diff options
Diffstat (limited to '')
-rw-r--r-- | suse/README.SuSE | 14 | ||||
-rw-r--r-- | suse/freeradius-server-rpmlintrc | 7 | ||||
-rw-r--r-- | suse/freeradius-server-tmpfiles.conf | 1 | ||||
-rw-r--r-- | suse/freeradius.spec | 260 | ||||
-rw-r--r-- | suse/radiusd-logrotate | 68 | ||||
-rw-r--r-- | suse/radiusd-pam | 6 | ||||
-rw-r--r-- | suse/rcradiusd | 138 |
7 files changed, 494 insertions, 0 deletions
diff --git a/suse/README.SuSE b/suse/README.SuSE new file mode 100644 index 0000000..4aab7bd --- /dev/null +++ b/suse/README.SuSE @@ -0,0 +1,14 @@ + +Please note that the radiusd does run as user 'radiusd' and +group 'radiusd' per default after installation. +(/etc/raddb/radiusd.conf) +This was done because of security reasons and is possible with many +authentication types (users, LDAP, SQL ...) + +If you would like to use unix (shadow) authentication (Auth-Type = System) +or PAM (Auth-Type = Pam) you have to change the values to run the daemon +as user/group root: + +user = root +group = root + diff --git a/suse/freeradius-server-rpmlintrc b/suse/freeradius-server-rpmlintrc new file mode 100644 index 0000000..2fe82c7 --- /dev/null +++ b/suse/freeradius-server-rpmlintrc @@ -0,0 +1,7 @@ +#freeradius-server.x86_64: E: dir-or-file-in-var-run (Badness: 900) /var/run/radiusd +#A file or directory in the package is located in /var/run. It's not permitted +#for packages to install files in this directory as it might be created as +#tmpfs during boot. Modify your package to create the necessary files during +#runtime. + +addFilter("dir-or-file-in-var-run") diff --git a/suse/freeradius-server-tmpfiles.conf b/suse/freeradius-server-tmpfiles.conf new file mode 100644 index 0000000..ead7a2f --- /dev/null +++ b/suse/freeradius-server-tmpfiles.conf @@ -0,0 +1 @@ +D /var/run/radiusd 0710 radiusd radiusd - diff --git a/suse/freeradius.spec b/suse/freeradius.spec new file mode 100644 index 0000000..0ace264 --- /dev/null +++ b/suse/freeradius.spec @@ -0,0 +1,260 @@ +Name: freeradius-server +Version: 3.2.1 +Release: 0 +License: GPLv2 ; LGPLv2.1 +Group: Productivity/Networking/Radius/Servers +Provides: radiusd +Provides: freeradius = %{version} +Obsoletes: freeradius < %{version} +Conflicts: radiusd-livingston radiusd-cistron icradius +Url: http://www.freeradius.org/ +Summary: Very Highly Configurable Radius Server +Source: ftp://ftp.freeradius.org/pub/freeradius/%{name}-%{version}.tar.bz2 +Source90: %{name}-rpmlintrc +Source104: %{name}-tmpfiles.conf +PreReq: %{_sbindir}/useradd %{_sbindir}/groupadd +PreReq: perl +PreReq: %insserv_prereq %fillup_prereq +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%define _oracle_support 0 +Requires: %{name}-libs = %{version} +Requires: python +Recommends: logrotate +BuildRequires: db-devel +BuildRequires: gcc-c++ +BuildRequires: gdbm-devel +BuildRequires: glibc-devel +BuildRequires: libtalloc-devel +BuildRequires: openldap2-devel +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: perl +BuildRequires: postgresql-devel +BuildRequires: python-devel +BuildRequires: sed +BuildRequires: unixODBC-devel + + +%if 0%{?suse_version} > 910 +BuildRequires: krb5-devel +%endif +%if 0%{?suse_version} > 930 +BuildRequires: libcom_err +%endif +%if 0%{?suse_version} > 1000 +BuildRequires: libapr1-devel +%endif +%if 0%{?suse_version} > 1020 +BuildRequires: libmysqlclient-devel +%endif +%if 0%{?suse_version} > 1100 +BuildRequires: libpcap-devel +BuildRequires: sqlite3-devel +%endif + + +%description +The FreeRADIUS server has a number of features found in other servers, +and additional features not found in any other server. Rather than +doing a feature by feature comparison, we will simply list the features +of the server, and let you decide if they satisfy your needs. + +Support for RFC and VSA Attributes Additional server configuration +attributes Selecting a particular configuration Authentication methods +Accounting methods + +Authors: +-------- +See http://wiki.freeradius.org/project/Acknowledgements + +%package libs +License: GPLv2 ; LGPLv2.1 +Group: Productivity/Networking/Radius/Servers +Summary: FreeRADIUS shared library + +%description libs +The FreeRADIUS shared library + +Authors: +-------- +See http://wiki.freeradius.org/project/Acknowledgements + +%package utils +License: GPLv2 ; LGPLv2.1 +Group: Productivity/Networking/Radius/Clients +Summary: FreeRADIUS Clients +Requires: %{name}-libs = %{version} + +%description utils +The FreeRADIUS server has a number of features found in other servers +and additional features not found in any other server. Rather than +doing a feature by feature comparison, we will simply list the features +of the server, and let you decide if they satisfy your needs. + +Support for RFC and VSA Attributes Additional server configuration +attributes Selecting a particular configuration Authentication methods + +%package devel +License: GPLv2 ; LGPLv2.1 +Group: Development/Libraries/C and C++ +Summary: FreeRADIUS Development Files (static libs) +Requires: %{name}-libs = %{version} + +%description devel +These are the static libraries for the FreeRADIUS package. + +Authors: +-------- +See http://wiki.freeradius.org/project/Acknowledgements + +%package doc +License: GPLv2 ; LGPLv2.1 +Group: Productivity/Networking/Radius/Servers +Summary: FreeRADIUS Documentation +Requires: %{name} + +%description doc +This package contains FreeRADIUS Documentation + +Authors: +-------- +See http://wiki.freeradius.org/project/Acknowledgements + +%prep +%setup -q + +%build +# This package failed when testing with -Wl,-as-needed being default. +# So we disable it here, if you want to retest, just delete this comment and the line below. +export SUSE_ASNEEDED=0 +export CFLAGS="$RPM_OPT_FLAGS" +%ifarch x86_64 ppc ppc64 s390 s390x +export CFLAGS="$CFLAGS -fPIC -DPIC" +%endif +export LDFLAGS="-pie" +%configure \ + --libdir=%{_libdir}/freeradius \ + --disable-developer \ + --with-experimental-modules \ + --with-udpfromto \ +%if 0%{?suse_version} <= 920 + --without-rlm_sql_mysql \ + --without-rlm_krb5 \ +%endif +%if %{_oracle_support} == 1 + --with-rlm_sql_oracle \ + --with-oracle-lib-dir=%{_libdir}/oracle/10.1.0.3/client/lib/ +%else + --without-rlm_sql_oracle +%endif +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/radiusd +make install R=$RPM_BUILD_ROOT +# modify default configuration +RADDB=$RPM_BUILD_ROOT%{_sysconfdir}/raddb +perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf +perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf +/sbin/ldconfig -n $RPM_BUILD_ROOT%{_libdir}/freeradius +# logs +touch $RPM_BUILD_ROOT%{_localstatedir}/log/radius/radutmp +touch $RPM_BUILD_ROOT%{_localstatedir}/log/radius/radius.log +# SuSE +install -d $RPM_BUILD_ROOT%{_sysconfdir}/pam.d +install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d +install -m 644 suse/radiusd-pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/radiusd +install -m 644 suse/radiusd-logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/freeradius-server +install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/init.d +install -m 744 suse/rcradiusd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/freeradius +ln -sf ../..%{_sysconfdir}/init.d/freeradius $RPM_BUILD_ROOT%{_sbindir}/rcfreeradius +install -d %{buildroot}%{_sysconfdir}/tmpfiles.d +install -m 0644 %{SOURCE104} %{buildroot}%{_sysconfdir}/tmpfiles.d/radiusd.conf +# remove unneeded stuff +rm -rf doc/00-OLD +rm -f $RPM_BUILD_ROOT%{_sbindir}/rc.radiusd +rm -rf $RPM_BUILD_ROOT/usr/share/doc/freeradius* +rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.