Recent changes

Alan DeKok aland at deployingradius.com
Tue Apr 24 17:52:54 CEST 2007


  I finally got around to updating the horrible OpenSSL certificate
handling in the server.  You can now do:

$ cd /etc/raddb/certs
$ make

  and you'll get sane certificates.

  Don't like the values for commonName, Country, etc?

$ cd /etc/raddb/certs
$ make distclean
$ vi server.cnf
$ make server.pem

  Much, much better.  There's even a README that's readable.  And
instructions for creating client certificates for EAP-TLS.

  So far as I can tell, it works.

  Also, Peter will be happy to know that you can now do:

authorize {
	...
	Status-Server {
		foo
	}
	...
}

accounting {
	...
	Status-Server {
		bar
	}
	...
}

  It should be self-explanatory.  If it isn't, the explanation is that
the modules in the Status-Server section of authorize/accounting are run
whenever the server receives a Status-Server packet.  The modules can
return OK, in which case the server responds, or FAIL, in which case the
Status-Server is dropped on the floor.

  There's also a Post-Proxy-Type Fail.  It gets run when the server
discovers that there are no live home servers for a request.  This
happens in the child thread when it's proxying, if all are dead.  If the
main thread receives a retransmit, and notices that all of the home
servers are dead, it runs the request through Post-Proxy-Type Fail....
in a child thread.

  Now all I have to do is make it handle HUP in a sane fashion, and
it'll be the killer app. :)

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Devel mailing list