24
24
protocols such as PAP, CHAP, MS-CHAP(v2), HTTP Digest, and EAP
25
25
(EAP-MD5, EAP-TLS, PEAP, EAP-TTLS, EAP-SIM, etc.).
27
Version 2.0 has preliminary support for Cisco's VLAN Query Protocol,
27
It also has experimental support for Cisco's VLAN Query Protocol
30
Please read the DEBUGGING section below. It contains instructions
31
for quickly configuring the server for your local system.
30
33
The following command-line options are accepted by the server.
95
99
server in debugging mode, you \fIwill not\fP be able to see what is
96
100
doing, and you \fIwill not\fP be able to correct any problems.
98
2) When editing the \fIradiusd.conf\fP file, change as little as
99
possible, especially in the \fIauthorize{}\fP section. The ordering
100
of the modules is critical for the server to be able to
101
"automatically" figure out how to handle the request. Changing the
102
order of the modules ensures that the server will not work.
104
3) When testing, start off by configuring a user and password in the
105
\fIusers\fP file. So long as the server knows about a user, and has a
106
clear-text password for that user, \fBalmost all of the authentication
107
methods will "just work"\fP.
109
4) Gradually add more complex configurations to the server, while
110
testing them as you go. If you start off by configuring the server in
111
a complex configuration, you will never be able to debug it.
102
2) Change as little as possible in the default configuration files.
103
The server contains a decade of experience with protocols, databases,
104
and different systems. Its default configuration is designed to work
105
almost everywhere, and to do almost everything.
107
3) Make small changes to the configuration files, while testing each
108
change as you make it. If the change works, save a copy of the
109
configuration, and make another change. If the change doesn't work,
110
debug it, and try to understand why it doesn't work.
112
If you begin by making large changes to the server configuration, it
113
will never work, and you will never be able to debug it.
115
4) If you need to add a connection to a database FOO (e.g. LDAP or
119
a) Edit raddb/modules/foo
121
This file contains the default configuration for the module. It
122
contains comments describing what can be configured, and what those
123
configuration entries mean.
126
b) Edit raddb/sites-available/default
128
This file contains the default policy for the server. e.g. "enable
129
CHAP, MS-CHAP, and EAP authentication". Look in this file for all
130
references to your module "foo". Read the comments, and remove the
131
leading hash '#' from the lines referencing the module. This enables
135
c) Edit raddb/sites-available/inner-tunnel
137
This file contains the default policy for the "tunneled" portion of
138
certain EAP methods. Perform the same kind of edits as above, for the
139
"default" file.. If you are not using EAP (802.1X), then this step
143
d) Start the server in debugging mode (
145
), and start testing.
113
148
5) Ask questions on the mailing list
114
149
(freeradius-users@lists.freeradius.org). When asking questions,
115
150
include the output from debugging mode (
117
). This information will allow people to help you. Without it, your
118
message will get ignored.
152
). This information will allow people to help you. If you do not
153
include it, the first response to your message will be "post the
154
output of debug mode".
156
Ask questions earlier, rather than later. If you cannot solve a
157
problem in a day, ask a question on the mailing list. Most questions
158
have been seen before, and can be answered quickly.
120
160
\fBRADIUS\fP is a protocol spoken between an access server, typically
121
161
a device connected to several modems or ISDN lines, and a \fBradius\fP