Recent changes
Alan DeKok
aland at deployingradius.com
Tue Apr 24 17:52:54 CEST 2007
I finally got around to updating the horrible OpenSSL certificate
handling in the server. You can now do:
$ cd /etc/raddb/certs
$ make
and you'll get sane certificates.
Don't like the values for commonName, Country, etc?
$ cd /etc/raddb/certs
$ make distclean
$ vi server.cnf
$ make server.pem
Much, much better. There's even a README that's readable. And
instructions for creating client certificates for EAP-TLS.
So far as I can tell, it works.
Also, Peter will be happy to know that you can now do:
authorize {
...
Status-Server {
foo
}
...
}
accounting {
...
Status-Server {
bar
}
...
}
It should be self-explanatory. If it isn't, the explanation is that
the modules in the Status-Server section of authorize/accounting are run
whenever the server receives a Status-Server packet. The modules can
return OK, in which case the server responds, or FAIL, in which case the
Status-Server is dropped on the floor.
There's also a Post-Proxy-Type Fail. It gets run when the server
discovers that there are no live home servers for a request. This
happens in the child thread when it's proxying, if all are dead. If the
main thread receives a retransmit, and notices that all of the home
servers are dead, it runs the request through Post-Proxy-Type Fail....
in a child thread.
Now all I have to do is make it handle HUP in a sane fashion, and
it'll be the killer app. :)
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Devel
mailing list