From: Alan T. DeKok Date: Fri, 23 Jan 2026 23:35:19 +0000 (-0500) Subject: more remove `raddb/...` X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d8f4d46f4ed03eb9bda2eaae42e62a6f66802254;p=thirdparty%2Ffreeradius-server.git more remove `raddb/...` The various OS packages use /etc/freeradius/3.x for example, so the "raddb" name is considerably out of date. --- diff --git a/doc/antora/modules/reference/pages/raddb/certs/index.adoc b/doc/antora/modules/reference/pages/raddb/certs/index.adoc index ba27a8466cf..a9710a6fe56 100644 --- a/doc/antora/modules/reference/pages/raddb/certs/index.adoc +++ b/doc/antora/modules/reference/pages/raddb/certs/index.adoc @@ -35,7 +35,7 @@ users, and to issue client certificates for `EAP-TLS`. If you already have CA and server certificates, rename (or delete) this directory, and create a new `certs` directory containing your certificates. Note that the `make install` command will NOT over-write -your existing `raddb/certs` directory, which means that the +your existing `certs` directory, which means that the `bootstrap` command will not be run. == New Installations @@ -55,10 +55,10 @@ Then, follow the instructions below for creating real certificates. Once the final certificates have been created, you can delete the `bootstrap` command from this directory, and delete the `make_cert_command` configuration from the `tls` sub-section of -`raddb/mods-available/eap`. +`mods-available/eap`. If you do not want to enable EAP-TLS, PEAP, or EAP-TTLS, then delete the -relevant sub-sections from the `raddb/mods-available/eap` file. +relevant sub-sections from the `mods-available/eap` file. == Root Certificate @@ -196,7 +196,7 @@ with ALL operating systems. Some common issues are: them, it will stop doing EAP. The most visible effect is that the client starts EAP, gets a few `Access-Challenge` packets, and then a little while later re-starts EAP. If this happens, see the FAQ, and the comments in - `raddb/mods-available/eap` for how to fix it. + `mods-available/eap` for how to fix it. * Windows requires the root certificates to be on the client PC. If it doesn’t have them, you will see the same issue as above. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/client.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/client.adoc index 69c8ad15778..fe59830c23c 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/client.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/client.adoc @@ -21,9 +21,9 @@ configuration. You must: -1. Link `raddb/sites-enabled/dynamic_clients` to `raddb/sites-available/dynamic_clients`. +1. Link `sites-enabled/dynamic_clients` to xref:reference:raddb/sites-available/dynamic_clients.adoc[sites-available/dynamic_clients]. -2. Define a client network/mask (see the top of `raddb/sites-enabled/dynamic_clients). +2. Define a client network/mask (see the top of `sites-enabled/dynamic_clients). 3. Uncomment the `directory` entry in that client definition. @@ -34,7 +34,7 @@ The default example already does this. a normal client definition for a client with IP address `192.0.2.1`. -NOTE: For more documentation, see the file `raddb/sites-available/dynamic-clients` +NOTE: For more documentation, see the file xref:reference:raddb/sites-available/dynamic-clients.adoc[sites-available/dynamic-clients] @@ -91,5 +91,5 @@ client { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/cui.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/cui.adoc index c7480b37847..0486667ced4 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/cui.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/cui.adoc @@ -9,8 +9,8 @@ The module `cui` (`link:https://freeradius.org/rfc/rfc6572.html#Chargeable-User- module to do the bulk of the work, but has custom schemas and queries. - * Schema is in `raddb/sql/cui//schema.sql` - * Queries are in `raddb/sql/cui//queries.conf` + * Schema is in `sql/cui//schema.sql` + * Queries are in `sql/cui//queries.conf` @@ -105,5 +105,5 @@ sql cuisql { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/detail.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/detail.adoc index 0964d06489a..6bd0faad029 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/detail.