Dependencies of Freeradius 2.0.5

David Wood david at wood2.org.uk
Sat Jun 21 05:34:04 CEST 2008 

Hi Leander and all,

In message <485A8CBB.3020505 at gmx.net>, Leander S. 
<leander.schaefer at gmx.net> writes
>Yes, thanks I understood this. But the Reason why I'm asking is, 
>because I want to know about the version numbers which are required for 
>example with snmp - because I use FreeBSD 7.0 RELEASE and there might 
>be not the newst snmp software ready to install from the ports.

The latest SNMP software is available in FreeBSD ports - well, very 
nearly. net-mgmt/net-snmp is currently at version 5.4.1 whilst it looks 
like Net SNMP version 5.4.1.2 has just been released.

However, the issue with SNMP is not how new the SNMP software is! As has 
been said, the SNMP code in FreeRADIUS has rotted; it's not 64 bit safe, 
it uses the obsolescent smux protocol and it uses the ucd-snmp API. The 
latter of these issues means FreeRADIUS's SNMP code only works on 
FreeBSD against the obsolescent net-mgmt/net-snmp4 port, which is UCD 
SNMP.


The correct way ahead with the FreeRADIUS SNMP code is widely 
acknowledged to be a rewrite using AgentX - however the new statistics 
code may turn out to be a better option. I wonder if the current SNMP 
code will be retired now that the statistics code is available.


Rather than worrying about the dependencies, you could just install the 
FreeBSD net/freeradius2 port. I've done all the work for you - I've even 
provided an option to install every FreeRADIUS feature for which the 
libraries are available in ports.

The net/freeradius2 port isn't in 7.0-RELEASE - it missed the deadline 
to be included. Even if it hadn't missed the deadline, it would have 
been version 2.0.0.

All you need to do is to bring your ports tree up to date via your 
favourite method. 'portsnap fetch update' will do the job. At the 
moment, the port is still 2.0.3 - there's been some configuration 
management stuff to sort out that needs to go in the upgrade to 2.0.5.


Once you have an up to date ports tree in /usr/ports, the following 
commands should download and install a pre-release version of the 2.0.5 
port:

cp -R /usr/ports/net/freeradius2 freeradius2
fetch http://www.wood2.org.uk/freebsd/port-freeradius2-2.0.5.patch
patch -sd freeradius2 -i ../port-freeradius2-2.0.5.patch && \
find freeradius2 -name '*.orig' -delete
( cd freeradius2 ; make install )

should do the job.

I suggest copying and pasting those lines to a shell prompt. Note that 
the last step almost certainly requires root privileges.


If you did not already have a FreeRADIUS configuration in 
/usr/local/etc/raddb, a copy of the sample configuration is made there 
ready for your customisation and raddb/certs has been bootstrapped so 
that the server is ready to go.

Unless you deliberately disable the USER option, the server is 
configured to use the freeradius user and freeradius group (the group 
and user are created if necessary). This is recommended from a security 
perspective.

The port installs an rc.d script for radiusd.

Finally, you'll get a message on screen giving you various useful 
information including pointers to the documentation and the FreeRADIUS 
Wiki.


I hope that this latest version of the port is easier to get going 'out 
of the box' than any previous version. Whilst it's a pre-release, I've 
completed my testing on it tonight - the only task remaining is to write 
up some documentation, then hopefully I can get it committed to the 
ports tree.


** IMPORTANT **

If you have an existing FreeRADIUS configuration, back up 
/usr/local/etc/raddb *before* uninstalling the old FreeRADIUS port - 
otherwise you will finish up with unmodified files being deleted from 
your existing configuration and these files not being restored after you 
install the 2.0.5 port.

This is the issue that's delaying the upgrade until it's properly 
documented. The behaviour of the port is being changed to prevent this 
problem in the future.

For more details, see
http://www.freebsd.org/cgi/query-pr.cgi?pr=124439


** IMPORTANT **

It is important to read /usr/ports/UPDATING after updating your ports 
tree. If you haven't already been through this, there's been an update 
to gettext that means many ports need rebuilding.


Best wishes,




David
(FreeBSD port maintainer for FreeRADIUS)
-- 
David Wood
david at wood2.org.uk

More information about the Freeradius-Users mailing list