aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2011-12-10 17:15:23 -0800
committerChris Buechler <cmb@pfsense.org>2011-12-10 17:15:23 -0800
commit26a8d08e7cfc0bc22b3620d77113e2708f90e897 (patch)
treed08d460bb171bf3e1275f46cfe7a754c25a421dc
parent36e1eb5bafbc986e45f48b2871ab4900db6a4990 (diff)
parent3b9c85c41fc1c58f5901115ab63dd068ae335d0f (diff)
downloadpfsense-packages-26a8d08e7cfc0bc22b3620d77113e2708f90e897.tar.gz
pfsense-packages-26a8d08e7cfc0bc22b3620d77113e2708f90e897.tar.bz2
pfsense-packages-26a8d08e7cfc0bc22b3620d77113e2708f90e897.zip
Merge pull request #124 from Nachtfalkeaw/master
freeradius2 - should now be as stable as freeradius with all old and few additional options.
-rwxr-xr-xconfig/freeradius2/freeradius.inc43
-rwxr-xr-xconfig/freeradius2/freeradiussettings.xml56
-rw-r--r--pkg_config.8.xml10
-rw-r--r--pkg_config.8.xml.amd6410
4 files changed, 92 insertions, 27 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index d5e49883..762a2200 100755
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -25,8 +25,6 @@ function freeradius_install_command() {
exec("chown -R root:wheel /usr/local/etc/raddb");
exec("chown -R root:wheel /usr/local/lib/freeradius-2.1.12");
- exec("chown -R root:wheel /var/log/raddb");
- exec("chown -R root:wheel /var/log/radacct");
closedir($handle);
@@ -60,6 +58,17 @@ function freeradius_settings_resync() {
$varsettingsallowcoredumps = $varsettings['varsettingsallowcoredumps'];
$varsettingsregularexpressions = $varsettings['varsettingsregularexpressions'];
$varsettingsextendedexpressions = $varsettings['varsettingsextendedexpressions'];
+
+ $varsettingsmaxattributes = $varsettings['varsettingsmaxattributes'];
+ $varsettingsrejectdelay = $varsettings['varsettingsrejectdelay'];
+ $varsettingsstartservers = $varsettings['varsettingsstartservers'];
+ $varsettingsmaxservers = $varsettings['varsettingsmaxservers'];
+ $varsettingsminspareservers = $varsettings['varsettingsminspareservers'];
+ $varsettingsmaxspareservers = $varsettings['varsettingsmaxspareservers'];
+ $varsettingsmaxqueuesize = $varsettings['varsettingsmaxqueuesize'];
+ $varsettingsmaxrequestsperserver = $varsettings['varsettingsmaxrequestsperserver'];
+
+
$conf = <<<EOD
prefix = /usr/local
@@ -130,23 +139,25 @@ log {
###msg_goodpass = ""
###msg_badpass = ""
}
+
checkrad = \${sbindir}/checkrad
security {
- ###max_attributes = 200
- ###reject_delay = 1
- ###status_server = no ###raddb/sites-available/status ###wohl nur fuer Experten - erstmal weglassen
- }
- ###proxy_requests = yes ###auf "yes" lassen. Sorgt fuer weniger Probleme und kostet wenig/nichts (RAM)
+ max_attributes = $varsettingsmaxattributes
+ reject_delay = $varsettingsrejectdelay
+ status_server = no ### Needs additional config in raddb/sites-available/status
+}
+ proxy_requests = yes
+
\$INCLUDE \${confdir}/proxy.conf
-\$INCLUDE \${confdir}/clients.conf ###Jegliche Konfiguration wird in der clients.conf durchgeführt
+\$INCLUDE \${confdir}/clients.conf
thread pool {
- ###start_servers = 5
- ###max_servers = 32
- ###min_spare_servers = 3
- ###max_spare_servers = 10
- ###max_queue_size = 65536
- ###max_requests_per_server = 0
- }
+ start_servers = $varsettingsstartservers
+ max_servers = $varsettingsmaxservers
+ min_spare_servers = $varsettingsminspareservers
+ max_spare_servers = $varsettingsmaxspareservers
+ max_queue_size = $varsettingsmaxqueuesize
+ max_requests_per_server = $varsettingsmaxrequestsperserver
+}
#snmp = no
@@ -478,8 +489,6 @@ post-proxy {
}
EOD;
- exec("chown -R root:wheel /var/log/raddb");
- exec("chown -R root:wheel /var/log/radacct");
conf_mount_rw();
file_put_contents(RADDB . '/radiusd.conf', $conf);
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index bab82e72..286cc1fd 100755
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -191,6 +191,62 @@
<option><name>Disable</name><value>no</value></option>
<option><name>Enable</name><value>yes</value></option>
</options>
+ </field>
+ <field>
+ <fielddescr>Maximum Number of Attributes</fielddescr>
+ <fieldname>varsettingsmaxattributes</fieldname>
+ <description>The maximum number of attributes permitted in a RADIUS packet. Packets which have more than this number of attributes in them will be dropped. (Default: 200)</description>
+ <type>input</type>
+ <default_value>200</default_value>
+ </field>
+ <field>
+ <fielddescr>Access-Reject Delay</fielddescr>
+ <fieldname>varsettingsrejectdelay</fieldname>
+ <description>When sending an Access-Reject it can be delayed for a few seconds. This may help slow down a DoS attack. It also helps to slow down people trying to brute-force crack a users password. (Default: 1)(Immediately: 0)</description>
