summaryrefslogtreecommitdiffstats
path: root/redhat
diff options
context:
space:
mode:
Diffstat (limited to 'redhat')
-rw-r--r--redhat/.gitignore1
-rw-r--r--redhat/README10
-rw-r--r--redhat/freeradius-logrotate61
-rw-r--r--redhat/freeradius-pam-conf6
-rwxr-xr-xredhat/freeradius-radiusd-init191
-rw-r--r--redhat/freeradius-tmpfiles-conf1
-rw-r--r--redhat/freeradius.spec942
-rw-r--r--redhat/radiusd-pam7
-rw-r--r--redhat/radiusd.service67
9 files changed, 1286 insertions, 0 deletions
diff --git a/redhat/.gitignore b/redhat/.gitignore
new file mode 100644
index 0000000..fcd2cd1
--- /dev/null
+++ b/redhat/.gitignore
@@ -0,0 +1 @@
+freeradius-logrotate~*
diff --git a/redhat/README b/redhat/README
new file mode 100644
index 0000000..6fc814a
--- /dev/null
+++ b/redhat/README
@@ -0,0 +1,10 @@
+ The files in this directory are intended only for "generic" systems.
+If you need to build FreeRADIUS from source on a RedHat system (RHEL,
+Fedora, or CentOS), please read the following FAQ:
+
+ http://wiki.freeradius.org/guide/Red_Hat_FAQ
+
+ It was written by the person who maintains the RedHat FreeRADIUS
+packages, and contains detailed instructions for creating an RPM from
+the original RedHat spec files. This ensures that the RPMs on your
+system closely match the RedHat requirements.
diff --git a/redhat/freeradius-logrotate b/redhat/freeradius-logrotate
new file mode 100644
index 0000000..7767806
--- /dev/null
+++ b/redhat/freeradius-logrotate
@@ -0,0 +1,61 @@
+#
+# You can use this to rotate the /var/log/radius/* files, simply copy
+# it to /etc/logrotate.d/radiusd
+#
+
+#
+# The main server log
+#
+/var/log/radius/radius.log {
+ # Common options
+ monthly
+ rotate 4
+ missingok
+ compress
+ delaycompress
+ su radiusd radiusd
+
+ copytruncate
+}
+
+
+#
+# Session monitoring utilities and SQL log files (in order)
+#
+/var/log/radius/checkrad.log /var/log/radius/radwatch.log
+/var/log/radius/sqllog.sql
+{
+ # Common options
+ monthly
+ rotate 4
+ missingok
+ compress
+ delaycompress
+ su radiusd radiusd
+
+ nocreate
+}
+
+
+#
+# There are different detail-rotating strategies you can use. One is
+# to write to a single detail file per IP and use the rotate config
+# below. Another is to write to a daily detail file per IP with:
+#
+# detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail
+#
+# (or similar) in radiusd.conf, without rotation. If you go with the
+# second technique, you will need another cron job that removes old
+# detail files. You do not need to comment out the below for method #2.
+#
+/var/log/radius/radacct/*/detail {
+ # Common options
+ monthly
+ rotate 4
+ missingok
+ compress
+ delaycompress
+ su radiusd radiusd
+
+ nocreate
+}
diff --git a/redhat/freeradius-pam-conf b/redhat/freeradius-pam-conf
new file mode 100644
index 0000000..090c4a5
--- /dev/null
+++ b/redhat/freeradius-pam-conf
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth include password-auth
+account required pam_nologin.so
+account include password-auth
+password include password-auth
+session include password-auth
diff --git a/redhat/freeradius-radiusd-init b/redhat/freeradius-radiusd-init
new file mode 100755
index 0000000..d19b2d4
--- /dev/null
+++ b/redhat/freeradius-radiusd-init
@@ -0,0 +1,191 @@
+#!/bin/sh
+#
+# radiusd Start/Stop the FreeRADIUS daemon
+#
+# chkconfig: - 88 10
+# description: Extensible, configurable, high performance RADIUS server.
+
+### BEGIN INIT INFO
+# Provides: radiusd
+# Required-Start: $network
+# Required-Stop:
+# Default-Start:
+# Default-Stop:
+# Should-Start: $time $syslog mysql ldap postgresql samba krb5-kdc
+# Should-Stop:
+# Short-Description: FreeRADIUS server
+# Description: Extensible, configurable, high performance RADIUS server.
+### END INIT INFO
+
+# Source function library.
+
+# Get the wrappers for the standard lsb init functions
+. /lib/lsb/init-functions
+
+# and the distro specific ones
+. /etc/init.d/functions
+
+prog=radiusd
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+exec=${exec:=/usr/sbin/$prog}
+config_dir=${config_dir:=/etc/raddb}
+config=${config:=$config_dir/radiusd.conf}
+pidfile=${pidfile:=/var/run/$prog/$prog.pid}
+lockfile=${lockfile:=/var/lock/subsys/radiusd}
+
+configtest() {
+ echo -n $"Checking $prog configuration: "
+ out=`$exec -Cxl stdout -d $config_dir`; retval=$?
+ out=`echo "${out}" | tail -n 1 | sed 's/^\s*ERROR:\s*\(.*\)\s*$/\1/'`
+
+ # Seems some LSB function implementations *really* need
+ # a log message < 60 chars long, else output gets mangled.
+ if [ $retval -eq 0 ]; then
+ log_success_msg
+ else
+ if [ $(expr length "$out") -gt 60 ]; then
+ log_failure_msg
+ echo "$out" 1>&2
+ else
+ log_failure_msg "$out"
+ fi
+ fi
+ return $retval
+}
+
+start() {
+ echo -n $"Starting $prog: "
+
+ if [ ! -x $exec ]; then
+ log_failure_msg "$exec not found or not executable"
+ exit 5
+ fi
+
+ if [ ! -f $config ]; then
+ log_failure_msg "Can't find radiusd.conf"
+ exit 6
+ fi
+
+ start_daemon -p $pidfile $exec -d $config_dir
+ retval=$?
