diff options
author | Chris Buechler <cmb@pfsense.org> | 2011-12-10 17:15:23 -0800 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2011-12-10 17:15:23 -0800 |
commit | 26a8d08e7cfc0bc22b3620d77113e2708f90e897 (patch) | |
tree | d08d460bb171bf3e1275f46cfe7a754c25a421dc | |
parent | 36e1eb5bafbc986e45f48b2871ab4900db6a4990 (diff) | |
parent | 3b9c85c41fc1c58f5901115ab63dd068ae335d0f (diff) | |
download | pfsense-packages-26a8d08e7cfc0bc22b3620d77113e2708f90e897.tar.gz pfsense-packages-26a8d08e7cfc0bc22b3620d77113e2708f90e897.tar.bz2 pfsense-packages-26a8d08e7cfc0bc22b3620d77113e2708f90e897.zip |
Merge pull request #124 from Nachtfalkeaw/master
freeradius2 - should now be as stable as freeradius with all old and few additional options.
-rwxr-xr-x | config/freeradius2/freeradius.inc | 43 | ||||
-rwxr-xr-x | config/freeradius2/freeradiussettings.xml | 56 | ||||
-rw-r--r-- | pkg_config.8.xml | 10 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 10 |
4 files changed, 92 insertions, 27 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index d5e49883..762a2200 100755 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -25,8 +25,6 @@ function freeradius_install_command() { exec("chown -R root:wheel /usr/local/etc/raddb"); exec("chown -R root:wheel /usr/local/lib/freeradius-2.1.12"); - exec("chown -R root:wheel /var/log/raddb"); - exec("chown -R root:wheel /var/log/radacct"); closedir($handle); @@ -60,6 +58,17 @@ function freeradius_settings_resync() { $varsettingsallowcoredumps = $varsettings['varsettingsallowcoredumps']; $varsettingsregularexpressions = $varsettings['varsettingsregularexpressions']; $varsettingsextendedexpressions = $varsettings['varsettingsextendedexpressions']; + + $varsettingsmaxattributes = $varsettings['varsettingsmaxattributes']; + $varsettingsrejectdelay = $varsettings['varsettingsrejectdelay']; + $varsettingsstartservers = $varsettings['varsettingsstartservers']; + $varsettingsmaxservers = $varsettings['varsettingsmaxservers']; + $varsettingsminspareservers = $varsettings['varsettingsminspareservers']; + $varsettingsmaxspareservers = $varsettings['varsettingsmaxspareservers']; + $varsettingsmaxqueuesize = $varsettings['varsettingsmaxqueuesize']; + $varsettingsmaxrequestsperserver = $varsettings['varsettingsmaxrequestsperserver']; + + $conf = <<<EOD prefix = /usr/local @@ -130,23 +139,25 @@ log { ###msg_goodpass = "" ###msg_badpass = "" } + checkrad = \${sbindir}/checkrad security { - ###max_attributes = 200 - ###reject_delay = 1 - ###status_server = no ###raddb/sites-available/status ###wohl nur fuer Experten - erstmal weglassen - } - ###proxy_requests = yes ###auf "yes" lassen. Sorgt fuer weniger Probleme und kostet wenig/nichts (RAM) + max_attributes = $varsettingsmaxattributes + reject_delay = $varsettingsrejectdelay + status_server = no ### Needs additional config in raddb/sites-available/status +} + proxy_requests = yes + \$INCLUDE \${confdir}/proxy.conf -\$INCLUDE \${confdir}/clients.conf ###Jegliche Konfiguration wird in der clients.conf durchgeführt +\$INCLUDE \${confdir}/clients.conf thread pool { - ###start_servers = 5 - ###max_servers = 32 - ###min_spare_servers = 3 - ###max_spare_servers = 10 - ###max_queue_size = 65536 - ###max_requests_per_server = 0 - } + start_servers = $varsettingsstartservers + max_servers = $varsettingsmaxservers + min_spare_servers = $varsettingsminspareservers + max_spare_servers = $varsettingsmaxspareservers + max_queue_size = $varsettingsmaxqueuesize + max_requests_per_server = $varsettingsmaxrequestsperserver +} #snmp = no @@ -478,8 +489,6 @@ post-proxy { } EOD; - exec("chown -R root:wheel /var/log/raddb"); - exec("chown -R root:wheel /var/log/radacct"); conf_mount_rw(); file_put_contents(RADDB . '/radiusd.conf', $conf); diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index bab82e72..286cc1fd 100755 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -191,6 +191,62 @@ <option><name>Disable</name><value>no</value></option> <option><name>Enable</name><value>yes</value></option> </options> + </field> + <field> + <fielddescr>Maximum Number of Attributes</fielddescr> + <fieldname>varsettingsmaxattributes</fieldname> + <description>The maximum number of attributes permitted in a RADIUS packet. Packets which have more than this number of attributes in them will be dropped. (Default: 200)</description> + <type>input</type> + <default_value>200</default_value> + </field> + <field> + <fielddescr>Access-Reject Delay</fielddescr> + <fieldname>varsettingsrejectdelay</fieldname> + <description>When sending an Access-Reject it can be delayed for a few seconds. This may help