summaryrefslogtreecommitdiffstats
path: root/suse
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--suse/README.SuSE14
-rw-r--r--suse/freeradius-server-rpmlintrc7
-rw-r--r--suse/freeradius-server-tmpfiles.conf1
-rw-r--r--suse/freeradius.spec260
-rw-r--r--suse/radiusd-logrotate68
-rw-r--r--suse/radiusd-pam6
-rw-r--r--suse/rcradiusd138
7 files changed, 494 insertions, 0 deletions
diff --git a/suse/README.SuSE b/suse/README.SuSE
new file mode 100644
index 0000000..4aab7bd
--- /dev/null
+++ b/suse/README.SuSE
@@ -0,0 +1,14 @@
+
+Please note that the radiusd does run as user 'radiusd' and
+group 'radiusd' per default after installation.
+(/etc/raddb/radiusd.conf)
+This was done because of security reasons and is possible with many
+authentication types (users, LDAP, SQL ...)
+
+If you would like to use unix (shadow) authentication (Auth-Type = System)
+or PAM (Auth-Type = Pam) you have to change the values to run the daemon
+as user/group root:
+
+user = root
+group = root
+
diff --git a/suse/freeradius-server-rpmlintrc b/suse/freeradius-server-rpmlintrc
new file mode 100644
index 0000000..2fe82c7
--- /dev/null
+++ b/suse/freeradius-server-rpmlintrc
@@ -0,0 +1,7 @@
+#freeradius-server.x86_64: E: dir-or-file-in-var-run (Badness: 900) /var/run/radiusd
+#A file or directory in the package is located in /var/run. It's not permitted
+#for packages to install files in this directory as it might be created as
+#tmpfs during boot. Modify your package to create the necessary files during
+#runtime.
+
+addFilter("dir-or-file-in-var-run")
diff --git a/suse/freeradius-server-tmpfiles.conf b/suse/freeradius-server-tmpfiles.conf
new file mode 100644
index 0000000..ead7a2f
--- /dev/null
+++ b/suse/freeradius-server-tmpfiles.conf
@@ -0,0 +1 @@
+D /var/run/radiusd 0710 radiusd radiusd -
diff --git a/suse/freeradius.spec b/suse/freeradius.spec
new file mode 100644
index 0000000..0ace264
--- /dev/null
+++ b/suse/freeradius.spec
@@ -0,0 +1,260 @@
+Name: freeradius-server
+Version: 3.2.1
+Release: 0
+License: GPLv2 ; LGPLv2.1
+Group: Productivity/Networking/Radius/Servers
+Provides: radiusd
+Provides: freeradius = %{version}
+Obsoletes: freeradius < %{version}
+Conflicts: radiusd-livingston radiusd-cistron icradius
+Url: http://www.freeradius.org/
+Summary: Very Highly Configurable Radius Server
+Source: ftp://ftp.freeradius.org/pub/freeradius/%{name}-%{version}.tar.bz2
+Source90: %{name}-rpmlintrc
+Source104: %{name}-tmpfiles.conf
+PreReq: %{_sbindir}/useradd %{_sbindir}/groupadd
+PreReq: perl
+PreReq: %insserv_prereq %fillup_prereq
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
+%define _oracle_support 0
+Requires: %{name}-libs = %{version}
+Requires: python
+Recommends: logrotate
+BuildRequires: db-devel
+BuildRequires: gcc-c++
+BuildRequires: gdbm-devel
+BuildRequires: glibc-devel
+BuildRequires: libtalloc-devel
+BuildRequires: openldap2-devel
+BuildRequires: openssl
+BuildRequires: openssl-devel
+BuildRequires: pam-devel
+BuildRequires: perl
+BuildRequires: postgresql-devel
+BuildRequires: python-devel
+BuildRequires: sed
+BuildRequires: unixODBC-devel
+
+
+%if 0%{?suse_version} > 910
+BuildRequires: krb5-devel
+%endif
+%if 0%{?suse_version} > 930
+BuildRequires: libcom_err
+%endif
+%if 0%{?suse_version} > 1000
+BuildRequires: libapr1-devel
+%endif
+%if 0%{?suse_version} > 1020
+BuildRequires: libmysqlclient-devel
+%endif
+%if 0%{?suse_version} > 1100
+BuildRequires: libpcap-devel
+BuildRequires: sqlite3-devel
+%endif
+
+
+%description
+The FreeRADIUS server has a number of features found in other servers,
+and additional features not found in any other server. Rather than
+doing a feature by feature comparison, we will simply list the features
+of the server, and let you decide if they satisfy your needs.
