Newbie: General Questions About Installation
I'm attempting to get my hands around installing FreeRadius-1.0.4 on a Debian Linux machine while also trying learn Linux better. I've been reading through all the various documentation, but had a few general questions that I was hoping someone would be so kind to reply on. 1. All the docs show installation starting with the tar file, but no one really specifies what directory to begin from. Should I create a new user "raduser" and copy the tar file into /home/raduser or is there somewhere else that is the proper place to begin? 2. After I installed this all (in /home/raduser), is there a quick test to see if the basic functionality works properly? I read the /doc/performance&testing but reached a problem while going through the process because I couldn't find or run the /user/local/sbin/radiusd There are zero files in the /user/local/sbin directory. If it would be helpful for me to post snippets of certain log files, please let me know which ones and what parts and I'll do it. Thank you! -Chad
in console just type apt-get install freeradius or use synaptic package managed (x windows / gnome ) and do a search for Freeradius. that will install and create the user/group freerad and put all the files in their appropriate place. once thats done your configuration files will be in /etc/freeradius edit radiusd.conf to your liking & clients.conf etc -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 8/4/2005
FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on August 6, 2005 at 00:25 -0800 wrote:
in console just type apt-get install freeradius or use synaptic package managed (x windows / gnome ) and do a search for Freeradius. that will install and create the user/group freerad and put all the files in their appropriate place.
once thats done your configuration files will be in /etc/freeradius edit radiusd.conf to your liking & clients.conf etc
There's one major issue with the Debian freeradius package -- any module that requires hooks to OpenSSL is not included due to some legal issue. This includes eap_tls, eap_ttls, eap_peap, etc. The compile-from-source solution works well -- you just need to apt-get install these: libmysqlclient14-dev libldap2-dev (if you want LDAP support) libssl-dev HTH, -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George)
On Sat, Aug 06, 2005 at 02:09:59PM -0700, Kris Benson wrote:
FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on August 6, 2005 at 00:25 -0800 wrote:
in console just type apt-get install freeradius or use synaptic package managed (x windows / gnome ) and do a search for Freeradius. that will install and create the user/group freerad and put all the files in their appropriate place.
once thats done your configuration files will be in /etc/freeradius edit radiusd.conf to your liking & clients.conf etc
There's one major issue with the Debian freeradius package -- any module that requires hooks to OpenSSL is not included due to some legal issue. This includes eap_tls, eap_ttls, eap_peap, etc.
The compile-from-source solution works well -- you just need to apt-get install these: libmysqlclient14-dev libldap2-dev (if you want LDAP support) libssl-dev
(When you're dpkg-buildpackaging, it should tell you what you're missing. If there's something you need that's not listed, please let me know, as it's a particularly nasty bug that needs fixing.) If you're compilling from source for Debian (either upstream or the Debian archives) and want EAP-TLS you'll need the patch from FreeRADIUS bug #75 (Attachment id=77, right down the bottom). Other OpenSSL depending stuff (rlm_sql_postgres and SNMP agent support come to mind) doesn't need this patch. It's just for crosslinking in rlm_eap, and will be going into the next Debian version, and the debian/ directory of 1.0.5 if either occurs. I'd recommend using the upstream tarball, as the version in the Debian archive explicitly disables OpenSSL support, the upstream tarball will detect it and use it if it's there. If you want the latest debian/ directory with less mucking about and without OpenSSL disabled, you can check out the latest Debian release (the CVS tag escapes me. debian_1_0_4_2 I think) to get pretty much exactly what's in Debian, but without the SSL disabled. You can check the Debian changelog for 1.0.4-2 [1] to see if there's anything you need compared to 1.0.4-0 (the upstream release). You'll need to check out release_1_0_4 first, then go into debian/ and cvs update -r debian_1_0_4_2 or whatever the tag is. (Check CVSWeb. ^_^) [1] http://packages.debian.org/changelogs/pool/main/f/freeradius/freeradius_1.0.... -- Paul "TBBle" Hampson, on an alternate email client.
Hi,
I'm attempting to get my hands around installing FreeRadius-1.0.4 on a Debian Linux machine while also trying learn Linux better. I've been reading through all the various documentation, but had a few general questions that I was hoping someone would be so kind to reply on.
okay - so you're building from source rather than from the available package.