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/detail.adoc @@ -35,7 +35,7 @@ e.g.: This will create a new `detail` file for every hour. If you are reading detail files via the `listen { ... }` section -(e.g. as in `raddb/sites-available/robust-proxy-accounting`), +(e.g. as in xref:reference:raddb/sites-available/robust-proxy-accounting.adoc[sites-available/robust-proxy-accounting]), you MUST use a unique directory for each combination of a `detail` file writer, and reader. @@ -129,5 +129,5 @@ detail { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/detail.example.com.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/detail.example.com.adoc index d384d9cde21..7b04179de11 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/detail.example.com.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/detail.example.com.adoc @@ -8,8 +8,8 @@ Please see the `detail` module for full documentation. Detail file writer, used in the following examples: - * `raddb/sites-available/robust-proxy-accounting` - * `raddb/sites-available/decoupled-accounting` + * xref:reference:raddb/sites-available/robust-proxy-accounting.adoc[sites-available/robust-proxy-accounting] + * xref:reference:raddb/sites-available/decoupled-accounting.adoc[sites-available/decoupled-accounting] NOTE: This module can write detail files that are read by only ONE `listen { ... }` section. If you use BOTH of the examples @@ -39,5 +39,5 @@ detail detail.example.com { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/detail.log.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/detail.log.adoc index bddc2b1cc33..c26b4116784 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/detail.log.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/detail.log.adoc @@ -21,7 +21,7 @@ instances of the `detail` module can be used to log the authentication requests to one or more files. NOTE: You will also need to un-comment the `auth_log` line in the -`recv Access-Request` section of `raddb/sites-enabled/default`. +`recv Access-Request` section of `sites-enabled/default`. @@ -36,7 +36,7 @@ This module logs authentication reply packets sent to a NAS. Both `link:https://freeradius.org/rfc/rfc2865.html#Access-Accept[Access-Accept]` and `link:https://freeradius.org/rfc/rfc2865.html#Access-Reject[Access-Reject]` packets are logged. NOTE: You will also need to un-comment the 'reply_log' line in the -`send Access-Accept` section of `raddb/sites-enabled/default`. +`send Access-Accept` section of `sites-enabled/default`. @@ -56,5 +56,5 @@ detail reply_log { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/eap.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/eap.adoc index 461d7cb3169..676faca6a22 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/eap.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/eap.adoc @@ -77,6 +77,11 @@ request will still end up being rejected. type:: Only EAP types listed below with a `type = ` pair will be allowed. +In addition, setting `type = md5` will load the configuration section `md5 { ... }`. +There is no need to "comment out" the entire configuration section for EAP types +which are not used. Instead, simply comment out or delete the `type = ..` entry +for that EAP method, and the entire configuration section will be ignored. + If the `control.EAP-Type` attribute is set, then that is used to form the list of allowed EAP types, with the first instance being the default type and others also being allowed. @@ -95,7 +100,6 @@ keys or WPA enterprise. - ### EAP-PWD (Secure password-based authentication) In v4, the "known good" password is taken from the `request.control.Password.Cleartext` list, @@ -138,14 +142,14 @@ the authentication itself. ## Common TLS configuration for TLS-based EAP types -See `raddb/certs/index.adoc` for additional comments on certificates. +See `certs/index.adoc` for additional comments on certificates. If OpenSSL was not found at the time the server was built, the `tls`, `ttls`, and `peap` sections will be ignored. If you do not currently have certificates signed by a trusted CA you may use the 'snakeoil' certificates. Included with the server in -`raddb/certs`. +`certs`. If these certificates have not been auto-generated: @@ -1381,11 +1385,11 @@ eap { # type = sim md5 { } -# pwd { -# group = 19 -# server_id = theserver@example.com -# fragment_size = 1020 -# } + pwd { + group = 19 + server_id = theserver@example.com + fragment_size = 1020 + } gtc { # challenge = "Password: " auth_type = PAP @@ -1482,5 +1486,5 @@ eap { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/eap_inner.