*a + +%pre +%{_sbindir}/groupadd -r radiusd 2> /dev/null || : +%{_sbindir}/useradd -r -g radiusd -s /bin/false -c "Radius daemon" -d \ + %{_localstatedir}/lib/radiusd radiusd 2> /dev/null || : + +%post +%ifarch x86_64 +# Modify old installs to look for /usr/lib64/freeradius +/usr/bin/perl -i -pe "s:/usr/lib/freeradius:/usr/lib64/freeradius:" /etc/raddb/radiusd.conf +%endif + +# Generate default certificates +/etc/raddb/certs/bootstrap + +%{fillup_and_insserv freeradius} +%if 0%{?suse_version} > 820 + +%preun +%stop_on_removal freeradius +%endif + +%postun +%if 0%{?suse_version} > 820 +%restart_on_update freeradius +%endif +%{insserv_cleanup} + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +# doc +%doc suse/README.SuSE +%doc doc/* LICENSE COPYRIGHT CREDITS README.rst +# SuSE +%{_sysconfdir}/init.d/freeradius +%config %{_sysconfdir}/pam.d/radiusd +%config %{_sysconfdir}/logrotate.d/freeradius-server +%dir %{_sysconfdir}/tmpfiles.d +%config %{_sysconfdir}/tmpfiles.d/radiusd.conf +%dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd +# configs +%defattr(-,root,radiusd) +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb +%config(noreplace) %{_sysconfdir}/raddb/* +%attr(700,radiusd,radiusd) %dir %{_localstatedir}/run/radiusd/ +# binaries +%defattr(-,root,root) +%{_sbindir}/* +# man-pages +%doc %{_mandir}/man1/* +%doc %{_mandir}/man5/* +%doc %{_mandir}/man8/* +# dictionaries +%attr(755,root,root) %dir /usr/share/freeradius +/usr/share/freeradius/* +# logs +%attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/ +%attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/radacct/ +%attr(644,radiusd,radiusd) %{_localstatedir}/log/radius/radutmp +%config(noreplace) %attr(600,radiusd,radiusd) %{_localstatedir}/log/radius/radius.log +# RADIUS Loadable Modules +%attr(755,root,root) %dir %{_libdir}/freeradius +%attr(755,root,root) %{_libdir}/freeradius/rlm_*.so* + +%files utils +%defattr(-,root,root) +/usr/bin/* + +%files libs +# RADIUS shared libs +%attr(755,root,root) %dir %{_libdir}/freeradius +%attr(755,root,root) %{_libdir}/freeradius/lib*.so* +%attr(755,root,root) %{_libdir}/freeradius/proto*.so* + +%files devel +%defattr(-,root,root) +%dir /usr/include/freeradius +%attr(644,root,root) /usr/include/freeradius/*.h diff --git a/suse/radiusd-logrotate b/suse/radiusd-logrotate new file mode 100644 index 0000000..5ebfcf3 --- /dev/null +++ b/suse/radiusd-logrotate @@ -0,0 +1,68 @@ +# +# You can use this to rotate the /var/log/radius/* files, simply copy +# it to /etc/logrotate.d/radiusd +# + +# +# The main server log +# +/var/log/radius/radius.log { + # Common options + dateext + maxage 365 + rotate 99 + missingok + compress + delaycompress + notifempty + su radiusd radiusd + + copytruncate +} + + +# +# Session monitoring utilities and SQL log files (in order) +# +/var/log/radius/checkrad.log /var/log/radius/radwatch.log +/var/log/radius/sqllog.sql +{ + # Common options + dateext + maxage 365 + rotate 99 + missingok + compress + delaycompress + notifempty + su radiusd radiusd + + nocreate + size=+2048k +} + + +# +# There are different detail-rotating strategies you can use. One is +# to write to a single detail file per IP and use the rotate config +# below. Another is to write to a daily detail file per IP with: +# +# detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail +# +# (or similar) in radiusd.conf, without rotation. If you go with the +# second technique, you will need another cron job that removes old +# detail files. You