+ if [ $retval -eq 0 ]; then
+ log_success_msg
+ else
+ log_failure_msg
+ fi
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ killproc -p $pidfile $prog
+ retval=$?
+ if [ $retval -eq 0 ]; then
+ log_success_msg
+ rm -f $lockfile
+ else
+ log_failure_msg
+ fi
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ # radiusd may not be capable of a 100% configuration reload depending
+ # on which loadable modules are in use, if sending the server a
+ # HUP is not sufficient then use restart here instead. However, we
+ # prefer by default to use HUP since it's what is usually desired.
+ #
+ # restart
+
+ kill -HUP `pidofproc -p $pidfile $prog`
+}
+
+force_reload() {
+ restart
+}
+
+rh_status() {
+ # run checks to determine if the service is running or use generic status
+ status -p $pidfile $prog
+}
+
+rh_status_q() {
+ rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+ start)
+ rh_status_q && exit 0
+ configtest || exit 150
+ $1
+ ;;
+
+ stop)
+ rh_status_q || exit 0
+ $1
+ ;;
+
+ restart)
+ configtest || exit 150
+ $1
+ ;;
+
+ reload)
+ rh_status_q || exit 7
+ configtest || exit 150
+ $1
+ ;;
+
+ force-reload)
+ configtest || exit 150
+ force_reload
+ ;;
+
+ condrestart|try-restart)
+ configtest || exit 150
+ rh_status_q || exit 0
+ restart
+ ;;
+
+ configtest|testconfig)
+ configtest || exit 150
+ ;;
+
+ debug)
+ echo -n $"Debugging $prog: "
+ if rh_status_q; then
+ log_failure_msg "$prog already running; for live debugging see raddebug(8)"
+ exit 151
+ else
+ log_success_msg
+ fi
+ $exec -X -d $config_dir || exit $?
+ ;;
+
+ debug-threaded)
+ echo -n $"Debugging $prog: "
+ if rh_status_q; then
+ log_failure_msg "$prog already running; for live debugging see raddebug(8)"
+ exit 151
+ else
+ log_success_msg
+ fi
+ $exec -f -xx -l stdout -d $config_dir || exit $?
+ ;;
+
+ status)
+ rh_status
+ ;;
+
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest|debug|debug-threaded}"
+ exit 2
+esac
+exit $?
diff --git a/redhat/freeradius-tmpfiles-conf b/redhat/freeradius-tmpfiles-conf
new file mode 100644
index 0000000..ead7a2f
--- /dev/null
+++ b/redhat/freeradius-tmpfiles-conf
@@ -0,0 +1 @@
+D /var/run/radiusd 0710 radiusd radiusd -
diff --git a/redhat/freeradius.spec b/redhat/freeradius.spec
new file mode 100644
index 0000000..9b65090
--- /dev/null
+++ b/redhat/freeradius.spec
@@ -0,0 +1,942 @@
+%bcond_with rlm_yubikey
+%bcond_without ldap
+# %%bcond_with experimental_modules
+
+%{!?_with_rlm_cache_memcached: %global _without_rlm_cache_memcached --without-rlm_cache_memcached}
+%{!?_with_rlm_eap_pwd: %global _without_rlm_eap_pwd --without-rlm_eap_pwd}
+%{!?_with_rlm_eap_tnc: %global _without_rlm_eap_tnc --without-rlm_eap_tnc}
+%{!?_with_rlm_yubikey: %global _without_rlm_yubikey --without-rlm_yubikey}
+%{?_without_ldap: %global _without_libfreeradius_ldap --without-libfreeradius-ldap}
+
+# experimental modules
+%bcond_with rlm_idn
+%bcond_with rlm_ruby
+%bcond_with rlm_sql_oracle
+%{?_with_rlm_idn: %global _with_experimental_modules --with-experimental-modules}
+%{?_with_rlm_opendirectory: %global _with_experimental_modules --with-experimental-modules}
+%{?_with_rlm_ruby: %global _with_experimental_modules --with-experimental-modules}
+%{?_with_rlm_securid: %global _with_experimental_modules --with-experimental-modules}
+%{?_with_rlm_sql_oracle: %global _with_experimental_modules --with-experimental-modules}
+
+%if %{?_with_experimental_modules:1}%{!?_with_experimental_modules:0}
+%{!?_with_rlm_idn: %global _without_rlm_idn --without-rlm_idn}
+%{!?_with_rlm_opendirectory: %global _without_rlm_opendirectory --without-rlm_opendirectory}
+%{!?_with_rlm_ruby: %global _without_rlm_ruby --without-rlm_ruby}
+%{!?_with_rlm_securid: %global _without_rlm_securid --without-rlm_securid}
+%{!?_with_rlm_sql_oracle: %global _without_rlm_sql_oracle --without-rlm_sql_oracle}
+%endif
+
+%{?el6: %global _without_libwbclient --with-winbind-dir=/nonexistant}
+
+Summary: High-performance and highly configurable free RADIUS server
+Name: freeradius
+Version: 3.2.1
+Release: 1%{?dist}
+License: GPLv2+ and LGPLv2+
+Group: System Environment/Daemons
+URL: http://www.freeradius.org/
+
+Source0: ftp://ftp.freeradius.org/pub/radius/freeradius-server-%{version}.tar.bz2
+%if %{?_unitdir:1}%{!?_unitdir:0}
+Source100: radiusd.service
+Source104: freeradius-tmpfiles-conf
+%else
+Source100: freeradius-radiusd-init
+%define initddir %{?_initddir:%{_initddir}}%{!?_initddir:%{_initrddir}}
+%endif
+
+Source102: freeradius-logrotate
+Source103: freeradius-pam-conf
+
+Obsoletes: freeradius-devel
+Obsoletes: freeradius-libs
+
+%define docdir %{_docdir}/freeradius-%{version}
+%define initddir %{?_initddir:%{_initddir}}%{!?_initddir:%{_initrddir}}
+
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires: autoconf
+BuildRequires: gdbm-devel
+BuildRequires: openssl, openssl-devel
+BuildRequires: pam-devel