slow down a DoS attack. It also helps to slow down people trying to brute-force crack a users password. (Default: 1)(Immediately: 0)</description> + <type>input</type> + <default_value>1</default_value> + </field> + <field> + <fielddescr>Number of Threads After Start</fielddescr> + <fieldname>varsettingsstartservers</fieldname> + <description>The thread pool is a long-lived group of threads which take turns (round-robin) handling any incoming requests. (Default: 5)</description> + <type>input</type> + <default_value>5</default_value> + </field> + <field> + <fielddescr>Maximum Number of Threads</fielddescr> + <fieldname>varsettingsmaxservers</fieldname> + <description>If this limit is ever reached, clients will be locked out so it should not be set to low. (Default: 32)</description> + <type>input</type> + <default_value>32</default_value> + </field> + <field> + <fielddescr>Min Spare Servers</fielddescr> + <fieldname>varsettingsminspareservers</fieldname> + <description>This dynamically adjusts the "Number of Threads After Start". If the RADIUS server has to handle MANY requests and LESS than "Min Spare Servers" are left than the RADIUS server will INCREASE the number of running threads. (Default: 3)</description> + <type>input</type> + <default_value>3</default_value> + </field> + <field> + <fielddescr>Max Spare Servers</fielddescr> + <fieldname>varsettingsmaxspareservers</fieldname> + <description>This dynamically adjusts the "Number of Threads After Start". If the RADIUS server has to handle FEW requests and MORE than "Max Spare Servers" are left than the RADIUS server will DECREASE the number of running threads. (Default: 10)</description> + <type>input</type> + <default_value>10</default_value> + </field> + <field> + <fielddescr>Server Packet Queue Size</fielddescr> + <fieldname>varsettingsmaxqueuesize</fieldname> + <description>This is the queue size where the server stores packets before processing them. (Default: 65536)</description> + <type>input</type> + <default_value>65536</default_value> + </field> + <field> + <fielddescr>Maximum Requests per Server</fielddescr> + <fieldname>varsettingsmaxrequestsperserver</fieldname> + <description>You should only change this if you encounter memory leaks while running RADIUS. (Default: 0)</description> + <type>input</type> + <default_value>0</default_value> </field> </fields> <custom_delete_php_command> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 0ae10e34..6fdf8af0 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -758,13 +758,13 @@ <package> <name>freeradius2</name> <website>http://www.freeradius.org/</website> - <descr><![CDATA[!!! EXPERIMENTAL !!!<br> - freeRADIUS 2.1.12<br> - DO NOT USE ON PRODUCTIVE SYSTEMS AND NOT TOGETHER WITH freeradius. Both packages are using the same config files]]></descr> + <descr><![CDATA[freeRADIUS 2.1.12 - A free implementation of the RADIUS protocol.<br> + Do not use together with freeradius package. Both are using the same config files.<br> + Should be now as stable as freeradius package but needs more testing.]]></descr> <pkginfolink>http://forum.pfsense.org/index.php/topic,43675.0.html</pkginfolink> <category>System</category> - <version>2.1.12 pkg v0.8</version> - <status>Alpha</status> + <version>2.1.12 pkg v1.0</version> + <status>BETA</status> <required_version>2.0</required_version> <maintainer>Nachtfalke</maintainer> <depends_on_package_base_url>http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/All/</depends_on_package_base_url> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 6f046a47..c075eeb8 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -800,13 +800,13 @@ <package> <name>freeradius2</name> <website>http://www.freeradius.org/</website> - <descr><![CDATA[!!! EXPERIMENTAL !!!<br> - freeRADIUS 2.1.12<br> - DO NOT USE ON PRODUCTION SYSTEMS AND NOT TOGETHER WITH freeradius. Both packages are using the same config files]]></descr> + <descr><![CDATA[freeRADIUS 2.1.12 - A free implementation of the RADIUS protocol.<br> + Do not use together with freeradius package. Both are using the same config files.<br> + Should be now as stable as freeradius package but needs more testing.]]></descr> <pkginfolink>http://forum.pfsense.org/index.php/topic,43675.0.html</pkginfolink> <category>System</category> - <version>2.1.12 pkg v0.8</version> - <status>Alpha</status> + <version>2.1.12 pkg v1.0</version> + <status>BETA</status> <required_version>2.0</required_version> <maintainer>Nachtfalke</maintainer> <depends_on_package_base_url>http://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8-stable/All/</depends_on_package_base_url> |