do not need to comment out the below for method #2. +# +/var/log/radius/radacct/*/detail { + # Common options + dateext + maxage 365 + rotate 99 + missingok + compress + delaycompress + notifempty + su radiusd radiusd + + nocreate +} diff --git a/suse/radiusd-pam b/suse/radiusd-pam new file mode 100644 index 0000000..6b70db4 --- /dev/null +++ b/suse/radiusd-pam @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth requisite pam_nologin.so +auth include common-auth +account include common-account +password include common-password +session include common-session diff --git a/suse/rcradiusd b/suse/rcradiusd new file mode 100644 index 0000000..cb73614 --- /dev/null +++ b/suse/rcradiusd @@ -0,0 +1,138 @@ +#! /bin/sh +# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany. +# 2002, 2003 SuSE Linux AG, Nuernberg, Germany. +# +# Author: Wolfgang Rosenauer, 2000-2003 +# +# /etc/init.d/radiusd +# +# and symbolic its link +# +# /usr/bin/rcradiusd +# +### BEGIN INIT INFO +# Provides: radiusd +# Required-Start: $network $syslog $remotefs +# Should-Start: $time ypbind smtp +# Required-Stop: $syslog $remote_fs +# Should-Stop: ypbind smtp +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Short-Description: RADIUS-Server +# Description: Remote Authentication Dialin User Server +### END INIT INFO + +. /etc/init.d/functions + +prog=radiusd + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +exec=${exec:=/usr/sbin/$prog} +config_dir=${config_dir:=/etc/raddb} + +test -x "$exec" || { echo "$exec not installed"; \ + if [ "$1" = "stop" ]; then exit 0; + else exit 5; fi; } + +configtest() { + echo -n "Checking $prog configuration " + out=`$exec -Cxl stdout -d $config_dir`; retval=$? + out=`echo "${out}" | tail -n 1 | sed 's/^\s*ERROR:\s*\(.*\)\s*$/\1/'` + + [ $retval -ne 0 ] && echo "$out" 1>&2 + + return $retval +} + +rc_reset +case "$1" in + start) + configtest || { rc_failed 150; rc_exit; } + echo -n "Starting RADIUS daemon " + startproc $exec >/dev/null + rc_status -v + ;; + + stop) + echo -n "Shutting down RADIUS daemon " + killproc -TERM $exec + rc_status -v + ;; + + try-restart|condrestart) + # If first returns OK call the second, if first or second command fails, set echo return value. + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if [ $? = 0 ] ; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + rc_status + ;; + + restart) + # Stop the service and regardless of whether it was running or not, start it again. + configtest || { rc_failed 150; rc_exit; } + $0 stop + $0 start + rc_status + ;; + + force-reload) + # Signal the daemon to reload its config. Most daemons o this on signal 1 (SIGHUP). + # If it does not support it, restart. + configtest || { rc_failed 150; rc_exit; } + echo -n "Reload RADIUS daemon " + killproc -HUP $exec + rc_status -v + ;; + + reload) + # Like force-reload, but if daemon does not support signalling, do nothing (!) + configtest || { rc_failed 150; rc_exit; } + echo -n "Reload RADIUS daemon " + killproc -HUP $exec + rc_status -v + ;; + + status) + echo -n "Checking for service radiusd " + checkproc $exec + rc_status -v + ;; + + configtest|testconfig) + configtest + rc_status -v + ;; + + debug) + $0 status + if [ $? -eq 0 ]; then + echo -n "$prog already running; for live debugging see raddebug(8)" + exit 151 + fi + $exec -X -d "$config_dir" || exit $? + exit 0 + ;; + + debug-threaded) + $0 status + if [ $? -eq 0 ]; then + echo -n "$prog already running; for live debugging see raddebug(8)" + exit 151 + fi + $exec -f -xx -l stdout -d "$config_dir" || exit $? + exit 0 + ;; + + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|configtest|debug|debug-threaded}" + exit 1 + ;; +esac +rc_exit |