From: nolade Date: Thu, 13 Mar 2025 16:27:05 +0000 (-0400) Subject: Regenerate from raddb source X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aff4cc17235e28843d87bf94af5257c2e7389896;p=thirdparty%2Ffreeradius-server.git Regenerate from raddb source touch $(find raddb -print) make doc.raddb --- diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/attr_filter.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/attr_filter.adoc index 35f51706a47..25caef8abdc 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/attr_filter.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/attr_filter.adoc @@ -124,23 +124,23 @@ Enforce RFC requirements on the contents of the # filename =
#} attr_filter attr_filter.pre-proxy { - key = "%{Realm}" + key = Realm filename = ${modconfdir}/${.:name}/pre-proxy } attr_filter attr_filter.post-proxy { - key = "%{Realm}" + key = Realm filename = ${modconfdir}/${.:name}/post-proxy } attr_filter attr_filter.access_reject { - key = "%{User-Name}" + key = User-Name filename = ${modconfdir}/${.:name}/access_reject } attr_filter attr_filter.access_challenge { - key = "%{User-Name}" + key = User-Name filename = ${modconfdir}/${.:name}/access_challenge } attr_filter attr_filter.accounting_response { - key = "%{User-Name}" + key = User-Name filename = ${modconfdir}/${.:name}/accounting_response } ``` diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/delay.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/delay.adoc index eb9fb673cb7..69b33be0e57 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/delay.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/delay.adoc @@ -93,7 +93,7 @@ delay { # relative = no } delay delay_reject { - delay = "%{&reply.FreeRADIUS-Response-Delay || 1}" + delay = "%{reply.FreeRADIUS-Response-Delay || 1}" relative = yes } ``` diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/detail.log.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/detail.log.adoc index f045b404ded..bddc2b1cc33 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/detail.log.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/detail.log.adoc @@ -40,27 +40,6 @@ NOTE: You will also need to un-comment the 'reply_log' line in the - -### pre_proxy - -This module logs packets proxied to a home server. - -NOTE: You will need to call it before rlm_radius is used for -proxying. See the example in `raddb/sites-available/default`. - - - - - -### post_proxy - -This module logs response packets from a home server. - -NOTE: You will need to call it after rlm_radius is used for proxying. -See the example in `raddb/sites-available/default`. - - - == Default Configuration ``` @@ -75,17 +54,6 @@ detail reply_log { filename = "${radacctdir}/%{Net.Src.IP}/reply-detail-%Y-%m-%d" permissions = 0600 } -detail pre_proxy_log { - filename = "${radacctdir}/%{Net.Src.IP}/pre-proxy-detail-%Y-%m-%d" - permissions = 0600 -# suppress { -# User-Password -# } -} -detail post_proxy_log { - filename = "${radacctdir}/%{Net.Src.IP}/post-proxy-detail-%Y-%m-%d" - permissions = 0600 -} ``` // Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/dhcpv4.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/dhcpv4.adoc index 21aba5d1ca9..4a5d2cf1a9b 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/dhcpv4.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/dhcpv4.adoc @@ -10,8 +10,8 @@ The DHCPv4 module is used as a relay. -For reach request, you should set `&control.Net.Dst.IP` and maybe -`&control.Net.Dst.Port` to the address of the next DHCPv4 server or +For reach request, you should set `control.Net.Dst.IP` and maybe +`control.Net.Dst.Port` to the address of the next DHCPv4 server or relay. Packets MUST also have a `Gateway-IP-Address` option, otherwise diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/doc.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/doc.adoc new file mode 100644 index 00000000000..65bfd4f0b83 --- /dev/null +++ b/doc/antora/modules/reference/pages/raddb/mods-available/doc.adoc @@ -0,0 +1,8 @@ + +== Default Configuration + +``` +``` + +// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/radius.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/radius.adoc index e986255d296..258cc7124ba 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/radius.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/radius.adoc @@ -298,6 +298,9 @@ status_check { ... }:: For "are you alive?" queries. If the home server does not respond to proxied packets, the module starts pinging the home server with these packets. +Disable status checks by deleting this section, or by +commenting it out. + type:: You can specify any type of request packet here, e.g. 