AD Auth Question

Martin, Jeremy jmartin at emcc.edu
Mon Jan 1 14:36:52 CET 2018 

Nathan

Thanks for your input I will have to step back and think on this piece as it is honestly the first time on any package in RHEL where I have ever run into this type of thing over the last 20 years in using it so I am just a bit surprised that it came up.  So I think the avenue for this once I get it solved may be to never ever update the server as we have had to implement some custom checking with the md5 portion of eap to deal with the crappy way avaya deals with the supplicant on their ip phones.  

So thanks again for the insight.

Jeremy


> On Jan 1, 2018, at 7:54 AM, Nathan Ward <lists+freeradius at daork.net> wrote:
> 
> Hi,
> 
>> On 2/01/2018, at 1:38 AM, Martin, Jeremy <jmartin at emcc.edu> wrote:
>> 
>> Ok so this is correct the version that gets distributed with RHEL is 3.0.4 which was installed when the system was deployed and was updated to 3.0.13 as that is the current release within the system.  So now I  have two questions based on this and the work that I have put in while continuing to work on this issue:
>> 
>> 1.  Is it common practice to have to destroy the configurations for FR updates?  I would seem this could become an issue to put everything back in the configuration files if we can’t upgrade one from version to the next.  Is there a utility that is included to account for these types of issues so that FR doesn’t need to “redeployed” repeatedly?
> 
> You can use whatever configuration management system you’re comfortable with to manage the config. I use Puppet. Others use other things, including copying tar balls of config around.
> 
> As you’re on RHEL, when you install an RPM and there is a config file change, it will install an ‘rpmnew’ version of the config along side the old (current) config. When you manage RHEL boxes and you update packages, looking out for those rpmnew files and seeing if they need to be tweaked is pretty fundamental thing. Same goes for rpmsave files, but I don’t think I’ve seen the RedHat shipped FreeRADIUS packages create those.
> 
> You can have a look here and see the logic for when rpmnew and rpmsave files are created in different RPM spec file situations:
> http://people.ds.cam.ac.uk/jw35/docs/rpm_config.html <http://people.ds.cam.ac.uk/jw35/docs/rpm_config.html>
> 
> Typically, when I do an update, I’ll look at a diff between the rpm(new|save) and the config I have written. Depending on how many changes there are, there’s different approaches you can take:
> 1) Copy the changes from the new config to your config.
> 2) Re-apply your changes on top of the new config (it helps if you have git, or you use Augeas or something), and replace your config with this.
> 
> This is all basic systems admin sort of stuff though - not at all specific to FreeRADIUS so probably not the right place to discuss this in detail.
> 
> 
> I don’t have any operational experience with EAP so won’t be much help with the rest of your message sorry !
> 
> --
> Nathan Ward
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list