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/eap_inner.adoc index cdc36b21f32..ae112bd0735 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/eap_inner.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/eap_inner.adoc @@ -8,7 +8,7 @@ The `eap_inner` module provides a sample configuration for an `EAP` module that occurs *inside* of a tunneled method. It is used to limit the `EAP` types that can occur inside of the inner tunnel. -See also `raddb/sites-available/inner-tunnel` +See also xref:reference:raddb/sites-available/inner-tunnel.adoc[sites-available/inner-tunnel] See the `eap` module for full documentation on the meaning of these configuration entries. @@ -174,5 +174,5 @@ eap inner-eap { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/files.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/files.adoc index a0a39d0ee7e..f13158a3fdf 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/files.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/files.adoc @@ -4,9 +4,9 @@ = Files Module -The `users` file as located in `raddb/mods-config/files/authorize`. (Livingston-style format). +The `users` file as located in `mods-config/files/authorize`. (Livingston-style format). -See the xref:reference:raddb/mods-config/files/users.adoc[users] file for information +See the raddb/mods-config/files/users.adoc file for information on the format of the input file, and how it operates. @@ -73,5 +73,5 @@ files files_accounting { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/kv.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/kv.adoc index b481dfa553d..e2183a3fc46 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/kv.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/kv.adoc @@ -74,6 +74,10 @@ The module will automatically choose a data structure based on the data type. It will be a hash table, rbtree or patricia trie store depending on the data type of the key. +Any `key` which is passed to the `kv` functions +(`%kv.write()`, `%kv.read()`, or `%kv.delete()`) must be +the same data type as is given in `key_type`. + max_entries:: Maximum entries allowed. @@ -96,7 +100,7 @@ unused) key is deleted every time a new key is inserted. ``` kv { key_type = string -# max_entries = 0 +# max_entries = 1024 } ``` diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/ldap.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/ldap.adoc index 479b86b8e5f..73e9c5b0153 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/ldap.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/ldap.adoc @@ -342,6 +342,10 @@ do not (e.g. mixed IPoE and PPPoE). +dn_attribute:: Where to cache the user's DN for use in authentication. + + + ### User membership checking @@ -953,7 +957,6 @@ my_profile = 'cn=profile1,ou=profiles,dc=example,dc=com' %ldap.profile(my_profile) ---- - == Default Configuration ``` @@ -1002,6 +1005,7 @@ ldap { # access_value_negate = 'false' # access_value_suspend = 'suspended' # expect_password = no +# dn_attribute = 'LDAP-UserDN' } group { base_dn = "${..base_dn}" @@ -1106,5 +1110,5 @@ ldap { #} ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/perl.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/perl.adoc index a274f244386..dce52656cde 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/perl.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/perl.adoc @@ -6,7 +6,7 @@ The `perl` module processes attributes through a Perl interpreter. - * Please see the `raddb/mods-config/perl/example.pl` sample. + * Please see the `mods-config/perl/example.pl` sample. * Please see http://www.perl.org/docs.html for more information about the Perl language. @@ -144,5 +144,5 @@ perl { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/python.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/python.adoc index e28ce161038..1553ff3a6fa 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/python.