+BuildRequires: zlib-devel
+BuildRequires: net-snmp-devel
+BuildRequires: net-snmp-utils
+%{?el7:BuildRequires: libwbclient-devel}
+%{?el7:BuildRequires: samba-devel}
+%if %{?_unitdir:1}%{!?_unitdir:0}
+BuildRequires: systemd-devel
+%endif
+BuildRequires: readline-devel
+BuildRequires: libpcap-devel
+BuildRequires: libtalloc-devel
+BuildRequires: libcurl-devel
+
+Requires(pre): shadow-utils glibc-common
+Requires(post): /sbin/chkconfig
+Requires(preun): /sbin/chkconfig
+Requires: freeradius-config = %{version}-%{release}
+Requires: openssl
+Requires: libpcap
+Requires: readline
+Requires: libtalloc
+Requires: net-snmp
+%{?el7:Requires: libwbclient}
+Requires: zlib
+Requires: pam
+%{?el6:Requires: redhat-lsb-core}
+
+%if %{?_with_rlm_idn:1}%{?!_with_rlm_idn:0}
+Requires: libidn
+BuildRequires: libidn-devel
+%endif
+
+%description
+The FreeRADIUS Server Project is a high performance and highly configurable
+GPL'd free RADIUS server. The server is similar in some respects to
+Livingston's 2.0 server. While FreeRADIUS started as a variant of the
+Cistron RADIUS server, they don't share a lot in common any more. It now has
+many more features than Cistron or Livingston, and is much more configurable.
+
+FreeRADIUS is an Internet authentication daemon, which implements the RADIUS
+protocol, as defined in RFC 2865 (and others). It allows Network Access
+Servers (NAS boxes) to perform authentication for dial-up users. There are
+also RADIUS clients available for Web servers, firewalls, Unix logins, and
+more. Using RADIUS allows authentication and authorization for a network to
+be centralized, and minimizes the amount of re-configuration which has to be
+done when adding or deleting new users.
+
+# CentOS defines debug package by default. Only define it if not already defined
+%if 0%{!?_enable_debug_packages:1}
+%debug_package
+%endif
+
+%if %{?_with_rlm_cache_memcached:1}%{?!_with_rlm_cache_memcached:0}
+%package memcached
+Summary: Memcached support for freeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: libmemcached
+BuildRequires: libmemcached-devel
+
+%description memcached
+Adds support for rlm_memcached as a cache driver.
+%endif
+
+%package config
+Group: System Environment/Daemons
+Summary: FreeRADIUS config files
+Provides: freeradius-config
+
+%description config
+FreeRADIUS default config files
+This package should be used as a base for a site local package
+to configure the FreeRADIUS server.
+Requires: make
+Requires: util-linux
+
+%package utils
+Group: System Environment/Daemons
+Summary: FreeRADIUS utilities
+Requires: %{name} = %{version}-%{release}
+Requires: libpcap >= 0.9.4
+
+%description utils
+The FreeRADIUS server has a number of features found in other servers,
+and additional features not found in any other server. Rather than
+doing a feature by feature comparison, we will simply list the features
+of the server, and let you decide if they satisfy your needs.
+
+Support for RFC and VSA Attributes Additional server configuration
+attributes Selecting a particular configuration Authentication methods
+
+%package perl-util
+Group: System Environment/Daemons
+Summary: FreeRADIUS Perl utilities
+Requires: perl-Net-IP
+
+%description perl-util
+This package provides Perl utilities for managing IP pools stored in
+SQL databases.
+
+%if %{!?_without_ldap:1}%{?_without_ldap:0}
+%package ldap
+Summary: LDAP support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+%if 0%{?rhel} <= 8
+Requires: openldap-ltb
+BuildRequires: openldap-ltb
+%endif
+%if 0%{?rhel} >= 9
+Requires: openldap
+BuildRequires: openldap-devel
+%endif
+
+%description ldap
+This plugin provides LDAP support for the FreeRADIUS server project.
+%endif
+
+%package krb5
+Summary: Kerberos 5 support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: krb5-libs
+BuildRequires: krb5-devel
+
+%description krb5
+This plugin provides Kerberos 5 support for the FreeRADIUS server project.
+
+%package perl
+Summary: Perl support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
+%{?fedora:BuildRequires: perl-devel}
+%if 0%{?rhel} <= 5
+BuildRequires: perl
+%endif
+%if 0%{?rhel} >= 6
+BuildRequires: perl-devel
+%endif
+BuildRequires: perl(ExtUtils::Embed)
+
+%description perl
+This plugin provides Perl support for the FreeRADIUS server project.
+
+%if %{?el6:0}%{!?el6:1}
+%package python
+Summary: Python support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+%{?fedora:Requires: python2}
+%{?fedora:BuildRequires: python2-devel}
+%if 0%{?rhel} <= 7
+Requires: python
+BuildRequires: python-devel
+%endif
+%if 0%{?rhel} == 8
+Requires: python2
+Requires: python3
+BuildRequires: python2-devel
+BuildRequires: python3-devel
+%endif
+%if 0%{?rhel} >= 9
+Requires: python3
+BuildRequires: python3-devel
+%endif
+
+%description python
+This plugin provides Python support for the FreeRADIUS server project.