'Access-Request', 'Accounting-Request' or @@ -313,30 +316,26 @@ as an allowed `type` above. -`Status-Server` packet contents are fixed and cannot -be edited. - -For other packet types, you can set the contents -here. The section MUST be set over -"&request. = value", and anything else -will cause a parse error. +The packet contents can be set here. We RECOMMEND that you use packet contents which lets the other end easily tell that they are not "real" packets from a NAS. -The example here is for Access-Request. The -contents will vary by other packet types. +The example here is for Status-Server. The +contents will vary by other packet types. The +Message-Authenticator attribute will be added +automatically, and does not need to be specified +here. -The module will automatically update the contents -of the Event-Timestamp attribute to be the time -when the packet is sent. The module will also -automatically add a Proxy-State attribute. +If the Event-Timestamp attribute is added, it will +be updated each time the packet is sent. -WARNING: Do NOT do SQL queries, LDAP queries, dynamic -expansions, etc. in this section. The contents are -created when a connection is opened, and are not -changeable after that. +WARNING: Do NOT do SQL queries, LDAP queries, +dynamic expansions, etc. in this section. The +contents of the packet are created when a +connection is opened, and are not changeable after +that. @@ -918,12 +917,11 @@ radius { revive_interval = 3600 status_check { type = Status-Server -# update request { -# &User-Name := "test-user" -# &User-Password := "this-is-not-a-real-password" -# &NAS-Identifier := "Status check. Are you alive?" -# &Event-Timestamp = 0 -# } + update { + User-Name := "test-user" + NAS-Identifier := "Status check. Are you alive?" + Event-Timestamp = 0 + } } file { filename = ${logdir}/packets.bin diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/radutmp.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/radutmp.adoc new file mode 100644 index 00000000000..65bfd4f0b83 --- /dev/null +++ b/doc/antora/modules/reference/pages/raddb/mods-available/radutmp.adoc @@ -0,0 +1,8 @@ + +== Default Configuration + +``` +``` + +// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/redundant_sql.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/redundant_sql.adoc index dd73372eb5d..487a9da85e2 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/redundant_sql.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/redundant_sql.adoc @@ -30,7 +30,7 @@ name of the `virtual` module. In the example below, it will be `redundant_sql`. You can then use this expansion just like any other: - &reply.Filter-Id := "%redundant_sql( ... )" + reply.Filter-Id := "%redundant_sql( ... )" In this example, the expansion is done via module `sql1`, and if that expansion fails, using module `sql2`. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/rest.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/rest.adoc index 7b835d294ef..90acf6deead 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/rest.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/rest.adoc @@ -233,7 +233,7 @@ In the `response { ... }` subsection, the following config items may be listed: |=== | Option | Description | `header` | Where to write out HTTP headers included in the response. - Must resolve to a leaf attribute i.e. &reply.REST-HTTP-Header. + Must resolve to a leaf attribute i.e. `reply.REST-HTTP-Header`. If unspecified, headers will be discarded. Values will be in the format '
: '. | `force_to` | Force the response to be decoded with this decoder. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/sradutmp.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/sradutmp.adoc new file mode 100644 index 00000000000..65bfd4f0b83 --- /dev/null +++ b/doc/antora/modules/reference/pages/raddb/mods-available/sradutmp.adoc @@ -0,0 +1,8 @@ + +== Default Configuration + +``` +``` + +// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/totp.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/totp.adoc index 5c469f46fec..da85f533758 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/totp.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/totp.adoc @@ -68,9 +68,9 @@ Cannot be larger than `time_step` == Default Configuration ``` -# `&control.TOTP.Secret` -# `&control.TOTP.Key` -# `&request.TOTP.From-User` +# `control.TOTP.Secret` +# `control.TOTP.Key` +# `request.TOTP.From-User` # https://linux.die.net/man/1/qrencode totp { time_step = 30 diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/unbound.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/unbound.adoc index 656b13bb6e9..4d805a4a67a 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/unbound.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/unbound.adoc @@ -14,7 +14,7 @@ FQDNs to be resolved during request processing. File to read unbound configuration details from. -filename = "${raddbdir}/mods-config/unbound/default.conf" +filename = "${confdir}/mods-config/unbound/default.conf" Timeout for unbound queries. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/winbind.