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/python.adoc @@ -37,7 +37,7 @@ items which control the Python path. [NOTE] ==== -See `raddb/global.d/python` for configuration items that affect the +See `global.d/python` for configuration items that affect the python interpreter globally, such as the Python path. ==== @@ -105,5 +105,5 @@ python { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/sqlcounter.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/sqlcounter.adoc index 05c827246f6..b4e95aacdfb 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/sqlcounter.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/sqlcounter.adoc @@ -134,7 +134,7 @@ utc:: Use UTC for calculating the period start and end values. Set an account to expire T seconds after first login. Requires the `Expire-After` attribute to be set, in seconds. -NOTE: You may need to edit `raddb/dictionary` to add the `Expire-After` attribute. +NOTE: You may need to edit `dictionary` to add the `Expire-After` attribute. @@ -196,5 +196,5 @@ sqlcounter expire_on_login { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/sqlippool.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/sqlippool.adoc index e3cba45c994..4ffcc955039 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/sqlippool.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/sqlippool.adoc @@ -6,12 +6,12 @@ The module `sqlippool` provide configuration for the SQL based IP Pool module. -NOTE: The database schemas are available at `raddb/sql/ippool//schema.sql`. +NOTE: The database schemas are available at `sql/ippool//schema.sql`. ## Configuration Settings -sql_module_instance:: SQL instance to use (from `raddb/mods-available/sql`) +sql_module_instance:: SQL instance to use (from xref:reference:raddb/mods-available/sql.adoc[mods-available/sql]) If you have multiple sql instances, such as `sql sql1 {...}`, use the *instance* name here: `sql1`. @@ -152,5 +152,5 @@ sqlippool { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/unpack.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/unpack.adoc index 637d3f12010..d6049647ba1 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/unpack.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/unpack.adoc @@ -16,7 +16,7 @@ NOTE: The module is useful only for `xlat`. ## Syntax -To use it, add it to the `raddb/mods-enabled/` directory. Then, +To use it, add it to the `mods-enabled/` directory. Then, use it on the right-hand side of a variable assignment. %unpack(, , [, ]) @@ -67,5 +67,5 @@ unpack { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/mods-available/wimax.adoc b/doc/antora/modules/reference/pages/raddb/mods-available/wimax.adoc index a7ece606032..55bbb12a13d 100644 --- a/doc/antora/modules/reference/pages/raddb/mods-available/wimax.adoc +++ b/doc/antora/modules/reference/pages/raddb/mods-available/wimax.adoc @@ -137,7 +137,7 @@ attributes are NOT sent in the `link:https://freeradius.org/rfc/rfc2865.html#Acc By default, the EAP modules sends `MS-MPPE-*-Key` attributes. -The default virtual server (`raddb/sites-available/default`) +The default virtual server (xref:reference:raddb/sites-available/default.adoc[sites-available/default]) contains examples of adding the `WiMAX-MSK`. This configuration option makes the WiMAX module delete @@ -182,5 +182,5 @@ wimax { } ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/radiusd.conf.adoc b/doc/antora/modules/reference/pages/raddb/radiusd.conf.adoc index 738f0f75629..1f46c385571 100644 --- a/doc/antora/modules/reference/pages/raddb/radiusd.conf.adoc +++ b/doc/antora/modules/reference/pages/raddb/radiusd.conf.adoc @@ -689,7 +689,7 @@ All of the other configuration sections like: Have been moved to the the file: -`raddb/sites-available/default` +`sites-available/default` This is the `default` virtual server that has the same configuration as in version 1.0.x and 1.1.x. The default @@ -698,7 +698,7 @@ edit it to create policies for your local site. For more documentation on virtual servers, see: -`raddb/sites-available/index.adoc` +`sites-available/index.adoc` == Default Configuration diff --git a/doc/antora/modules/reference/pages/raddb/radrelay.conf.adoc b/doc/antora/modules/reference/pages/raddb/radrelay.conf.adoc index 5a8d71fcba0..97875ac8970 100644 --- a/doc/antora/modules/reference/pages/raddb/radrelay.conf.adoc +++ b/doc/antora/modules/reference/pages/raddb/radrelay.conf.adoc @@ -15,7 +15,7 @@ packets to a home server. If you need it to do more than just replace `radrelay`, you will need to add additional configuration. -See `raddb/sites-available/copy-acct-to-home-server` for a +See `sites-available/copy-acct-to-home-server` for a more complete example. That example is intended to be run as part of a larger RADIUS configuration, where the server also listens on ports 1812, etc. The example given here @@ -223,7 +223,7 @@ type:: filename:: The filename here should be the same as the one used by the main `radiusd` program. -It writes the file using the `detail` module (see `raddb/modules/detail`). +It writes the file using the `detail` module (see `modules/detail`). @@ -235,7 +235,7 @@ This section is called when the server receives an Accounting-Request packet (which will be from the "detail" reader above. -See also `raddb/sites-available/copy-acct-to-home-server` +See also `sites-available/copy-acct-to-home-server` for additional description. diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/bfd.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/bfd.adoc index 16666f5fb4e..26b1c68f4aa 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/bfd.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/bfd.adoc @@ -15,7 +15,7 @@ The code is in FreeRADIUS because we want to know if the *application* is running. It doesn't matter if the link is up, or if the host system is running. If the FreeRADIUS daemon is down, then we want to know ASAP. -NOTE: See also `raddb/trigger.conf`. There are BFD-specific triggers +NOTE: See also `trigger.conf`. There are BFD-specific triggers which are executed when the link is started, goes up, down, or is administratively down. @@ -296,5 +296,5 @@ Sneak in more data after a BFD packet! ``` ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/bfd2.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/bfd2.adoc index 89d7f1425a7..68154c9af42 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/bfd2.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/bfd2.adoc @@ -15,7 +15,7 @@ The code is in FreeRADIUS because we want to know if the *application* is running. It doesn't matter if the link is up, or if the host system is running. If the FreeRADIUS daemon is down, then we want to know ASAP. -NOTE: See also `raddb/trigger.conf`. There are BFD-specific triggers +NOTE: See also `trigger.conf`. There are BFD-specific triggers which are executed when the link is started, goes up, down, or is administratively down. diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc index 4c632185c70..e8fde7278fb 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/default.adoc @@ -1752,41 +1752,29 @@ Filter attributes from the accounting response. ``` -## Timeouts +## Finally -A virtual server can have a `catch timeout` section. The format and -contents are the same as the normal `catch timeout`. - -This section limits the total processing time for a request. The -values given here should be less than `request.timeout`. - -When a request reaches `request.timeout`, it is forcibly stopped. -No further processing takes place. - -When a request reaches the time specified in this `timeout` section, -all normal processing is stopped. The `timeout` section is then run. - -This configuration allows the server to take action when a request -is taking too long. For example, it could write a failure message -to a log file. - -The `timeout` section can contain any `unlang` keyword, including -`call`, and other `timeout` sections. If you need to have a -"timeout for the timeout", then just add anoither `timeout` section -inside of this one. - -Note that `request.timeout` still applies. So the timeout value -given here should be less than the value given by -`request.timeout`. +If a `finally` section is defined, then all packets will be processed +through it. +This includes packets whose processing has been stopped due to reaching +`request.timeout`. Such packets can be detected by testing for the +`timeout` rcode. +The `finally` section can be used as a common logging section for +all packets, allowing their