+%endif
+
+%package mysql
+Summary: MySQL support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+%if 0%{?rhel} <= 7
+Requires: mysql
+%endif
+%if 0%{?rhel} >= 8
+Requires: mysql-libs
+%endif
+BuildRequires: mysql-devel
+
+%description mysql
+This plugin provides MySQL support for the FreeRADIUS server project.
+
+%package postgresql
+Summary: PostgreSQL support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: postgresql
+BuildRequires: postgresql-devel
+
+%description postgresql
+This plugin provides PostgreSQL support for the FreeRADIUS server project.
+
+%package sqlite
+Summary: SQLite support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: sqlite
+BuildRequires: sqlite-devel
+
+%description sqlite
+This plugin provides SQLite support for the FreeRADIUS server project.
+
+%package unixODBC
+Summary: unixODBC support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: unixODBC
+BuildRequires: unixODBC-devel
+
+%description unixODBC
+This plugin provides unixODBC support for the FreeRADIUS server project.
+
+%package freetds
+Summary: FreeTDS support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: freetds
+BuildRequires: freetds-devel
+
+%description freetds
+This plugin provides FreeTDS support for the FreeRADIUS server project.
+
+%if %{?_with_rlm_sql_oracle:1}%{!?_with_rlm_sql_oracle:0}
+%package oracle
+Summary: Oracle support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: oracle-instantclient11.2
+BuildRequires: oracle-instantclient11.2-devel
+
+%description oracle
+This plugin provides Oracle support for the FreeRADIUS server project.
+
+%ifarch x86_64
+%global oracle_include_dir /usr/include/oracle/11.2/client64
+%global oracle_lib_dir %{_prefix}/lib/oracle/11.2/client64/lib
+%endif
+%ifarch i386
+%global oracle_include_dir /usr/include/oracle/11.2/client
+%global oracle_lib_dir %{_prefix}/lib/oracle/11.2/client/lib
+%endif
+%endif
+
+%if %{?el6:0}%{!?el6:1}
+%package redis
+Summary: Redis support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: hiredis
+BuildRequires: hiredis-devel
+
+%description redis
+This plugin provides Redis support for the FreeRADIUS server project.
+%endif
+
+%package rest
+Summary: REST and JSON support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: json-c >= 0.10
+BuildRequires: json-c-devel >= 0.10
+
+%description rest
+This plugin provides REST support for the FreeRADIUS server project.
+
+%if %{?_with_rlm_ruby:1}%{!?_with_rlm_ruby:0}
+%package ruby
+Summary: Ruby support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: ruby
+BuildRequires: ruby ruby-devel
+
+%description ruby
+This plugin provides Ruby support for the FreeRADIUS server project.
+%endif
+
+%if %{?_with_rlm_yubikey:1}%{!?_with_rlm_yubikey:0}
+%package yubikey
+Summary: YubiCloud support for FreeRADIUS
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+Requires: ykclient >= 2.10
+BuildRequires: ykclient-devel >= 2.10
+
+%description yubikey
+This plugin provides YubiCloud support for the FreeRADIUS server project.
+%endif
+
+
+%prep
+%setup -q -n freeradius-server-%{version}
+# Some source files mistakenly have execute permissions set
+find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} +
+
+
+%build
+# Retain CFLAGS from the environment...
+%if %{?_with_developer:1}%{!?_with_developer:0}
+export CFLAGS="$CFLAGS -fpic"
+export CXXFLAGS="$CFLAGS"
+%endif
+
+# Need to pass these explicitly for clang, else rpmbuilder bails when trying to extract debug info from
+# the libraries. Guessing GCC does this by default. Why use clang over gcc? The version of clang
+# which ships with RHEL 6 has basic C11 support, gcc doesn't.
+export LDFLAGS="-Wl,--build-id"
+
+%configure \
+ --libdir=%{_libdir}/freeradius \
+ --sysconfdir=%{_sysconfdir} \
+ --disable-ltdl-install \
+ --with-gnu-ld \
+ --with-threads \
+ --with-thread-pool \
+ --with-docdir=%{docdir} \
+%if %{!?_without_ldap:1}%{?_without_ldap:0}
+ --with-rlm-ldap-include-dir=/usr/local/openldap/include \
+ --with-rlm-ldap-lib-dir=/usr/local/openldap/lib64 \
+%endif
+ --with-rlm-sql_postgresql-include-dir=/usr/include/pgsql \
+ --with-rlm-sql-postgresql-lib-dir=%{_libdir} \
+ --with-rlm-sql_mysql-include-dir=/usr/include/mysql \
+ --with-mysql-lib-dir=%{_libdir}/mysql \
+ --with-unixodbc-lib-dir=%{_libdir} \
+ --with-rlm-dbm-lib-dir=%{_libdir} \
+ --with-rlm-krb5-include-dir=/usr/kerberos/include \
+ --without-rlm_eap_ikev2 \
