/etc/raddb/

This directory houses various configuration files crucial for setting up and managing the FreeRADIUS server. Below are some of the key files and directories typically found under /etc/raddb/:

Key Files and Directories in /etc/raddb/

  1. clients.conf: Defines the clients (NAS - Network Access Server) that are allowed to authenticate against the RADIUS server. Each client entry includes IP addresses, shared secrets, and other parameters.

  2. users: This file contains user-specific configuration details for authentication, authorization, and accounting. It defines user credentials, access policies, and group memberships.

  3. radiusd.conf: As discussed earlier, this is the main configuration file for FreeRADIUS, containing global server settings, module configurations, authentication methods, and more.

  4. sites-available/ and sites-enabled/: These directories contain configuration snippets or "sites" that define different service profiles or policies (e.g., default, inner-tunnel). The sites-enabled/ directory includes symbolic links to active sites.

  5. mods-available/ and mods-enabled/: These directories house configuration modules (mods) that extend FreeRADIUS functionality. mods-enabled/ contains symbolic links to enabled modules.

  6. certs/: This directory stores TLS/SSL certificates and keys used for secure RADIUS communication (if configured).

  7. dictionary: Defines attribute-value pairs (AVPs) used in RADIUS communication. It maps human-readable names to RADIUS attribute codes and is essential for interpreting and generating RADIUS packets.

  8. policy.d/: Contains policy configuration snippets that define specific rules or conditions for handling authentication, authorization, and accounting requests.

  9. sql/: If using SQL-based backends for storing user credentials, accounting data, or session information, this directory contains SQL schema files and configurations.

  10. log/: Typically not present by default, but may be used for storing FreeRADIUS log files if configured to a custom location.

Usage and Configuration

  • Editing Configuration Files: Use a text editor with appropriate permissions (usually requiring sudo or root access) to modify configuration files.

  • Restarting FreeRADIUS: After making changes to configuration files under /etc/raddb/, restart the FreeRADIUS service to apply changes:

    sudo systemctl restart freeradius

  • Testing: Use tools like radtest or radclient (as discussed earlier) to test authentication, authorization, and accounting functionalities after making configuration changes.

Security Considerations

  • Secure Shared Secrets: Ensure that shared secrets in clients.conf are strong and securely managed to prevent unauthorized access.

  • TLS/SSL Configuration: If using TLS/SSL for secure RADIUS communication, regularly update certificates and keys, and adhere to best practices for certificate management.

Conclusion

Understanding the structure and contents of /etc/raddb/ is crucial for effectively configuring and managing FreeRADIUS deployments. It forms the backbone of RADIUS server operations, facilitating secure and efficient network access control through authentication, authorization, and accounting mechanisms.

Previous/etc/openvpn/Next/etc/rkhunter.conf

Last updated