final state to be captured. ``` -# catch timeout { -# do_logging_here -# ... +#finally { +# if (timeout) { +# logging relating to timeouts +# return # } +``` +``` +# normal packet logging +#} } ``` @@ -1795,5 +1783,5 @@ given here should be less than the value given by ``` ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/doc/antora/modules/reference/pages/raddb/sites-available/vmps.adoc b/doc/antora/modules/reference/pages/raddb/sites-available/vmps.adoc index 193e04a4499..34ffe614fb8 100644 --- a/doc/antora/modules/reference/pages/raddb/sites-available/vmps.adoc +++ b/doc/antora/modules/reference/pages/raddb/sites-available/vmps.adoc @@ -86,7 +86,7 @@ create one using other attributes. ``` if (!MAC-Address) { if (Ethernet-Frame =~ /0x.{12}(..)(..)(..)(..)(..)(..).*/) { - request.MAC-Address = "%regex.match(1):%regex.match(2):%regex.match(3):%regex.match(4):%regex.match(5):%regex.match(6)" + request.MAC-Address = "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}" } else { request.MAC-Address = Cookie @@ -97,7 +97,7 @@ create one using other attributes. Do a simple mapping of MAC to VLAN. -See `raddb/mods-available/mac2vlan` for the definition of the "mac2vlan" +See xref:reference:raddb/mods-available/mac2vlan.adoc[mods-available/mac2vlan] for the definition of the "mac2vlan" module. ``` @@ -176,5 +176,5 @@ This section is called when not responding to packets. ``` ``` -// Copyright (C) 2025 Network RADIUS SAS. Licenced under CC-by-NC 4.0. +// Copyright (C) 2026 Network RADIUS SAS. Licenced under CC-by-NC 4.0. // This documentation was developed by Network RADIUS SAS. diff --git a/raddb/mods-available/client b/raddb/mods-available/client index 3f64dbd845b..8c59036bd0c 100644 --- a/raddb/mods-available/client +++ b/raddb/mods-available/client @@ -24,9 +24,9 @@ # # You must: # -# 1. Link `raddb/sites-enabled/dynamic_clients` to `raddb/sites-available/dynamic_clients`. +# 1. Link `sites-enabled/dynamic_clients` to `sites-available/dynamic_clients`. # -# 2. Define a client network/mask (see the top of `raddb/sites-enabled/dynamic_clients). +# 2. Define a client network/mask (see the top of `sites-enabled/dynamic_clients). # # 3. Uncomment the `directory` entry in that client definition. # @@ -37,7 +37,7 @@ # a normal client definition # for a client with IP address `192.0.2.1`. # -# NOTE: For more documentation, see the file `raddb/sites-available/dynamic-clients` +# NOTE: For more documentation, see the file `sites-available/dynamic-clients` # # diff --git a/raddb/mods-available/cui b/raddb/mods-available/cui index 60ba0ed06c1..1fdf7300330 100644 --- a/raddb/mods-available/cui +++ b/raddb/mods-available/cui @@ -12,8 +12,8 @@ # module to do the bulk of the work, but has custom schemas and # queries. # -# * Schema is in `raddb/sql/cui//schema.sql` -# * Queries are in `raddb/sql/cui//queries.conf` +# * Schema is in `sql/cui//schema.sql` +# * Queries are in `sql/cui//queries.conf` # # diff --git a/raddb/mods-available/detail b/raddb/mods-available/detail index 168b25c6da8..0ed8c4841fe 100644 --- a/raddb/mods-available/detail +++ b/raddb/mods-available/detail @@ -39,7 +39,7 @@ detail { # This will create a new `detail` file for every hour. # # If you are reading detail files via the `listen { ... }` section - # (e.g. as in `raddb/sites-available/robust-proxy-accounting`), + # (e.g. as in `sites-available/robust-proxy-accounting`), # you MUST use a unique directory for each combination of a `detail` # file writer, and reader. # diff --git a/raddb/mods-available/detail.example.com b/raddb/mods-available/detail.example.com index c9f2c4ac7d2..dde53a299f0 100644 --- a/raddb/mods-available/detail.example.com +++ b/raddb/mods-available/detail.example.com @@ -11,8 +11,8 @@ # # Detail file writer, used in the following examples: # -# * `raddb/sites-available/robust-proxy-accounting` -# * `raddb/sites-available/decoupled-accounting` +# * `sites-available/robust-proxy-accounting` +# * `sites-available/decoupled-accounting` # # NOTE: This module can write detail files that are read by # only ONE `listen { ... }` section. If you use BOTH of the examples diff --git a/raddb/mods-available/detail.log b/raddb/mods-available/detail.log index 705120015b3..bb87370bd37 100644 --- a/raddb/mods-available/detail.log +++ b/raddb/mods-available/detail.log @@ -24,7 +24,7 @@ # authentication requests to one or more files. # # NOTE: You will also need to un-comment the `auth_log` line in the -# `recv Access-Request` section of `raddb/sites-enabled/default`. +# `recv Access-Request` section of `sites-enabled/default`. # detail auth_log { filename = "${radacctdir}/%{Net.Src.IP}/auth-detail-%Y-%m-%d" @@ -46,7 +46,7 @@ detail auth_log { # Both `Access-Accept` and `Access-Reject` packets are logged. # # NOTE: You will also need to un-comment the 'reply_log' line in the -# `send Access-Accept` section of `raddb/sites-enabled/default`. +# `send Access-Accept` section of `sites-enabled/default`. # detail reply_log { filename = "${radacctdir}/%{Net.Src.IP}/reply-detail-%Y-%m-%d" diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap index 7681610d915..e429a8da344 100644 --- a/raddb/mods-available/eap +++ b/raddb/mods-available/eap @@ -170,14 +170,14 @@ eap { # # ## Common TLS configuration for TLS-based EAP types # - # See `raddb/certs/index.adoc` for additional comments on certificates. + # See `certs/index.adoc` for additional comments on certificates. # # If OpenSSL was not found at the time the server was built, the `tls`, # `ttls`, and `peap` sections will be ignored. # # If you do not currently have certificates signed by a trusted CA you # may use the 'snakeoil' certificates. Included with the server in - # `raddb/certs`. + # `certs`. # # If these certificates have not been auto-generated: # diff --git a/raddb/mods-available/eap_inner b/raddb/mods-available/eap_inner index c89d474862b..ac0d17afe93 100644 --- a/raddb/mods-available/eap_inner +++ b/raddb/mods-available/eap_inner @@ -11,7 +11,7 @@ # module that occurs *inside* of a tunneled method. It is used to limit # the `EAP` types that can occur inside of the inner tunnel. # -# See also `raddb/sites-available/inner-tunnel` +# See also `sites-available/inner-tunnel` # # See the `eap` module for full documentation on the meaning of these # configuration entries. diff --git a/raddb/mods-available/files b/raddb/mods-available/files index 01bd78759c0..410a55ddad3 100644 --- a/raddb/mods-available/files +++ b/raddb/mods-available/files @@ -7,7 +7,7 @@ # # = Files Module # -# The `users` file as located in `raddb/mods-config/files/authorize`. (Livingston-style format). +# The `users` file as located in `mods-config/files/authorize`. (Livingston-style format). # # See the raddb/mods-config/files/users.adoc file for information # on the format of the input file, and how it operates. diff --git a/raddb/mods-available/perl b/raddb/mods-available/perl index 8c751ddb7da..e4bdd33cbb4 100644 --- a/raddb/mods-available/perl +++ b/raddb/mods-available/perl @@ -9,7 +9,7 @@ # # The `perl` module processes attributes through a Perl interpreter. # -# * Please see the `raddb/mods-config/perl/example.pl` sample. +# * Please see the `mods-config/perl/example.pl` sample. # * Please see http://www.perl.org/docs.html for more information about the # Perl language. # diff --git a/raddb/mods-available/python b/raddb/mods-available/python index df363df9844..7170b2553a4 100644 --- a/raddb/mods-available/python +++ b/raddb/mods-available/python @@ -40,7 +40,7 @@ # # [NOTE] # ==== -# See `raddb/global.d/python` for configuration items that affect the +# See `global.d/python` for configuration items that affect the # python interpreter globally, such as the Python path. # ==== # diff --git a/raddb/mods-available/sqlcounter b/raddb/mods-available/sqlcounter index c30ee5db194..826fc177bef 100644 --- a/raddb/mods-available/sqlcounter +++ b/raddb/mods-available/sqlcounter @@ -179,7 +179,7 @@ sqlcounter noresetcounter { # Set an account to expire T seconds after first login. Requires the `Expire-After` # attribute to be set, in seconds. # -# NOTE: You may need to edit `raddb/dictionary` to add the `Expire-After` attribute. +# NOTE: You may need to edit `dictionary` to add the `Expire-After` attribute. # sqlcounter expire_on_login { sql_module_instance = sql diff --git a/raddb/mods-available/sqlippool b/raddb/mods-available/sqlippool index 4ba8d056c6d..939cb182240 100644 --- a/raddb/mods-available/sqlippool +++ b/raddb/mods-available/sqlippool @@ -9,13 +9,13 @@ # # The module `sqlippool` provide configuration for the SQL based IP Pool module. # -# NOTE: The database schemas are available at `raddb/sql/ippool//schema.sql`. +# NOTE: The database schemas are available at `sql/ippool//schema.sql`. # # ## Configuration Settings # sqlippool { # - # sql_module_instance:: SQL instance to use (from `raddb/mods-available/sql`) + # sql_module_instance:: SQL instance to use (from `mods-available/sql`) # # If you have multiple sql instances, such as `sql sql1 {...