+
+Support for RFC and VSA Attributes Additional server configuration
+attributes Selecting a particular configuration Authentication methods
+Accounting methods
+
+Authors:
+--------
+See http://wiki.freeradius.org/project/Acknowledgements
+
+%package libs
+License: GPLv2 ; LGPLv2.1
+Group: Productivity/Networking/Radius/Servers
+Summary: FreeRADIUS shared library
+
+%description libs
+The FreeRADIUS shared library
+
+Authors:
+--------
+See http://wiki.freeradius.org/project/Acknowledgements
+
+%package utils
+License: GPLv2 ; LGPLv2.1
+Group: Productivity/Networking/Radius/Clients
+Summary: FreeRADIUS Clients
+Requires: %{name}-libs = %{version}
+
+%description utils
+The FreeRADIUS server has a number of features found in other servers
+and additional features not found in any other server. Rather than
+doing a feature by feature comparison, we will simply list the features
+of the server, and let you decide if they satisfy your needs.
+
+Support for RFC and VSA Attributes Additional server configuration
+attributes Selecting a particular configuration Authentication methods
+
+%package devel
+License: GPLv2 ; LGPLv2.1
+Group: Development/Libraries/C and C++
+Summary: FreeRADIUS Development Files (static libs)
+Requires: %{name}-libs = %{version}
+
+%description devel
+These are the static libraries for the FreeRADIUS package.
+
+Authors:
+--------
+See http://wiki.freeradius.org/project/Acknowledgements
+
+%package doc
+License: GPLv2 ; LGPLv2.1
+Group: Productivity/Networking/Radius/Servers
+Summary: FreeRADIUS Documentation
+Requires: %{name}
+
+%description doc
+This package contains FreeRADIUS Documentation
+
+Authors:
+--------
+See http://wiki.freeradius.org/project/Acknowledgements
+
+%prep
+%setup -q
+
+%build
+# This package failed when testing with -Wl,-as-needed being default.
+# So we disable it here, if you want to retest, just delete this comment and the line below.
+export SUSE_ASNEEDED=0
+export CFLAGS="$RPM_OPT_FLAGS"
+%ifarch x86_64 ppc ppc64 s390 s390x
+export CFLAGS="$CFLAGS -fPIC -DPIC"
+%endif
+export LDFLAGS="-pie"
+%configure \
+ --libdir=%{_libdir}/freeradius \
+ --disable-developer \
+ --with-experimental-modules \
+ --with-udpfromto \
+%if 0%{?suse_version} <= 920
+ --without-rlm_sql_mysql \
+ --without-rlm_krb5 \
+%endif
+%if %{_oracle_support} == 1
+ --with-rlm_sql_oracle \
+ --with-oracle-lib-dir=%{_libdir}/oracle/10.1.0.3/client/lib/
+%else
+ --without-rlm_sql_oracle
+%endif
+make %{?_smp_mflags}
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/radiusd
+make install R=$RPM_BUILD_ROOT
+# modify default configuration
+RADDB=$RPM_BUILD_ROOT%{_sysconfdir}/raddb
+perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf
+perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf
+/sbin/ldconfig -n $RPM_BUILD_ROOT%{_libdir}/freeradius
+# logs
+touch $RPM_BUILD_ROOT%{_localstatedir}/log/radius/radutmp
+touch $RPM_BUILD_ROOT%{_localstatedir}/log/radius/radius.log
+# SuSE
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/pam.d
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
+install -m 644 suse/radiusd-pam $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/radiusd
+install -m 644 suse/radiusd-logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/freeradius-server
+install -d -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/init.d
+install -m 744 suse/rcradiusd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/freeradius
+ln -sf ../..%{_sysconfdir}/init.d/freeradius $RPM_BUILD_ROOT%{_sbindir}/rcfreeradius
+install -d %{buildroot}%{_sysconfdir}/tmpfiles.d
+install -m 0644 %{SOURCE104} %{buildroot}%{_sysconfdir}/tmpfiles.d/radiusd.conf
+# remove unneeded stuff
+rm -rf doc/00-OLD
