aboutsummaryrefslogtreecommitdiffstats
path: root/config/freeradius2
diff options
context:
space:
mode:
Diffstat (limited to 'config/freeradius2')
-rw-r--r--config/freeradius2/freeradius.inc37
-rw-r--r--config/freeradius2/freeradiussettings.xml8
2 files changed, 40 insertions, 5 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index df231821..00076816 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -134,7 +134,42 @@ function freeradius_install_command() {
$rcfile = array();
$rcfile['file'] = 'radiusd.sh';
- $rcfile['start'] = FREERADIUS_ETC . '/rc.d/radiusd onestart';
+ $freeradius_etc_dir = FREERADIUS_ETC;
+ $rcfile['start'] = <<<EOD
+SERVICENAME="radiusd"
+ LOCKFILE="/tmp/\${SERVICENAME}_start.lock"
+ PIDFILE="/var/run/\${SERVICENAME}.pid"
+
+ # prevent this part of script from running in parallel
+ if ( set -o noclobber; echo "\$\$" > "\$LOCKFILE") 2> /dev/null; then
+ # make sure lock file is removed even if script is terminated
+ trap 'rm -f "\$LOCKFILE"; exit \$?' INT TERM EXIT
+
+ {$freeradius_etc_dir}/rc.d/radiusd onestart
+
+ # try to wait until the service starts
+ if [ ! -f "\$PIDFILE" ]; then
+ echo "\$SERVICENAME.sh: PID file was not found"
+
+ for i in 1 2 3 4 5; do
+ if [ -f "\$PIDFILE" ]; then
+ echo "\$SERVICENAME.sh: Service started PID: `cat \$PIDFILE`"
+ break
+ else
+ echo "\$SERVICENAME.sh: Waiting 0.5 seconds"
+ sleep 0.5
+ fi
+ done
+ else
+ echo "\$SERVICENAME.sh: Service running PID: `cat \$PIDFILE`"
+ fi
+
+ rm -f "\$LOCKFILE"
+ trap - INT TERM EXIT
+ else
+ echo "\$SERVICENAME.sh: Cannot continue at this moment, this script is already trying to start service PID: \$(cat \$LOCKFILE)"
+ fi
+EOD;
$rcfile['stop'] = FREERADIUS_ETC . '/rc.d/radiusd onestop';
write_rcfile($rcfile);
conf_mount_ro();
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index 78c65372..8982d93e 100644
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -183,9 +183,9 @@
</options>
</field>
<field>
- <fielddescr>Log Bad Authentication Attempts</fielddescr>
+ <fielddescr>Log Password on Authentication Failure</fielddescr>
<fieldname>varsettingsauthbadpass</fieldname>
- <description><![CDATA[If an authentication fails then it will log the username and <b>wrong</b> password visible in syslog. Logging must be enabled. (Default: no)]]></description>
+ <description><![CDATA[Log the <b>password</b> of failed authentication attempts to syslog. Not recommended for security reasons. Logging must be enabled. (Default: no)]]></description>
<type>select</type>
<default_value>no</default_value>
<options>
@@ -204,9 +204,9 @@
<size>80</size>
</field>
<field>
- <fielddescr>Log good authentication attempts?</fielddescr>
+ <fielddescr>Log Password on Authentication Success</fielddescr>
<fieldname>varsettingsauthgoodpass</fieldname>
- <description><![CDATA[If an authentication succeeds then it will log the username and <b>correct</b> password visible in syslog. Logging must be enabled. (Default: no)]]></description>
+ <description><![CDATA[Log the <b>password</b> of successful authentication attempts to syslog. Not recommended for security reasons. Logging must be enabled. (Default: no)]]></description>
<type>select</type>
<default_value>no</default_value>
<options>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 13:05:59 +0000