AD Auth Question

Nathan Ward lists+freeradius at daork.net
Mon Jan 1 13:54:53 CET 2018 

Hi,

> On 2/01/2018, at 1:38 AM, Martin, Jeremy <jmartin at emcc.edu> wrote:
> 
> Ok so this is correct the version that gets distributed with RHEL is 3.0.4 which was installed when the system was deployed and was updated to 3.0.13 as that is the current release within the system.  So now I  have two questions based on this and the work that I have put in while continuing to work on this issue:
> 
> 1.  Is it common practice to have to destroy the configurations for FR updates?  I would seem this could become an issue to put everything back in the configuration files if we can’t upgrade one from version to the next.  Is there a utility that is included to account for these types of issues so that FR doesn’t need to “redeployed” repeatedly?

You can use whatever configuration management system you’re comfortable with to manage the config. I use Puppet. Others use other things, including copying tar balls of config around.

As you’re on RHEL, when you install an RPM and there is a config file change, it will install an ‘rpmnew’ version of the config along side the old (current) config. When you manage RHEL boxes and you update packages, looking out for those rpmnew files and seeing if they need to be tweaked is pretty fundamental thing. Same goes for rpmsave files, but I don’t think I’ve seen the RedHat shipped FreeRADIUS packages create those.

You can have a look here and see the logic for when rpmnew and rpmsave files are created in different RPM spec file situations:
http://people.ds.cam.ac.uk/jw35/docs/rpm_config.html <http://people.ds.cam.ac.uk/jw35/docs/rpm_config.html>

Typically, when I do an update, I’ll look at a diff between the rpm(new|save) and the config I have written. Depending on how many changes there are, there’s different approaches you can take:
1) Copy the changes from the new config to your config.
2) Re-apply your changes on top of the new config (it helps if you have git, or you use Augeas or something), and replace your config with this.

This is all basic systems admin sort of stuff though - not at all specific to FreeRADIUS so probably not the right place to discuss this in detail.


I don’t have any operational experience with EAP so won’t be much help with the rest of your message sorry !

--
Nathan Ward

More information about the Freeradius-Users mailing list