+rm -f $RPM_BUILD_ROOT%{_sbindir}/rc.radiusd
+rm -rf $RPM_BUILD_ROOT/usr/share/doc/freeradius*
+rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.*a
+
+%pre
+%{_sbindir}/groupadd -r radiusd 2> /dev/null || :
+%{_sbindir}/useradd -r -g radiusd -s /bin/false -c "Radius daemon" -d \
+ %{_localstatedir}/lib/radiusd radiusd 2> /dev/null || :
+
+%post
+%ifarch x86_64
+# Modify old installs to look for /usr/lib64/freeradius
+/usr/bin/perl -i -pe "s:/usr/lib/freeradius:/usr/lib64/freeradius:" /etc/raddb/radiusd.conf
+%endif
+
+# Generate default certificates
+/etc/raddb/certs/bootstrap
+
+%{fillup_and_insserv freeradius}
+%if 0%{?suse_version} > 820
+
+%preun
+%stop_on_removal freeradius
+%endif
+
+%postun
+%if 0%{?suse_version} > 820
+%restart_on_update freeradius
+%endif
+%{insserv_cleanup}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(-,root,root)
+# doc
+%doc suse/README.SuSE
+%doc doc/* LICENSE COPYRIGHT CREDITS README.rst
+# SuSE
+%{_sysconfdir}/init.d/freeradius
+%config %{_sysconfdir}/pam.d/radiusd
+%config %{_sysconfdir}/logrotate.d/freeradius-server
+%dir %{_sysconfdir}/tmpfiles.d
+%config %{_sysconfdir}/tmpfiles.d/radiusd.conf
+%dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd
+# configs
+%defattr(-,root,radiusd)
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb
+%config(noreplace) %{_sysconfdir}/raddb/*
+%attr(700,radiusd,radiusd) %dir %{_localstatedir}/run/radiusd/
+# binaries
+%defattr(-,root,root)
+%{_sbindir}/*
+# man-pages
+%doc %{_mandir}/man1/*
+%doc %{_mandir}/man5/*
+%doc %{_mandir}/man8/*
+# dictionaries
+%attr(755,root,root) %dir /usr/share/freeradius
+/usr/share/freeradius/*
+# logs
+%attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/
+%attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/radacct/
+%attr(644,radiusd,radiusd) %{_localstatedir}/log/radius/radutmp
+%config(noreplace) %attr(600,radiusd,radiusd) %{_localstatedir}/log/radius/radius.log
+# RADIUS Loadable Modules
+%attr(755,root,root) %dir %{_libdir}/freeradius
+%attr(755,root,root) %{_libdir}/freeradius/rlm_*.so*
+
+%files utils
+%defattr(-,root,root)
+/usr/bin/*
+
+%files libs
+# RADIUS shared libs
+%attr(755,root,root) %dir %{_libdir}/freeradius
+%attr(755,root,root) %{_libdir}/freeradius/lib*.so*
+%attr(755,root,root) %{_libdir}/freeradius/proto*.so*
+
+%files devel
+%defattr(-,root,root)
+%dir /usr/include/freeradius
+%attr(644,root,root) /usr/include/freeradius/*.h
diff --git a/suse/radiusd-logrotate b/suse/radiusd-logrotate
new file mode 100644
index 0000000..5ebfcf3
--- /dev/null
+++ b/suse/radiusd-logrotate
@@ -0,0 +1,68 @@
+#
+# You can use this to rotate the /var/log/radius/* files, simply copy
+# it to /etc/logrotate.d/radiusd
+#
+
+#
+# The main server log
+#
+/var/log/radius/radius.log {
+ # Common options
+ dateext
+ maxage 365
+ rotate 99
+ missingok
+ compress
+ delaycompress
+ notifempty
+ su radiusd radiusd
+
+ copytruncate
+}
+
+
+#
+# Session monitoring utilities and SQL log files (in order)
+#
+/var/log/radius/checkrad.log /var/log/radius/radwatch.log
+/var/log/radius/sqllog.sql
+{
+ # Common options
+ dateext
+ maxage 365
+ rotate 99
+ missingok
+ compress
+ delaycompress
+ notifempty
+ su radiusd radiusd
+
+ nocreate
+ size=+2048k
+}
+
+
+#
+# There are different detail-rotating strategies you can use. One is
+# to write to a single detail file per IP and use the rotate config
+# below. Another is to write to a daily detail file per IP with:
+#
+# detailfile = ${radacctdir}/%{Client-IP-Address}/%Y%m%d-detail
+#
+# (or similar) in radiusd.conf, without rotation. If you go with the
+# second technique, you will need another cron job that removes old
+# detail files. You do not need to comment out the below for method #2.