+ --without-rlm_sql_iodbc \
+ --without-rlm_sql_firebird \
+ --without-rlm_sql_db2 \
+ --without-rlm_sql_mongo \
+ --with-jsonc-lib-dir=%{_libdir} \
+ --with-jsonc-include-dir=/usr/include/json \
+ --with-winbind-include-dir=/usr/include/samba-4.0 \
+ --with-winbind-lib-dir=/usr/lib64/samba \
+ --with-systemd \
+ %{?_with_rlm_yubikey} \
+ %{?_without_rlm_yubikey} \
+ %{?_with_rlm_sql_oracle} \
+ %{?_with_rlm_sql_oracle: --with-oracle-include-dir=%{oracle_include_dir}} \
+ %{?_with_rlm_sql_oracle: --with-oracle-lib-dir=%{oracle_lib_dir}} \
+ %{?_without_rlm_sql_oracle} \
+ %{?_with_experimental_modules} \
+ %{?_without_experimental_modules} \
+ %{?_without_rlm_eap_pwd} \
+ %{?_without_rlm_eap_tnc} \
+ %{?_with_rlm_idn} \
+ %{?_without_rlm_idn} \
+ %{?_with_rlm_opendirectory} \
+ %{?_without_rlm_opendirectory} \
+ %{?_with_rlm_securid} \
+ %{?_without_rlm_securid} \
+ %{?_with_rlm_ruby} \
+ %{?_without_rlm_ruby} \
+ %{?_with_rlm_cache_memcached} \
+ %{?_without_rlm_cache_memcached} \
+ %{?_without_libwbclient} \
+ %{?_without_libfreeradius_ldap} \
+# --with-modules="rlm_wimax" \
+
+make %_smp_mflags
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT/var/run/radiusd
+mkdir -p $RPM_BUILD_ROOT/var/lib/radiusd
+make install R=$RPM_BUILD_ROOT
+# modify default configuration
+RADDB=$RPM_BUILD_ROOT%{_sysconfdir}/raddb
+perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf
+perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf
+# logs
+mkdir -p $RPM_BUILD_ROOT/var/log/radius/radacct
+touch $RPM_BUILD_ROOT/var/log/radius/{radutmp,radius.log}
+install -m 755 scripts/raduat $RPM_BUILD_ROOT/%{_bindir}/raduat
+
+# For systemd based systems, that define _unitdir, install the radiusd unit
+%if %{?_unitdir:1}%{!?_unitdir:0}
+install -D -m 755 redhat/radiusd.service $RPM_BUILD_ROOT/%{_unitdir}/radiusd.service
+install -D -m 644 %{SOURCE104} $RPM_BUILD_ROOT/%{_prefix}/lib/tmpfiles.d/radiusd.conf
+# For SystemV install the init script
+%else
+install -D -m 755 redhat/freeradius-radiusd-init $RPM_BUILD_ROOT/%{initddir}/radiusd
+%endif
+
+install -D -m 644 redhat/freeradius-logrotate $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/radiusd
+install -D -m 644 redhat/freeradius-pam-conf $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/radiusd
+
+# remove unneeded stuff
+rm -rf doc/00-OLD
+rm -f $RPM_BUILD_ROOT/usr/sbin/rc.radiusd
+rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.a
+rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.la
+%if %{?_with_rlm_idn:0}%{!?_with_rlm_idn:1}
+# Does not delete file. Why?
+rm -f $RPM_BUILD_ROOT/%{_mandir}/man5/rlm_idn.5.gz
+rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/idn
+%endif
+%if %{?_with_rlm_ruby:0}%{!?_with_rlm_ruby:1}
+rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/ruby
+%endif
+%if %{?_with_rlm_sql_oracle:0}%{!?_with_rlm_sql_oracle:1}
+rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/sql/dhcp/oracle
+rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/sql/ippool/oracle
+rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle
+rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/sql/main/oracle
+%endif
+%if %{?_with_rlm_unbound:0}%{!?_with_rlm_unbound:1}
+rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/unbound
+%endif
+rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/rlm_test.so
+# remove header files, we don't ship a devel package and the
+# headers have multilib conflicts
+rm -rf $RPM_BUILD_ROOT/%{_includedir}
+
+# remove unsupported config files
+rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/experimental.conf
+rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/unbound
+rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/sql/ippool/mongo
+rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/sql/main/mongo
+
+# install doc files omitted by standard install
+for f in COPYRIGHT CREDITS INSTALL.rst README.rst; do
+ cp $f $RPM_BUILD_ROOT/%{docdir}
+done
+cp LICENSE $RPM_BUILD_ROOT/%{docdir}/LICENSE.gpl
+cp src/lib/LICENSE $RPM_BUILD_ROOT/%{docdir}/LICENSE.lgpl
+cp src/LICENSE.openssl $RPM_BUILD_ROOT/%{docdir}/LICENSE.openssl
+
+# add Red Hat specific documentation
+cat >> $RPM_BUILD_ROOT/%{docdir}/REDHAT << EOF
+
+Red Hat, RHEL, Fedora, and CentOS specific information can be found on the
+FreeRADIUS Wiki in the Red Hat FAQ.
+
+http://wiki.freeradius.org/guide/Red_Hat_FAQ
+
+Please reference that document.