}`, # use the *instance* name here: `sql1`. diff --git a/raddb/mods-available/unpack b/raddb/mods-available/unpack index 07085f61731..7c3e7c1f44a 100644 --- a/raddb/mods-available/unpack +++ b/raddb/mods-available/unpack @@ -19,7 +19,7 @@ # # ## Syntax # -# To use it, add it to the `raddb/mods-enabled/` directory. Then, +# To use it, add it to the `mods-enabled/` directory. Then, # use it on the right-hand side of a variable assignment. # # %unpack(, , [, ]) diff --git a/raddb/mods-available/wimax b/raddb/mods-available/wimax index 1bf61e39099..fe99d3bf94d 100644 --- a/raddb/mods-available/wimax +++ b/raddb/mods-available/wimax @@ -166,7 +166,7 @@ wimax { # # By default, the EAP modules sends `MS-MPPE-*-Key` attributes. # - # The default virtual server (`raddb/sites-available/default`) + # The default virtual server (`sites-available/default`) # contains examples of adding the `WiMAX-MSK`. # # This configuration option makes the WiMAX module delete diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in index 7461bc5c56c..b62c618aa1b 100644 --- a/raddb/radiusd.conf.in +++ b/raddb/radiusd.conf.in @@ -773,7 +773,7 @@ policy { # # Have been moved to the the file: # -# `raddb/sites-available/default` +# `sites-available/default` # # This is the `default` virtual server that has the same # configuration as in version 1.0.x and 1.1.x. The default @@ -782,6 +782,6 @@ policy { # # For more documentation on virtual servers, see: # -# `raddb/sites-available/index.adoc` +# `sites-available/index.adoc` # $INCLUDE sites-enabled/ diff --git a/raddb/radrelay.conf.in b/raddb/radrelay.conf.in index fde3f3acc14..6425f4e23fc 100644 --- a/raddb/radrelay.conf.in +++ b/raddb/radrelay.conf.in @@ -18,7 +18,7 @@ # just replace `radrelay`, you will need to add additional # configuration. # -# See `raddb/sites-available/copy-acct-to-home-server` for a +# See `sites-available/copy-acct-to-home-server` for a # more complete example. That example is intended to be run # as part of a larger RADIUS configuration, where the server # also listens on ports 1812, etc. The example given here @@ -263,7 +263,7 @@ server radrelay { # filename:: The filename here should be the same as the one used by the # main `radiusd` program. # - # It writes the file using the `detail` module (see `raddb/modules/detail`). + # It writes the file using the `detail` module (see `modules/detail`). # filename = ${radacctdir}/detail @@ -278,7 +278,7 @@ server radrelay { # Accounting-Request packet (which will be from the # "detail" reader above. # - # See also `raddb/sites-available/copy-acct-to-home-server` + # See also `sites-available/copy-acct-to-home-server` # for additional description. # recv Accounting-Request { diff --git a/raddb/sites-available/bfd b/raddb/sites-available/bfd index dbdb8e328e1..7bffaba7c20 100644 --- a/raddb/sites-available/bfd +++ b/raddb/sites-available/bfd @@ -18,7 +18,7 @@ # is running. It doesn't matter if the link is up, or if the host system # is running. If the FreeRADIUS daemon is down, then we want to know ASAP. # -# NOTE: See also `raddb/trigger.conf`. There are BFD-specific triggers +# NOTE: See also `trigger.conf`. There are BFD-specific triggers # which are executed when the link is started, goes up, down, or is # administratively down. # diff --git a/raddb/sites-available/vmps b/raddb/sites-available/vmps index d34bf94c8d7..753b2e9877b 100644 --- a/raddb/sites-available/vmps +++ b/raddb/sites-available/vmps @@ -81,7 +81,7 @@ server vmps { # # Do a simple mapping of MAC to VLAN. # - # See `raddb/mods-available/mac2vlan` for the definition of the "mac2vlan" + # See `mods-available/mac2vlan` for the definition of the "mac2vlan" # module. # # mac2vlan