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/winbind.adoc index ed3885f4328..58b44ac37d3 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/winbind.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/winbind.adoc @@ -79,10 +79,10 @@ connection handles. ``` winbind { - username = "%{&Stripped-User-Name || &User-Name}" + username = "%{Stripped-User-Name || User-Name}" # domain = "" group { - search_username = "%{&Stripped-User-Name || &User-Name}" + search_username = "%{Stripped-User-Name || User-Name}" # add_domain = yes } reuse { diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/yubikey.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/yubikey.adoc index 5056016f317..33459e93393 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/yubikey.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/yubikey.adoc @@ -25,8 +25,8 @@ Yubikey defaults to a 6 byte ID (2 * 6 = 12) split:: If true, the authorize method of `rlm_yubikey` will attempt to split the value of `link:https://freeradius.org/rfc/rfc2865.html#User-Password[User-Password]`, into the user's password, and the OTP token. -NOTE: If enabled and successful, the value of `&request.User-Password` will be -truncated and `&request.Vendor-Specific.Yubicon.Yubikey-OTP` will be added. +NOTE: If enabled and successful, the value of `request.User-Password` will be +truncated and `request.Vendor-Specific.Yubicon.Yubikey-OTP` will be added. @@ -59,11 +59,11 @@ Yubikey authentication needs two attributes retrieved from persistent storage: [options="header,autowidth"] |=== | Attributes | Description -| `&control.Vendor-Specific.Yubicon.Yubikey-Key` | The AES key used to decrypt the OTP data. +| `control.Vendor-Specific.Yubicon.Yubikey-Key` | The AES key used to decrypt the OTP data. The `Yubikey-Public-Id` and/or User-Name attributes may be used to retrieve the key. The value is a `16-byte` binary blob. -| `&control.Vendor-Specific.Yubicon.Yubikey-Counter` | This is compared with the counter in the OTP +| `control.Vendor-Specific.Yubicon.Yubikey-Counter` | This is compared with the counter in the OTP data and used to prevent replay attacks. This attribute will also be available in the request list after successful decryption. @@ -77,7 +77,7 @@ These attributes are available after `authorization`: [options="header,autowidth"] |=== | Attributes | Description -| `&request.Vendor-Specific.Yubicon.Yubikey-Public-ID` | The public portion of the OTP string. +| `request.Vendor-Specific.Yubicon.Yubikey-Public-ID` | The public portion of the OTP string. The value is a `id_len` modhex string. |=== @@ -86,7 +86,7 @@ and additionally if 'split' is set: [options="header,autowidth"] |=== | Attributes | Description -| `&request.Vendor-Specific.Yubicon.Yubikey-OTP` | The OTP portion of `link:https://freeradius.org/rfc/rfc2865.html#User-Password[User-Password]`. +| `request.Vendor-Specific.Yubicon.Yubikey-OTP` | The OTP portion of `link:https://freeradius.org/rfc/rfc2865.html#User-Password[User-Password]`. |=== These attributes are available after authentication (if successful): @@ -94,19 +94,19 @@ These attributes are available after authentication (if successful): [options="header,autowidth"] |=== | Attributes | Description -| `&request.Vendor-Specific.Yubicon.Yubikey-Private-ID` | The encrypted ID included in OTP data, +| `request.Vendor-Specific.Yubicon.Yubikey-Private-ID` | The encrypted ID included in OTP data, should be verified for increased security. The value is a `6-byte` binary blob. -| `&request.Vendor-Specific.Yubicon.Yubikey-Counter` | The last counter value (should be recorded). +| `request.Vendor-Specific.Yubicon.Yubikey-Counter` | The last counter value (should be recorded). The value is a concatenation of the 16-bit session count & `8-bit` use count which form a `24-bit` monotonically strictly increasing integer (until the individual count ceilings are hit) -| `&request.Vendor-Specific.Yubicon.Yubikey-Timestamp` | Token's internal clock (mainly useful for debugging). +| `request.Vendor-Specific.Yubicon.Yubikey-Timestamp` | Token's internal clock (mainly useful for debugging). The value is a 24-bit increasing `integer @ 8 Hz` with rollover which is randomly initialized each session. -| `&request.Vendor-Specific.Yubicon.Yubikey-Random` | Randomly generated value from the token. +| `request.Vendor-Specific.Yubicon.Yubikey-Random` | Randomly generated value from the token. The value is a 16-bit integer. |=== diff --git a/doc/antora/modules/reference/pages/raddb/radclient.conf.adoc b/doc/antora/modules/reference/pages/raddb/radclient.conf.adoc index 73255a18cd6..556d469b2ea 100644 --- a/doc/antora/modules/reference/pages/raddb/radclient.conf.adoc +++ b/doc/antora/modules/reference/pages/raddb/radclient.conf.adoc @@ -59,7 +59,7 @@ server default { recv Access-Request { radius if (ok) { - &reply.Packet-Type := Access-Accept + reply.Packet-Type := Access-Accept } } send Access-Accept { diff --git