+#
+/var/log/radius/radacct/*/detail {
+ # Common options
+ dateext
+ maxage 365
+ rotate 99
+ missingok
+ compress
+ delaycompress
+ notifempty
+ su radiusd radiusd
+
+ nocreate
+}
diff --git a/suse/radiusd-pam b/suse/radiusd-pam
new file mode 100644
index 0000000..6b70db4
--- /dev/null
+++ b/suse/radiusd-pam
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth requisite pam_nologin.so
+auth include common-auth
+account include common-account
+password include common-password
+session include common-session
diff --git a/suse/rcradiusd b/suse/rcradiusd
new file mode 100644
index 0000000..cb73614
--- /dev/null
+++ b/suse/rcradiusd
@@ -0,0 +1,138 @@
+#! /bin/sh
+# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany.
+# 2002, 2003 SuSE Linux AG, Nuernberg, Germany.
+#
+# Author: Wolfgang Rosenauer, 2000-2003
+#
+# /etc/init.d/radiusd
+#
+# and symbolic its link
+#
+# /usr/bin/rcradiusd
+#
+### BEGIN INIT INFO
+# Provides: radiusd
+# Required-Start: $network $syslog $remotefs
+# Should-Start: $time ypbind smtp
+# Required-Stop: $syslog $remote_fs
+# Should-Stop: ypbind smtp
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Short-Description: RADIUS-Server
+# Description: Remote Authentication Dialin User Server
+### END INIT INFO
+
+. /etc/init.d/functions
+
+prog=radiusd
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+exec=${exec:=/usr/sbin/$prog}
+config_dir=${config_dir:=/etc/raddb}
+
+test -x "$exec" || { echo "$exec not installed"; \
+ if [ "$1" = "stop" ]; then exit 0;
+ else exit 5; fi; }
+
+configtest() {
+ echo -n "Checking $prog configuration "
+ out=`$exec -Cxl stdout -d $config_dir`; retval=$?
+ out=`echo "${out}" | tail -n 1 | sed 's/^\s*ERROR:\s*\(.*\)\s*$/\1/'`
+
+ [ $retval -ne 0 ] && echo "$out" 1>&2
+
+ return $retval
+}
+
+rc_reset
+case "$1" in
+ start)
+ configtest || { rc_failed 150; rc_exit; }
+ echo -n "Starting RADIUS daemon "
+ startproc $exec >/dev/null
+ rc_status -v
+ ;;
+
+ stop)
+ echo -n "Shutting down RADIUS daemon "
+ killproc -TERM $exec
+ rc_status -v
+ ;;
+
+ try-restart|condrestart)
+ # If first returns OK call the second, if first or second command fails, set echo return value.
+ if test "$1" = "condrestart"; then
+ echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
+ fi
+ $0 status
+ if [ $? = 0 ] ; then
+ $0 restart
+ else
+ rc_reset # Not running is not a failure.
+ fi
+ rc_status
+ ;;
+
+ restart)
+ # Stop the service and regardless of whether it was running or not, start it again.
+ configtest || { rc_failed 150; rc_exit; }
+ $0 stop
+ $0 start
+ rc_status
+ ;;
+
+ force-reload)
+ # Signal the daemon to reload its config. Most daemons o this on signal 1 (SIGHUP).
+ # If it does not support it, restart.
+ configtest || { rc_failed 150; rc_exit; }
+ echo -n "Reload RADIUS daemon "
+ killproc -HUP $exec
+ rc_status -v
+ ;;
+
+ reload)
+ # Like force-reload, but if daemon does not support signalling, do nothing (!)
+ configtest || { rc_failed 150; rc_exit; }
+ echo -n "Reload RADIUS daemon "
+ killproc -HUP $exec
+ rc_status -v
+ ;;
+
+ status)
+ echo -n "Checking for service radiusd "
+ checkproc $exec
+ rc_status -v
+ ;;
+
+ configtest|testconfig)
+ configtest
+ rc_status -v
+ ;;
+
+ debug)
+ $0 status
+ if [ $? -eq 0 ]; then
+ echo -n "$prog already running; for live debugging see raddebug(8)"
+ exit 151
+ fi
+ $exec -X -d "$config_dir" || exit $?
+ exit 0
+ ;;
+
+ debug-threaded)
+ $0 status
+ if [ $? -eq 0 ]; then
+ echo -n "$prog already running; for live debugging see raddebug(8)"
+ exit 151
+ fi
+ $exec -f -xx -l stdout -d "$config_dir" || exit $?
+ exit 0
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|configtest|debug|debug-threaded}"
+ exit 1
+ ;;
+esac
+rc_exit