lukegb/depot
1
0
Fork 0
Code Issues 1 Pull requests Projects Packages Activity Actions
depot/ops/nixos/bvm-radius/raddb/mods-available/README.rst

117 lines
3.5 KiB
ReStructuredText
Raw Normal View History

bvm-radius: add freeradius configuration
2021-09-25 18:28:45 +00:00
Modules in Version 3
====================
As of Version 3, all of the modules have been placed in the
"mods-available/" directory. This practice follows that used by other
servers such as Nginx, Apache, etc. The "modules" directory should
not be used.
Modules are enabled by creating a file in the mods-enabled/ directory.
You can also create a soft-link from one directory to another::
$ cd raddb/mods-enabled
$ ln -s ../mods-available/foo
This will enable module "foo". Be sure that you have configured the
module correctly before enabling it, otherwise the server will not
start. You can verify the server configuration by running
"radiusd -XC".
A large number of modules are enabled by default. This allows the
server to work with the largest number of authentication protocols.
Please be careful when disabling modules. You will likely need to
edit the "sites-enabled/" files to remove references to any disabled
modules.
Conditional Modules
-------------------
Version 3 allows modules to be conditionally loaded. This is useful
when you want to have a virtual server which references a module, but
does not require it. Instead of editing the virtual server file, you
can just conditionally enable the module.
Modules are conditionally enabled by adding a "-" before their name in
a virtual server. For example, you can do::
server {
authorize {
...
ldap
-sql
...
}
}
This says "require the LDAP module, but use the SQL module only if it
is configured."
This feature is not very useful for production configurations. It is,
however, very useful for the default examples that ship with the
server.
Ignoring module
---------------
If you see this message::
Ignoring module (see raddb/mods-available/README.rst)
Then you are in the right place. Most of the time this message can be
ignored. The message can be fixed by finding the references to "-module"
in the virtual server, and deleting them.
Another way to fix it is to configure the module, as described above.
Simplification
--------------
Allowing conditional modules simplifies the default virtual servers
that are shipped with FreeRADIUS. This means that if you want to
enable LDAP (for example), you no longer need to edit the files in
raddb/sites-available/ in order to enable it.
Instead, you should edit the raddb/mods-available/ldap file to point
to your local LDAP server. Then, enable the module via the soft-link
method described above.
Once the module is enabled, it will automatically be used in the
default configuration.
Multiple Instances
------------------
It is sometimes necessary to have the same module do two different
things. The server supports this functionality via "instances" of
modules.
Normally, a module configuration looks like this:
sql {
... sql stuff ...
}
This module is then refereed to as the "sql" module.
But what happens if you want to connect to two different SQL
databases? The solution is simple; copy the "sql" module
configuration, and add an instance name after the "sql" string:
sql mysql1 {
... configuration for connecting to mysql11 ...
}
sql mysql2 {
... configuration for connecting to mysql12 ...
}
This configuration says "load the SQL module, but create two copies of
it, with different configurations". The different configurations can
be referred to by name, as "mysql1" and "mysql2". That is, anywhere
you would normally use "sql", you could use either "mysql1" or
"mysql2".
For further examples of using module instances, see the "attr_filter"
module configuration in this directory.
Reference in a new issue Copy permalink