a/doc/antora/modules/reference/pages/raddb/radiusd.conf.adoc b/doc/antora/modules/reference/pages/raddb/radiusd.conf.adoc index 46a775dd7e4..13384ddf0ba 100644 --- a/doc/antora/modules/reference/pages/raddb/radiusd.conf.adoc +++ b/doc/antora/modules/reference/pages/raddb/radiusd.conf.adoc @@ -1,4 +1,8 @@ -= FreeRADIUS v4 Server Configuration File + + + + += FreeRADIUS server configuration file - 4.0 Read `man radiusd` before editing this file. See the section titled DEBUGGING. It outlines a method where you can quickly @@ -277,14 +281,14 @@ instead prints a place-holder value "<<< secret >>>", as follows: ... -&User-Password = "<<< secret >>>" +User-Password = "<<< secret >>>" ... Note that secret values are tracked across string -expansions, string modifications, concatenations, etc.! -i.e. if a User-Password is placed into a Reply-Message, -then the value of the Reply-Message is also marked -"secret". +expansions, string modifications, concatenations, etc. +i.e. if a `link:https://freeradius.org/rfc/rfc2865.html#User-Password[User-Password]` is placed into a `link:https://freeradius.org/rfc/rfc2865.html#Reply-Message[Reply-Message]`, +then the value of the `link:https://freeradius.org/rfc/rfc2865.html#Reply-Message[Reply-Message]` will also be marked +as "secret". This configuration is disabled by default. It is extremely important for administrators to be able to debug user @@ -702,7 +706,7 @@ For more documentation on virtual servers, see: == Default Configuration ``` -prefix = /Users/alandekok/git/wrapper//install +prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var diff --git a/doc/antora/modules/reference/pages/raddb/radrelay.conf.adoc b/doc/antora/modules/reference/pages/raddb/radrelay.conf.adoc index 66d419d4032..5a8d71fcba0 100644 --- a/doc/antora/modules/reference/pages/raddb/radrelay.conf.adoc +++ b/doc/antora/modules/reference/pages/raddb/radrelay.conf.adoc @@ -247,7 +247,7 @@ as prefix/suffix stripping, or comparisons. == Default Configuration ``` -prefix = /Users/alandekok/git/wrapper//install +prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc index 8f7a00bf737..d0d1c83720a 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc @@ -29,7 +29,7 @@ section titled DEBUGGING. It outlines a method where you can quickly obtain the configuration you want, without running into trouble. See also "man unlang", which documents the format of this file. And finally, the debug output can be complex. Please read -https://wiki.freeradius.org/radiusd-X to understand that output. +https://wiki.freeradius.org/radiusd-X[debugging] to understand that output. The best way to configure the server for your local system is to *carefully* edit this file. Most attempts to make large edits to @@ -45,7 +45,7 @@ configurations These references serve as place-holders, and as documentation. If you need the functionality of that module, then: * configure the module in xref:reference:raddb/mods-available/index.adoc[mods-available/] - * enable the module in `mods-enabled`. e.g. for LDAP, do: `cd mods-enabled;ln -s ../mods-available/ldap` + * enable the module in `mods-enabled/`. e.g. for LDAP, do: `cd mods-enabled;ln -s ../mods-available/ldap` * uncomment the references to it in this file. In most cases, those small changes will result in the server being diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/dhcp.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/dhcp.adoc index 0b4f5249e24..2b779b6159f 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/dhcp.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/dhcp.adoc @@ -10,7 +10,7 @@ See raddb/mods-config/sql/ippool/ for the schemas. See raddb/sites-available/dhcp for instructions on how to configure the DHCP server. -## The Virtual Server + The DHCP functionality goes into a virtual server. diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/dhcpv6.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/dhcpv6.adoc index 829be0139f2..1a323972c53 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/dhcpv6.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/dhcpv6.adoc @@ -4,7 +4,9 @@ ``` -## The Virtual Server + + +## The DHCPv6 Virtual Server ``` server dhcpv6 { diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/dns.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/dns.adoc index 5793476175d..24dce45181e 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/dns.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/dns.adoc @@ -1,9 +1,11 @@ -``` -# This is a virtual server that handles DNS. -``` + += The DNS Virtual Server + +The `dns` virtual server is an example of using `dns` style functionality in FreeRADIUS. + ## The Virtual Server This is the `dns` virtual server. diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/doc.