+
+EOF
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+# Make sure our user/group is present prior to any package or subpackage installation
+%pre
+getent group radiusd >/dev/null || /usr/sbin/groupadd -r -g 95 radiusd
+getent passwd radiusd >/dev/null || /usr/sbin/useradd -r -g radiusd -u 95 -c "radiusd user" -s /sbin/nologin radiusd > /dev/null 2>&1
+exit 0
+
+# Make sure our user/group is present prior to any package or subpackage installation
+%pre config
+getent group radiusd >/dev/null || /usr/sbin/groupadd -r -g 95 radiusd
+getent passwd radiusd >/dev/null || /usr/sbin/useradd -r -g radiusd -u 95 -c "radiusd user" -s /sbin/nologin radiusd > /dev/null 2>&1
+exit 0
+
+
+%post
+if [ $1 = 1 ]; then
+%if %{?_unitdir:1}%{!?_unitdir:0}
+ /bin/systemctl enable radiusd.service
+%else
+ /sbin/chkconfig --add radiusd
+%endif
+fi
+
+%post config
+if [ $1 = 1 ]; then
+ if [ ! -e %{_sysconfdir}/raddb/certs/server.pem ]; then
+ /sbin/runuser -g radiusd -c 'umask 007; %{_sysconfdir}/raddb/certs/bootstrap' > /dev/null 2>&1 || :
+ fi
+fi
+
+
+%preun
+if [ $1 = 0 ]; then
+%if %{?_unitdir:1}%{!?_unitdir:0}
+ /bin/systemctl stop radiusd.service || :
+ /bin/systemctl disable radiusd.service || :
+%else
+ /sbin/chkconfig --del radiusd
+%endif
+fi
+
+%postun
+if [ $1 -ge 1 ]; then
+ /sbin/service radiusd condrestart >/dev/null 2>&1 || :
+fi
+
+
+%files
+%defattr(-,root,root)
+%doc %{docdir}/
+%config(noreplace) %{_sysconfdir}/pam.d/radiusd
+%config(noreplace) %{_sysconfdir}/logrotate.d/radiusd
+
+%if %{?_unitdir:1}%{!?_unitdir:0}
+%{_unitdir}/radiusd.service
+%config(noreplace) %{_prefix}/lib/tmpfiles.d/radiusd.conf
+%else
+%{initddir}/radiusd
+%endif
+
+%dir %attr(755,radiusd,radiusd) /var/lib/radiusd
+%dir %attr(755,radiusd,radiusd) /var/run/radiusd/
+# binaries
+%defattr(-,root,root)
+/usr/sbin/checkrad
+/usr/sbin/raddebug
+/usr/sbin/radiusd
+/usr/sbin/radmin
+# man-pages
+%doc %{_mandir}/man1/smbencrypt.1.gz
+%doc %{_mandir}/man5/checkrad.5.gz
+%doc %{_mandir}/man5/clients.conf.5.gz
+%doc %{_mandir}/man5/dictionary.5.gz
+%doc %{_mandir}/man5/radiusd.conf.5.gz
+%doc %{_mandir}/man5/radrelay.conf.5.gz
+%doc %{_mandir}/man5/rlm_always.5.gz
+%doc %{_mandir}/man5/rlm_attr_filter.5.gz
+%doc %{_mandir}/man5/rlm_chap.5.gz
+%doc %{_mandir}/man5/rlm_counter.5.gz
+%doc %{_mandir}/man5/rlm_detail.5.gz
+%doc %{_mandir}/man5/rlm_digest.5.gz
+%doc %{_mandir}/man5/rlm_expr.5.gz
+%doc %{_mandir}/man5/rlm_files.5.gz
+%doc %{_mandir}/man5/rlm_idn.5.gz
+# %%{?_with_rlm_idn: %doc %{_mandir}/man5/rlm_idn.5.gz}
+%doc %{_mandir}/man5/rlm_mschap.5.gz
+%doc %{_mandir}/man5/rlm_pap.5.gz
+%doc %{_mandir}/man5/rlm_passwd.5.gz
+%doc %{_mandir}/man5/rlm_realm.5.gz
+%doc %{_mandir}/man5/rlm_sql.5.gz
+%doc %{_mandir}/man5/rlm_unix.5.gz
+%doc %{_mandir}/man5/unlang.5.gz
+%doc %{_mandir}/man5/users.5.gz
+%doc %{_mandir}/man8/radcrypt.8.gz
+%doc %{_mandir}/man8/raddebug.8.gz
+%doc %{_mandir}/man8/radiusd.8.gz
+%doc %{_mandir}/man8/radmin.8.gz
+%doc %{_mandir}/man8/radrelay.8.gz
+%doc %{_mandir}/man8/radsniff.8.gz
+# dictionaries
+%dir %attr(755,root,root) /usr/share/freeradius
+/usr/share/freeradius/*
+# logs
+%dir %attr(700,radiusd,radiusd) /var/log/radius/
+%dir %attr(700,radiusd,radiusd) /var/log/radius/radacct/
+%ghost %attr(644,radiusd,radiusd) /var/log/radius/radutmp
+%ghost %attr(600,radiusd,radiusd) /var/log/radius/radius.log
+# RADIUS shared libs
+%attr(755,root,root) %{_libdir}/freeradius/lib*.so*
+# RADIUS Loadable Modules
+%dir %attr(755,root,root) %{_libdir}/freeradius
+%{_libdir}/freeradius/proto_dhcp.so
+%{_libdir}/freeradius/proto_vmps.so
+%{_libdir}/freeradius/rlm_always.so
+%{_libdir}/freeradius/rlm_attr_filter.so
+%{_libdir}/freeradius/rlm_cache.so
+%{_libdir}/freeradius/rlm_cache_rbtree.so
+%{_libdir}/freeradius/rlm_chap.so
+%{_libdir}/freeradius/rlm_counter.so
+%{_libdir}/freeradius/rlm_date.so
+%{_libdir}/freeradius/rlm_detail.so
+%{_libdir}/freeradius/rlm_dhcp.so
+%{_libdir}/freeradius/rlm_digest.so
+%{_libdir}/freeradius/rlm_dynamic_clients.so
+%{_libdir}/freeradius/rlm_eap.so
+%{_libdir}/freeradius/rlm_eap_fast.so
+%{_libdir}/freeradius/rlm_eap_gtc.so
+%{_libdir}/freeradius/rlm_eap_md5.so
+%{_libdir}/freeradius/rlm_eap_mschapv2.so
+%{_libdir}/freeradius/rlm_eap_peap.so
+%{_libdir}/freeradius/rlm_eap_sim.so
+%{_libdir}/freeradius/rlm_eap_tls.so
+%{_libdir}/freeradius/rlm_eap_ttls.so
+%{_libdir}/freeradius/rlm_exec.so
+%{_libdir}/freeradius/rlm_expiration.so
+%{_libdir}/freeradius/rlm_expr.so
+%{_libdir}/freeradius/rlm_files.so
+%{_libdir}/freeradius/rlm_ippool.so
+%{_libdir}/freeradius/rlm_linelog.so
+%{_libdir}/freeradius/rlm_logintime.so
+%{_libdir}/freeradius/rlm_mschap.so
+%{_libdir}/freeradius/rlm_pam.so
+%{_libdir}/freeradius/rlm_pap.so
+%{_libdir}/freeradius/rlm_passwd.so
+%{_libdir}/freeradius/rlm_preprocess.so
+%{_libdir}/freeradius/rlm_radutmp.so
+%{_libdir}/freeradius/rlm_realm.so
+%{_libdir}/freeradius/rlm_replicate.so
+%{_libdir}/freeradius/rlm_soh.so
+%{_libdir}/freeradius/rlm_sometimes.so
+%{_libdir}/freeradius/rlm_sql.so
+%{_libdir}/freeradius/rlm_sql_null.so
+%{_libdir}/freeradius/rlm_sql_sqlite.so
+%{_libdir}/freeradius/rlm_sqlcounter.so
+%{_libdir}/freeradius/rlm_sqlippool.so
+%{_libdir}/freeradius/rlm_sql_map.so
+
+%{_libdir}/freeradius/rlm_totp.so
+%{_libdir}/freeradius/rlm_unpack.so
+%{_libdir}/freeradius/rlm_unix.so
+%{_libdir}/freeradius/rlm_utf8.so
+%{_libdir}/freeradius/rlm_wimax.so
+%{?_with_rlm_idn: %{_libdir}/freeradius/rlm_idn.so}
+%if %{?_with_experimental_modules:1}%{!?_with_experimental_modules:0}
+%{_libdir}/freeradius/rlm_example.so
+%{_libdir}/freeradius/rlm_smsotp.so
+%endif
+
+%files config
+%dir %attr(755,root,radiusd) %{_sysconfdir}/raddb
+%defattr(-,root,radiusd)
+%attr(644,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/dictionary
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/clients.conf
+%config(noreplace) %{_sysconfdir}/raddb/hints