1. All the docs show installation starting with the tar file, but no one really specifies what directory to begin from. Should I create a new user "raduser" and copy the tar file into /home/raduser or is there somewhere else that is the proper place to begin?
well, this is all to do with how you deal with source packages....a lot of people simply extract the tarball into their home directory, or a /usr/src/ directory, then do the ./configure, make steps, then become root to do the 'make install' part. the 3 step install process. where to actually install? well, this is where many many people have different ideas. if you've have a Solaris background, then /opt/ is the place to go...eg /opt/freeradius, if you dont care, then slapping it all across the main system is where it could go (configs in /etc, binaries in /sbin and /bin, other bits in /var/raddb etc. other folk put it into /usr/local - eg configs in /usr/local/etc/raddb, /usr/local/sbin and /usr/local/bin holding the binaries, with libs lurking in /usr/local/lib. your choice is controlled by supplying the correct arguments to the ./configure process. (see its help output)
2. After I installed this all (in /home/raduser), is there a quick test to see if the basic functionality works properly? I read the /doc/performance&testing but reached a problem while going through the process because I couldn't find or run the /user/local/sbin/radiusd There are zero files in the /user/local/sbin directory.
you have compiled the program, yes? is so, then you'll need to modify the steps you take when reading such guides to account for where YOUR binaries are. if the guide says /opt/foobar/foo --takedown, but your foo binary is in /usr/local/bin/ then you need to change accordingly. (/usr/local/bin/foo --takedown) alan
On Sun, 7 Aug 2005 15:05:50 +0100 A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
I'm attempting to get my hands around installing FreeRadius-1.0.4 on a Debian Linux machine while also trying learn Linux better. I've been reading through all the various documentation, but had a few general questions that I was hoping someone would be so kind to reply on.
Install FreeBSD, go to /usr/ports/net/freeradius and simply type make install clean Voila, all you need including dependiences will be automatically installed on your system. Or if you wanna go for a BSD wannabe in the Linux world, use Gentoo, there you just type emerge freeradius and you get the same result as on BSD. Dealing with Debian you either get outdated applications or pretty unstable system, depending of the Debian branch you may want to use. Please keep in mind this is my subjective opinion based on my long time experience. And BTW, the version you are trying to install is also outdated and with known security issues. Cheers, Marcin Jessa.
FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on August 7, 2005 at 11:16 -0800 wrote:
On Sun, 7 Aug 2005 15:05:50 +0100 A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
I'm attempting to get my hands around installing FreeRadius-1.0.4 on a Debian Linux machine while also trying learn Linux better. I've been reading through all the various documentation, but had a few general questions that I was hoping someone would be so kind to reply on.
Install FreeBSD, go to /usr/ports/net/freeradius and simply type make install clean Voila, all you need including dependiences will be automatically installed on your system. Or if you wanna go for a BSD wannabe in the Linux world, use Gentoo, there you just type emerge freeradius and you get the same result as on BSD. Dealing with Debian you either get outdated applications or pretty unstable system, depending of the Debian branch you may want to use. Please keep in mind this is my subjective opinion based on my long time experience. And BTW, the version you are trying to install is also outdated and with known security issues.
Dude! He's trying to install the most recent version: 1.0.4... While I would agree that FreeBSD is generally a better choice than any Linux variant, YMMV. You are right about outdated packages -- the Debian Freeradius package is v1.0.2... and comes without EAP-TLS and anything that requires it. -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George)
On Mon, Aug 08, 2005 at 08:20:25AM -0700, Kris Benson wrote:
FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on August 7, 2005 at 11:16 -0800 wrote:
On Sun, 7 Aug 2005 15:05:50 +0100
Install FreeBSD, go to /usr/ports/net/freeradius and simply type make install clean Voila, all you need including dependiences will be automatically installed on your system. Or if you wanna go for a BSD wannabe in the Linux world, use Gentoo, there you just type emerge freeradius and you get the same result as on BSD. Dealing with Debian you either get outdated applications or pretty unstable system, depending of the Debian branch you may want to use. Please keep in mind this is my subjective opinion based on my long time experience. And BTW, the version you are trying to install is also outdated and with known security issues.
