Recommended value for ${db_dir} when using persist_dir

George Benjin george.benjin at gmail.com
Mon Oct 7 11:15:14 UTC 2024 

I was about to enable persistent storage of sessions with FreeRADIUS
3.2.6 on RHEL 9.4 (installed from the NetworkRADIUS repo).

The eap module states the following:

The default directory is ${logdir}, for historical reasons.  You
should ${db_dir} instead.
And check the value of db_dir in the main radiusd.conf file. It should
not point to ${raddb}.


I checked the value of db_dir in the radiusd.conf file as mentioned,
and it is set to: ${raddbdir} which evaluates to /etc/raddb.
The comment immediately above the line setting the value mentions that
it should likely be set to ${localstatedir}/lib/radiusd.

I haven't changed these settings from defaults. Should the
radiusd.conf settings be updated in the default package, and/or should
the guidance be made clearer? File excerpts below. Cheers

--------------------------------------------------------------------------------

>From eap:

#  Simple directory-based storage of sessions.
                        #  Two files per session will be written, the SSL
                        #  state and the cached VPs. This will persist session
                        #  across server restarts.
                        #
                        #  The default directory is ${logdir}, for historical
                        #  reasons.  You should ${db_dir} instead.  And check
                        #  the value of db_dir in the main radiusd.conf file.
                        #  It should not point to ${raddb}
                        #
                        #  The server will need write perms, and the directory
                        #  should be secured from anyone else. You might want
                        #  a script to remove old files from here periodically:
                        #
                        #    find ${logdir}/tlscache -mtime +2 -exec rm -f {} \;
                        #
                        #  This feature REQUIRES "name" option be set above.
                        #
                #       persist_dir = "${logdir}/tlscache"

-----------------------------------------------------------------------------

>From radiusd.conf:

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct

#
#  name of the running server.  See also the "-n" command-line option.
name = radiusd

#  Location of config and logfiles.
confdir = ${raddbdir}
modconfdir = ${confdir}/mods-config
certdir = ${confdir}/certs
cadir   = ${confdir}/certs
run_dir = ${localstatedir}/run/${name}

# Should likely be ${localstatedir}/lib/radiusd
db_dir = ${raddbdir}

More information about the Freeradius-Users mailing list