SASL AuthN to LDAP

Brendan Kearney bpk678 at gmail.com
Tue Oct 18 19:52:30 CEST 2016


On 10/18/2016 11:47 AM, Brian Candler wrote:
> On 18/10/2016 16:02, Brendan Kearney wrote:
>> thanks, i figured it was going to be something along those lines.  
>> with systemd based OS's, you can created a directory, such as 
>> /etc/systemd/system/radiusd.d/ and put a .conf file in there to 
>> override or augment the service, but that does nothing for command line.
> Ubuntu 16.04 handles it like this:
>
> # cat /lib/systemd/system/freeradius.service
> [Unit]
> Description=FreeRADIUS multi-protocol policy server
> After=syslog.target network.target
> Documentation=man:radiusd(8) man:radiusd.conf(5) 
> http://wiki.freeradius.org/ http://networkradius.com/doc/
>
> [Service]
> Type=forking
> PIDFile=/run/freeradius/freeradius.pid
> EnvironmentFile=-/etc/default/freeradius
> ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
> ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
> Restart=on-failure
> RestartSec=5
>
> [Install]
> WantedBy=multi-user.target
>
> ... then you can set FREERADIUS_OPTIONS in /etc/default/freeradius, 
> but you can also set other environment variables including KRB5_*
>>   running radiusd -X will never pick up the systemd "helper" config.  
>> is there a way have that "helper" sourced when running radiusd -X? 
>
> If you're running it from the shell, then systemd (fortunately) knows 
> nothing about it. It's the one part of system operation that systemd 
> doesn't try to mess with :-)
>
> You can always write a wrapper script which sources 
> /etc/default/freeradius.
>
> B.
>
yea, fedora seems to have done away with the file equivalent to your 
EnvironmentFile (in /etc/sysconfig/).  i created 
/etc/systemd/system/radiusd.service.d/ and added a .conf file there.  i 
believe this is a systemd.unit file or config, and allows me to 
manipulate specific settings without editing the packaged service files 
that will be overwritten by newer packages.

as for cli, i just created a script, that sets the env var, runs radiusd 
-X and then unsets the env var when i ctrl+c out of radiusd -X.  now 
onto why i cant auth against Kerberos...  thanks for the info

brendan



More information about the Freeradius-Users mailing list