Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | Modules in Version 3 |
| 2 | ==================== |
| 3 | |
| 4 | As of Version 3, all of the modules have been places in the |
| 5 | "mods-available/" directory. This practice follows that used by other |
| 6 | servers such as Nginx, Apache, etc. The "modules" directory should |
| 7 | not be used. |
| 8 | |
| 9 | Modules are enabled by creating a file in the mods-enabled/ directory. |
| 10 | You can also create a soft-link from one directory to another:: |
| 11 | |
| 12 | $ cd raddb/mods-enabled |
| 13 | $ ln -s ../mods-available/foo |
| 14 | |
| 15 | This will enable module "foo". Be sure that you have configured the |
| 16 | module correctly before enabling it, otherwise the server will not |
| 17 | start. You can verify the server configuration by running |
| 18 | "radiusd -XC". |
| 19 | |
| 20 | A large number of modules are enabled by default. This allows the |
| 21 | server to work with the largest number of authentication protocols. |
| 22 | Please be careful when disabling modules. You will likely need to |
| 23 | edit the "sites-enabled/" files to remove references to any disabled |
| 24 | modules. |
| 25 | |
| 26 | Conditional Modules |
| 27 | ------------------- |
| 28 | |
| 29 | Version 3 allows modules to be conditionally loaded. This is useful |
| 30 | when you want to have a virtual server which references a module, but |
| 31 | does not require it. Instead of editing the virtual server file, you |
| 32 | can just conditionally enable the module. |
| 33 | |
| 34 | Modules are conditionally enabled by adding a "-" before their name in |
| 35 | a virtual server. For example, you can do:: |
| 36 | |
| 37 | server { |
| 38 | authorize { |
| 39 | ... |
| 40 | ldap |
| 41 | -sql |
| 42 | ... |
| 43 | } |
| 44 | } |
| 45 | |
| 46 | This says "require the LDAP module, but use the SQL module only if it |
| 47 | is configured." |
| 48 | |
| 49 | This feature is not very useful for production configurations. It is, |
| 50 | however, very useful for the default examples that ship with the |
| 51 | server. |
| 52 | |
| 53 | Ignoring module |
| 54 | --------------- |
| 55 | |
| 56 | If you see this message:: |
| 57 | |
| 58 | Ignoring module (see raddb/mods-available/README.rst) |
| 59 | |
| 60 | Then you are in the right place. Most of the time this message can be |
| 61 | ignored. The message can be fixed by find the references to "-module" |
| 62 | in the virtual server, and deleting them. |
| 63 | |
| 64 | Another way to fix it is to configure the module, as described above. |
| 65 | |
| 66 | Simplification |
| 67 | -------------- |
| 68 | |
| 69 | Allowing conditional modules simplifies the default virtual servers |
| 70 | that are shipped with FreeRADIUS. This means that if you want to |
| 71 | enable LDAP (for example), you no longer need to edit the files in |
| 72 | raddb/sites-available/ in order to enable it. |
| 73 | |
| 74 | Instead, you should edit the raddb/mods-available/ldap file to point |
| 75 | to your local LDAP server. Then, enable the module via the soft-link |
| 76 | method described above. |
| 77 | |
| 78 | Once the module is enabled, it will automatically be used in the |
| 79 | default configuration. |