Menu
▾
▴
#44 Use FreeRADIUS Client instead of radiusclient-ng
Here are patches for 1.1.0 and cvs head to build all radius code against FreeRADIUS Client instead of radiusclient-ng. Please see
http://wiki.freeradius.org/Radiusclient
Prebuilt freeradius-client rpms are at:
http://software.opensuse.org/download/network:/aaa/
Patched versions of openser using FreeRADIUS Client are available as rpms from: http://software.opensuse.org/download/server:/telephony/
FreeRADIUS Client patch for CVS Head
FreeRADIUS Client patch for 1.1.0
Logged In: YES
user_id=52680
Originator: YES
File Added: openser-1.1.0-freeradius-client.patch
Logged In: YES
user_id=1318360
Originator: NO
Hi Peter!
What is the advantage of using freeradius client instead of radiusclient-ng?
Is the freeradius client included in the standard distributions (debian, redhat ..)
Logged In: YES
user_id=52680
Originator: YES
At the present moment the technical benefit is minimal as there is little code difference between radiusclient-ng and FreeRADIUS Client. This will change over the comming months however. One obvious benefit is that the FreeRADIUS Project has website, wiki and mailing list infrastructure setup to support users. radiusclient-ng has none of these. As a openSUSE user/developer I can't comment for other distros, but radiusclient-ng is not included in SUSE (The older radiusclient is..) and therefore anyway has to be download from my Network:AAA repository the same as freeradius-client. FreeRADIUS Server IS included of course in almost all Linux Distros and I am working on getting freeradius-client included in (at least) future SUSE distros in place of the unmaintained radiusclient. My Network:AAA repo contains both radiusclient-ng and freeradius-client rpms for SUSE 9.3-10.2, Fedora 4-6 and Mandriva. I am not currently packaging for ubuntu or debian as I dont have any familiarity with deb but I will try to add them in future to the repo. (Someone else in the FreeRADIUS project current handles those packages). In any case radiusclient-ng last made a release on November 7, 2005. The FreeRADIUS project makes releases every couple of months, and is one of the most popular radius servers in the world.. A client officially supported and maintained by us seemed a logical step.
In anycase, no-one is forced to accept these patches. I simply put them here so that they don't get lost.
Logged In: YES
user_id=1318360
Originator: NO
Is it possible to make it configurable which client radius library to use (e.g. default=radiusclient-ng)?
I think then it is easier to integrate it into openser as many users do not want to change radius client library when the current one is working fine.
Logged In: YES
user_id=52680
Originator: YES
At present it could be a configure/compile time option as there is no logic difference between the two libraries. The whole point of this work though is to make OpenSER's RADIUS support work according to RFC (The existing support doesn't). This will require changes both in the radius modules in openser and additional code in freeradius-client. At that point the only sane way to maintain support for radiusclient-ng will be to keep 2 copies of the SER modules. (Think of when openser forked from SER. Initially the code was the same, but the whole goal of the fork is to add new functionality so the code slowly diverges). If the radiusclient-ng folk want to take our changes and incorporate back into their code they are of course more than welcome to.
Logged In: YES
user_id=1275325
Originator: NO
Hi Peter,
I applied on CVS devel your patch, but in a more general format in order to allow usage of both radiusclient-ng and freeradius-client library. This can easily be done at compiling time by setting the env. variable FREERADIUS (or setting it into Makefile).
For radiusclient-ng it still compiles, but please check also for freeradius-client - if there are any issues, just let me know.
thanks and regards,
bogdan
Logged In: YES
user_id=34841
Originator: NO
Hi,
in modules/acc/acc_extra.h the "include ../../radius.h" is not ifdef'ed for "RAD_ACC". Withouth installing the radius packages (from software.opensuse.org for my opensuse 10.1), compilation fails due to missing header files. Simply adding the "ifdef" is not sufficient, though (I don't have the time to fully investigate the matter currently...) - obviously, it's structures are used in the acc module?
Regards,
Bastian
Logged In: YES
user_id=1275325
Originator: NO
Hi Bastian,
thanks for report - indeed was a problem with the header file...fix now on the CVS :)
regards,
bogdan
Logged In: YES
user_id=52680
Originator: YES
Please note that radiusclient-ng (and freeradius-client 1.1.4) contain a bug in their MD5 implementation causing it to generate incorrect hashes on 64bit machines. (ie. RADIUS support is BROKEN in SER and openSER on 64bit machines when using radiusclient-ng) The latest freeradius-client snapshots have a new MD5 implementation and freeradius-client 1.1.5 will be released shortly including this and other bug fixes.
Logged In: YES
user_id=1275325
Originator: NO
Hi Peter,
thanks for the update - I think is very important and a note about this should be included in the release docs. Is there a way at the moment to use freeradius library without the need to compile it? just to install the libs and devel headers packages?
regards,
bogdan
Logged In: YES
user_id=52680
Originator: YES
Sure. I am maintaining packages for many Linux versions at: http://software.opensuse.org/download/network:/aaa/
freeradius-client-XXX is the release version.
freeradius-client-snapshot-XXX is the cvs version (With the 64bit fixes).