Migration of FreeRadius Server from 2.1 to 3.X
Alan Buxey
alan.buxey at gmail.com
Thu Sep 7 11:25:20 CEST 2017
hi,
> I know config of version 2 will not work with config of version 3. It looks like echo module controls the exe module
??
the exec module is the main module
the provided example echo module USES the exec module
exec echo {
}
see?
>
> From exec module
>
> exec default {
> wait = yes
> output = none
> #input_pairs = request
> output_pairs = none
> # 0 - level-2 proxy; 1 - level-2 proxy password; 2 - level-2 server; 3 - level-2 basedn; 4 - level-2 account found flag;
> # 5 - level-1 kdc domain; 6 - log file name.
> program = "/idm/idmt_home/PhoneFactor/Level1Factor.pl %{config:modules.ldap.identity} %{config:modules.ldap.password} %{config:modules.ldap.server} %{config:modules.ldap.basedn} not_found \
> %{config:modules.ldap.level-1_kdc} %{config:modules.ldap.logFILEname}"
> shell_escape = yes
> }
>
> # Phone Factor
> exec phonefactor {
> wait = yes
> output = none
> #input_pairs = request
> output_pairs = none
> # 0 - level-2 proxy; 1 - level-2 proxy password; 2 - level-2 server; 3 - level-2 basedn; 4 - level-2 account found flag;
> # 5 - level-1 kdc domain; 6 - log file name; 7 - phone factor call back number
> program = "/idm/idmt_home/PhoneFactor/PhoneFactor.pl %{config:modules.ldap.identity} %{config:modules.ldap.password} %{config:modules.ldap.server} %{config:modules.ldap.basedn} found \
> %{config:modules.ldap.level-1_kdc} %{config:modules.ldap.logFILEname} %{reply:Callback-Number}"
> shell_escape = yes
> }
>
>
> Do I modify echo module to match in exec module ? or vice versa ?
so, these two sub-modules of exec, which can be called as 'default'
and 'phonefactor' elsewhere in your config - eg in the sites-enabled/*
virtual servers (PS 'default' is an awful choice)
and yes, you need to look at the FR 3.x docs and ensure your format
and entries match the 3.x configuration/specification..... also, as
already said, this is the IDEAL time, during
a migration, to clean up and optimise the config. operations with LDAP
can be done natively through LDAP module and unang and will be MUCH
MUCH quicker than calls to scripts
(more than an order of magnitude quicker AND able to deal natively
with multiple servers, failover, connection pools etc etc - thread
safe etc)
in previous migrations I have removed most modules and random
functions and sped server up - in most cases being able to make the
server more like a default install with far
fewer changes and stopping the use of eg rlm_perl and rlm_python
alan
More information about the Freeradius-Users
mailing list