab8b4 --- /dev/null +++ b/doc/antora/modules/reference/partials/logging_table.adoc @@ -0,0 +1,10 @@ +== Logging Modules +[options="header"] +[cols="20%,80%"] +|===== +| xref:raddb/mods-available/linelog.adoc[linelog] | Creates log entries from attributes, string expansions, or static strings, and writes them to a variety of backends, including syslog, flat files, and raw UDP/TCP sockets. +| xref:raddb/mods-available/logtee.adoc[logtee] | Tee's request logging at runtime, sending it to additional log destinations. +| xref:raddb/mods-available/detail.adoc[detail] | Writes attributes from a request list to a flat file in 'detail' format. +|xref:raddb/mods-available/detail.example.com.adoc[example] | Detail file example for configuration. +| xref:raddb/mods-available/detail.log.adoc[log example] | Log example. +|===== diff --git a/doc/antora/modules/reference/partials/policy_table.adoc b/doc/antora/modules/reference/partials/policy_table.adoc new file mode 100644 index 0000000000..94da7389c2 --- /dev/null +++ b/doc/antora/modules/reference/partials/policy_table.adoc @@ -0,0 +1,10 @@ +== Policy Modules +[options="header"] +[cols="20%,80%"] +|===== +| Module | Description +| xref:raddb/mods-available/always.adoc[always] | Returns a pre-configured result code such as 'ok', 'noop', 'reject' etc... +| xref:raddb/mods-available/attr_filter.adoc[attr_filter] | Filters attributes in a request. Can delete attributes or permit them to have only certain values. +| xref:raddb/mods-available/idn.adoc[idn] | Converts internationalized domain names to ASCII. +| xref:raddb/mods-available/sometimes.adoc[sometimes] | Is a hashing and distribution protocol, that will sometimes return one code or another depending on the input value configured. +|===== diff --git a/doc/antora/modules/reference/partials/protocol_table.adoc b/doc/antora/modules/reference/partials/protocol_table.adoc new file mode 100644 index 0000000000..031c5ae79a --- /dev/null +++ b/doc/antora/modules/reference/partials/protocol_table.adoc @@ -0,0 +1,10 @@ +== Protocol Modules +[options="header"] +[cols="20%,80%"] +|===== +| xref:raddb/mods-available/cui.adoc[cui] | CUI +| xref:raddb/mods-available/dhcpv4.adoc[dhcpv4] | Implements DHCPv4 (Dynamic Host Configuration Protocol for IPv4) client and relay. +| xref:raddb/mods-available/isc_dhcp.adoc[isc_dhcp] | isc_dhcp +| xref:raddb/mods-available/radius.adoc[radius] | Allows Access-Requests, Accounting-Requests, CoA-Requests and Disconnect-Messages to be sent during request processing. +| xref:raddb/mods-available/wimax.adoc[wimax] | Implements WiMAX authentication over RADIUS. +|===== diff --git a/doc/antora/modules/reference/partials/utility_table.adoc b/doc/antora/modules/reference/partials/utility_table.adoc new file mode 100644 index 0000000000..dcfe91a41b --- /dev/null +++ b/doc/antora/modules/reference/partials/utility_table.adoc @@ -0,0 +1,10 @@ +== Utility Modules +[options="header"] +[cols="20%,80%"] +|===== +| Module | Description +| xref:raddb/mods-available/dict.adoc[dict] | Dictionary file for main definitions that used for lookups by name. +| xref:raddb/mods-available/smtp.adoc[smtp] | Allows users to submit smtp formatted, mime-encoded emails to a server Supports User-Name User-Password authentication. Supports file attachments, size limited by the MTA. +| xref:raddb/mods-available/stats.adoc[stats] | Gather internal server statistics. +| xref:raddb/mods-available/unbound.adoc[unbound] | Performs queries against a DNS service to allow FQDNs to be resolved during request processing. +|=====