Dude! He's trying to install the most recent version: 1.0.4... While I would agree that FreeBSD is generally a better choice than any Linux variant, YMMV.
You are right about outdated packages -- the Debian Freeradius package is v1.0.2... and comes without EAP-TLS and anything that requires it.
(This is directed at both the preceeding posters. I just didn't want to type it out twice. ^_^) You may want to do a modicum of research before throwing aspersions. Given that Debian/Sarge predated FreeRADIUS 1.0.4 (and 1.0.3), and the FreeRADIUS 1.0.2 package in Debian/Sarge contains all of the essential security and bug fixes that differentiate it from 1.0.4 [1], I'd hardly call it outdated. _I_ think it's the best 1.0.2-based version available for the time, and it's still serving _me_ quite well. If there were any other security problems, a new version would be put into Debian/sarge, so it's not like it's bitrotting into a security hole. (This is true of Debian/sarge in general.) Debian/sid and Debian/etch obviously contain FreeRADIUS 1.0.4 + whatever fixes will differentiate it from 1.0.5, as appropriate. [2] And the exclusion of EAP/TLS is due to the well documented conflict between the GPL license of rlm_eap_tls and the OpenSSL license, which makes distributing binaries of rlm_eap_tls that link against openssl impossible, legally. And since there are several various sets of instructions on building your own copy of FreeRADIUS for Debian with eap-tls included, I don't feel that not distributing unlicensed binaries is a big loss compared to distributing unlicensed binaries. And I'm not going to even start on people who think the solution to any computer problem is "Blow away what you've got, install my favorite OS, and do things my way". I put time and effort into the Debian FreeRADIUS package, to make it the best it can be. You're welcome to level criticisms at it (Debian has a whole BTS to do that in ^_^) but "the packages sucks and is outdated and has security holes" based entirely on the upstream version number is a little on the wrong side of criticism for me. I'm also gonna resist the temptation to baselessly attack FreeBSD. Any opions I have on FreeBSD have been formed through FreeRADIUS, and as such are well documented on the freeradius-devel list. Certainly the preceeding preceeding poster demonstrated that their long experience may also have been a long time ago, back when Debian was only Stable and Unstable (Circa 1998 I think) and possible hadn't grasped the essential nature of the Debian distributions beyond their names. (Just like the essential nature of the FreeRADIUS version not being grasped beyond the upstream version number.) I think I'm sensing a theme here of judging books by their covers. [1] http://packages.debian.org/changelogs/pool/main/f/freeradius/freeradius_1.0.... [2] http://packages.debian.org/changelogs/pool/main/f/freeradius/freeradius_1.0.... -- Paul "TBBle" Hampson, on an alternate email client.
Paul Hampson schrieb:
And the exclusion of EAP/TLS is due to the well documented conflict between the GPL license of rlm_eap_tls and the OpenSSL license, which makes distributing binaries of rlm_eap_tls that link against openssl impossible, legally.
Given that the authors of the software are aware of the problem, wouldn't it be simply possible to modify the licence accordingly? So you end up with a software being distributed under GPL with the exception that it's explicitly allowed to distribute binaries linked against non-(L)GPL'ed open source libraries? How do companies distributing products based on FreeRADIUS handle this? That does seem like a problem to me. Do they deliver boxes with compiler and sources installed, with a startup- script that automatically starts compilation on the first power-up of the machine and then removes itself, so it's formally the customer who is compiling things? Seems ridiculuous to me ... Regards, Stefan
Stefan.Neis@t-online.de wrote:
Given that the authors of the software are aware of the problem, wouldn't it be simply possible to modify the licence accordingly?
Other projects have a specific grant saying "GPL, but linking with OpenSSL is OK". We can do the same.
How do companies distributing products based on FreeRADIUS handle this? That does seem like a problem to me.
They mostly ignore it, because the developers have indicated it's OK. We can add a specific grant to the license terms. I'll continue this discussion on freeradius-devel. Alan DeKok.
participants (8)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Kris Benson -
Marcin Jessa -
Nicholas Briere -
Paul.Hampson@PObox.com -
Stefan.Neis@t-online.de -
Waylock WISP