+%config(noreplace) %{_sysconfdir}/raddb/huntgroups
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/panic.gdb
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/README.rst
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/proxy.conf
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/radiusd.conf
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/trigger.conf
+%config(noreplace) %{_sysconfdir}/raddb/users
+%dir %attr(770,root,radiusd) %{_sysconfdir}/raddb/certs
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/certs/*
+%attr(750,root,radiusd) %{_sysconfdir}/raddb/certs/bootstrap
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-available
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-enabled
+%config(noreplace) %{_sysconfdir}/raddb/sites-enabled/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/policy.d
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/policy.d/*
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/templates.conf
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-available
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/README.rst
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/attr_filter
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/attr_filter/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/files
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/files/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/perl
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/perl/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/preprocess
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/preprocess/*
+%if %{?el6:0}%{!?el6:1}
+%if 0%{?rhel} <= 8
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/python/*
+%endif
+%if 0%{?rhel} >= 8
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python3
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/python3/*
+%endif
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/realm
+%attr(-,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/realm/*
+%endif
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-enabled
+%config(noreplace) %{_sysconfdir}/raddb/mods-enabled/*
+# ruby
+%if %{?_with_rlm_ruby:1}%{!?_with_rlm_ruby:0}
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/ruby
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/ruby/*
+%endif
+#
+# sql - general
+#
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/counter
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/cui
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/dhcp
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids
+#
+# mysql
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/counter/mysql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/mysql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/cui/mysql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/cui/mysql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/dhcp/mysql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/dhcp/mysql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/mysql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/mysql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/mysql/extras
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/mysql/extras/wimax
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/mysql/extras/wimax/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/ndb
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/ndb/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/mysql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/mysql/*
+#
+# postgres
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/counter/postgresql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/postgresql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/cui/postgresql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/cui/postgresql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/dhcp/postgresql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/dhcp/postgresql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/postgresql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/postgresql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/postgresql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/postgresql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/postgresql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/postgresql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/postgresql/extras
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/postgresql/extras/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/postgresql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/postgresql/*
+#
+# sqlite
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/counter/sqlite
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/sqlite/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/cui/sqlite
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/cui/sqlite/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/dhcp/sqlite
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/dhcp/sqlite/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/sqlite
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/sqlite/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/sqlite
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/sqlite/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/sqlite
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/sqlite/*
+#
+# freetds
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/dhcp/mssql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/dhcp/mssql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/mssql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/mssql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mssql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mssql/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/mssql
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/mssql/*
+#
+# oracle