+ <type>input</type>
+ <default_value>1</default_value>
+ </field>
+ <field>
+ <fielddescr>Number of Threads After Start</fielddescr>
+ <fieldname>varsettingsstartservers</fieldname>
+ <description>The thread pool is a long-lived group of threads which take turns (round-robin) handling any incoming requests. (Default: 5)</description>
+ <type>input</type>
+ <default_value>5</default_value>
+ </field>
+ <field>
+ <fielddescr>Maximum Number of Threads</fielddescr>
+ <fieldname>varsettingsmaxservers</fieldname>
+ <description>If this limit is ever reached, clients will be locked out so it should not be set to low. (Default: 32)</description>
+ <type>input</type>
+ <default_value>32</default_value>
+ </field>
+ <field>
+ <fielddescr>Min Spare Servers</fielddescr>
+ <fieldname>varsettingsminspareservers</fieldname>
+ <description>This dynamically adjusts the "Number of Threads After Start". If the RADIUS server has to handle MANY requests and LESS than "Min Spare Servers" are left than the RADIUS server will INCREASE the number of running threads. (Default: 3)</description>
+ <type>input</type>
+ <default_value>3</default_value>
+ </field>
+ <field>
+ <fielddescr>Max Spare Servers</fielddescr>
+ <fieldname>varsettingsmaxspareservers</fieldname>
+ <description>This dynamically adjusts the "Number of Threads After Start". If the RADIUS server has to handle FEW requests and MORE than "Max Spare Servers" are left than the RADIUS server will DECREASE the number of running threads. (Default: 10)</description>
+ <type>input</type>
+ <default_value>10</default_value>
+ </field>
+ <field>
+ <fielddescr>Server Packet Queue Size</fielddescr>
+ <fieldname>varsettingsmaxqueuesize</fieldname>
+ <description>This is the queue size where the server stores packets before processing them. (Default: 65536)</description>
+ <type>input</type>
+ <default_value>65536</default_value>
+ </field>
+ <field>
+ <fielddescr>Maximum Requests per Server</fielddescr>
+ <fieldname>varsettingsmaxrequestsperserver</fieldname>
+ <description>You should only change this if you encounter memory leaks while running RADIUS. (Default: 0)</description>
+ <type>input</type>
+ <default_value>0</default_value>
</field>
</fields>
<custom_delete_php_command>
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index 0ae10e34..6fdf8af0 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -758,13 +758,13 @@
<package>
<name>freeradius2</name>
<website>http://www.freeradius.org/</website>
- <descr><![CDATA[!!! EXPERIMENTAL !!!<br>
- freeRADIUS 2.1.12<br>
- DO NOT USE ON PRODUCTIVE SYSTEMS AND NOT TOGETHER WITH freeradius. Both packages are using the same config files]]></descr>
+ <descr><![CDATA[freeRADIUS 2.1.12 - A free implementation of the RADIUS protocol.<br>
+ Do not use together with freeradius package. Both are using the same config files.<br>
+ Should be now as stable as freeradius package but needs more testing.]]></descr>
<pkginfolink>http://forum.pfsense.org/index.php/topic,43675.0.html</pkginfolink>
<category>System</category>
- <version>2.1.12 pkg v0.8</version>
- <status>Alpha</status>
+ <version>2.1.12 pkg v1.0</version>
+ <status>BETA</status>
<required_version>2.0</required_version>
<maintainer>Nachtfalke</maintainer>
<depends_on_package_base_url>http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/</depends_on_package_base_url>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index 6f046a47..c075eeb8 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -800,13 +800,13 @@
<package>
<name>freeradius2</name>
<website>http://www.freeradius.org/</website>
- <descr><![CDATA[!!! EXPERIMENTAL !!!<br>
- freeRADIUS 2.1.12<br>
- DO NOT USE ON PRODUCTION SYSTEMS AND NOT TOGETHER WITH freeradius. Both packages are using the same config files]]></descr>
+ <descr><![CDATA[freeRADIUS 2.1.12 - A free implementation of the RADIUS protocol.<br>
+ Do not use together with freeradius package. Both are using the same config files.<br>
+ Should be now as stable as freeradius package but needs more testing.]]></descr>
<pkginfolink>http://forum.pfsense.org/index.php/topic,43675.0.html</pkginfolink>
<category>System</category>
- <version>2.1.12 pkg v0.8</version>
- <status>Alpha</status>
+ <version>2.1.12 pkg v1.0</version>
+ <status>BETA</status>
<required_version>2.0</required_version>
<maintainer>Nachtfalke</maintainer>
<depends_on_package_base_url>http://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/All/</depends_on_package_base_url>