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/doc.adoc new file mode 100644 index 00000000000..3de9c8a0b50 --- /dev/null +++ b/doc/antora/modules/reference/pages/raddb/sites-available/doc.adoc @@ -0,0 +1,9 @@ +``` + +== Default Configuration + +``` +``` + +// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/ldap_sync.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/ldap_sync.adoc index a52ebcccccd..8cc7401e66e 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/ldap_sync.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/ldap_sync.adoc @@ -1,4 +1,3 @@ -= LDAP Content Synchronization Operation Sample virtual server for receiving entries from an LDAP directory using the https://tools.ietf.org/html/rfc4533[RFC 4533] (LDAP Content Synchronization Operation) in @@ -6,6 +5,7 @@ refreshAndPersist mode, Active Directory using its LDAP_SERVER_NOTIFY_OID server control, or a directory implementing Persistent Search as described in https://tools.ietf.org/id/draft-ietf-ldapext-psearch-03.txt + Persistent searches work in a similar way to normal searches except they continue running indefinitely. We continue to receive notifications of changes (add, delete, modify) to entries that would have been returned @@ -19,6 +19,7 @@ information or act on it. Note: Each of the three implementations of LDAP synchronisation behave differently: + == https://tools.ietf.org/html/rfc4533[RFC 4533] This provides a robust mechanism to allow clients to maintain a @@ -30,6 +31,7 @@ However, when an object is deleted from the directory, the entry which is received only contains the DN, or, if the deletion is reported as part of the initial refresh phase it may only be the UUID. + == Active Directory Active Directory will only provide updates from the time the query started; diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/tacacs.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/tacacs.adoc index f57351d83e6..10e23ebe15b 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/tacacs.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/tacacs.adoc @@ -328,7 +328,7 @@ and User-Password have been provided by this point making ASCII authentication equivalent to PAP. Alternatively, if extra data is required, set -reply.Authentication-Status := Getdata +reply.Packet-Type := ::Authentication-GetData to request the extra data, which will be in User-Message in the next packet (if the client provides it) @@ -451,7 +451,6 @@ Add the arguments to whatever the user entered. ``` send Authorization-Pass-Add { - reply.Authorization-Status := Pass-Add reply.Server-Message := "authorization-response-server" reply.Data := "authorization-response-data" reply.Argument-List := "key1=var1" @@ -463,7 +462,6 @@ Replace whatever the user entered with the following arguments ``` send Authorization-Pass-Reply { - reply.Authorization-Status := Pass-Repl reply.Server-Message := "authorization-response-server" reply.Data := "authorization-response-data" reply.Argument-List := "key1=var1" @@ -475,7 +473,7 @@ Reject the request ``` send Authorization-Fail { - reply.Authorization-Status := Fail + } ``` @@ -497,32 +495,48 @@ Create a 'detail'ed log of the packets. } ``` + +### Accounting "type" Sections + +Each type of accounting packet is run through its own +section. The section MUST return "ok" to indicate that +it successfully handled the accounting data. + +The "ok" return code is typically set automatically when +an accounting module succeeds in its work. The explicit +"ok" here is just so that the default configuration will +return success for all accounting packets. + First packet for a session ``` accounting Start { + ok } ``` Updates a previous start ``` accounting Watchdog-Update { + ok } ``` Updates a session ``` accounting Watchdog { + ok } ``` Stops a session ``` accounting Stop { + ok } ``` -### Send +### Send Responses ``` send Accounting-Success { diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/tls.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/tls.adoc index 61800fc28b4..0ee0fe625d8 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/tls.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/tls.adoc @@ -59,8 +59,8 @@ We STRONGLY RECOMMEND that you set an idle timeout. private_key_file = ${certdir}/server.pem ``` -If Private key & Certificate are located in -the same file, then private_key_file & +If Private key and Certificate are located in +the same file, then the private_key_file and certificate_file must contain the same file name. @@ -138,7 +138,7 @@ include_length = yes Check the Certificate Revocation List 1) Copy CA certificates and CRLs to same directory. -2) Execute 'c_rehash '. +2) Execute `c_rehash /path/to/cert/directory`. 'c_rehash' is OpenSSL's command. 3) uncomment the line below. 5) Restart radiusd diff --git a/raddb/mods-available/radutmp b/raddb/mods-available/radutmp new file mode 100644 index 00000000000..e69de29bb2d diff --git a/raddb/mods-available/sradutmp b/raddb/mods-available/sradutmp new file mode 100644 index 00000000000..e69de29bb2d