+%if %{?_with_rlm_sql_oracle:1}%{!?_with_rlm_sql_oracle:0}
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/dhcp/oracle
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/dhcp/oracle/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/oracle
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/oracle/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/oracle
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/oracle/*
+%endif
+
+%files utils
+%defattr(-,root,root)
+/usr/bin/dhcpclient
+/usr/bin/map_unit
+/usr/bin/rad_counter
+/usr/bin/radattr
+/usr/bin/radclient
+/usr/bin/radcrypt
+/usr/bin/radeapclient
+/usr/bin/radlast
+/usr/bin/radtest
+/usr/bin/radsniff
+/usr/bin/radsqlrelay
+/usr/bin/raduat
+/usr/bin/radwho
+/usr/bin/radzap
+/usr/bin/rlm_ippool_tool
+/usr/bin/smbencrypt
+# man-pages
+%doc %{_mandir}/man1/dhcpclient.1.gz
+%doc %{_mandir}/man1/rad_counter.1.gz
+%doc %{_mandir}/man1/radclient.1.gz
+%doc %{_mandir}/man1/radeapclient.1.gz
+%doc %{_mandir}/man1/radlast.1.gz
+%doc %{_mandir}/man8/radsqlrelay.8.gz
+%doc %{_mandir}/man1/radtest.1.gz
+%doc %{_mandir}/man1/radwho.1.gz
+%doc %{_mandir}/man1/radzap.1.gz
+%doc %{_mandir}/man8/rlm_ippool_tool.8.gz
+
+%files perl-util
+%defattr(-,root,root)
+/usr/bin/rlm_sqlippool_tool
+#man-pages
+%doc %{_mandir}/man8/rlm_sqlippool_tool.8.gz
+
+%if %{?_with_rlm_cache_memcached:1}%{!?_with_rlm_cache_memcached:0}
+%files memcached
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_cache_memcached.so
+%endif
+
+%files krb5
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_krb5.so
+
+%files perl
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_perl.so
+
+%if %{?el6:0}%{!?el6:1}
+%files python
+%defattr(-,root,root)
+%if 0%{?rhel} <= 8
+%{_libdir}/freeradius/rlm_python.so
+%endif
+%if 0%{?rhel} >= 8
+%{_libdir}/freeradius/rlm_python3.so
+%endif
+%endif
+
+%files mysql
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_sql_mysql.so
+
+%files postgresql
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_sql_postgresql.so
+
+%files sqlite
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_sql_sqlite.so
+
+%if %{!?_without_ldap:1}%{?_without_ldap:0}
+%files ldap
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_ldap.so
+%endif
+
+%files unixODBC
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_sql_unixodbc.so
+
+%if %{?el6:0}%{!?el6:1}
+%files redis
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_redis.so
+%{_libdir}/freeradius/rlm_rediswho.so
+%endif
+
+%files rest
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_rest.so
+%{_libdir}/freeradius/rlm_json.so
+
+%if %{?_with_rlm_ruby:1}%{!?_with_rlm_ruby:0}
+%files ruby
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_ruby.so
+%endif
+
+%files freetds
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_sql_freetds.so
+
+%if %{?_with_rlm_sql_oracle:1}%{!?_with_rlm_sql_oracle:0}
+%files oracle
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_sql_oracle.so
+%endif
+
+%if %{?_with_rlm_yubikey:1}%{!?_with_rlm_yubikey:0}
+%files yubikey
+%defattr(-,root,root)
+%{_libdir}/freeradius/rlm_yubikey.so
+%endif
+
+%changelog
+* Wed Sep 25 2013 Alan DeKok <aland@freeradius.org> - 3.0.0
+- upgrade to latest upstream release
diff --git a/redhat/radiusd-pam b/redhat/radiusd-pam
new file mode 100644
index 0000000..a4dd2b5
--- /dev/null
+++ b/redhat/radiusd-pam
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth required /lib/security/pam_unix_auth.so shadow nullok
+auth required /lib/security/pam_nologin.so
+account required /lib/security/pam_unix_acct.so
+password required /lib/security/pam_cracklib.so
+password required /lib/security/pam_unix_password.so shadow nullok use_authtok
+session required /lib/security/pam_unix_session.so
diff --git a/redhat/radiusd.service b/redhat/radiusd.service
new file mode 100644
index 0000000..ebeee95
--- /dev/null
+++ b/redhat/radiusd.service
@@ -0,0 +1,67 @@
+[Unit]
+Description=FreeRADIUS multi-protocol policy server
+After=network-online.target
+Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/
+
+[Service]
+Type=notify
+WatchdogSec=60
+NotifyAccess=all
+EnvironmentFile=-/etc/sysconfig/radiusd
+
+# FreeRADIUS can do static evaluation of policy language rules based
+# on environmental variables which is very useful for doing per-host
+# customization.
+# Unfortunately systemd does not allow variable substitutions such
+# as %H or $(hostname) in the EnvironmentFile.
+# We provide HOSTNAME here for convenience.
+Environment=HOSTNAME=%H
+
+# Limit memory to 2G this is fine for %99.99 of deployments. FreeRADIUS
+# is not memory hungry, if it's using more than this, then there's probably
+# a leak somewhere.
+MemoryLimit=2G
+
+RuntimeDirectory=radiusd
+RuntimeDirectoryMode=0775
+User=radiusd
+Group=radiusd
+ExecStartPre=/usr/sbin/radiusd $FREERADIUS_OPTIONS -Cx -lstdout
+ExecStart=/usr/sbin/radiusd -f $FREERADIUS_OPTIONS
+Restart=on-failure
+RestartSec=5
+ExecReload=/usr/sbin/radiusd $FREERADIUS_OPTIONS -Cxm -lstdout
+ExecReload=/bin/kill -HUP $MAINPID
+
+# Don't elevate privileges after starting
+NoNewPrivileges=true
+
+# Allow binding to secure ports, broadcast addresses, and raw interfaces.
+#
+# This list of capabilities may not be exhaustive, and needs
+# further testing. Please uncomment, test, and report any issues.
+#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
+
+# Private /tmp that isn't shared by other processes
+PrivateTmp=true
+
+# cgroups are readable only by radiusd, and child processes
+ProtectControlGroups=true
+
+# don't load new kernel modules
+ProtectKernelModules=true
+
+# don't tune kernel parameters
+ProtectKernelTunables=true
+
+# Only allow native system calls
+SystemCallArchitectures=native
+
+# We shouldn't be writing to the configuration directory
+ReadOnlyDirectories=/etc/raddb/
+
+# We can read and write to the log directory.
+ReadWriteDirectories=/var/log/radius/
+
+[Install]
+WantedBy=multi-user.target