Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

4.44. freeradius2

Updated freeradius2 packages that fix several bugs and add an enhancement are now available for Red Hat Enterprise Linux 5.
FreeRADIUS is an open-source Remote Authentication Dial In User Service (RADIUS) server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations via the RADIUS protocol.
The freeradius2 packages have been upgraded to upstream version 2.1.12, which provides a number of bug fixes and enhancements over the previous version. (BZ#609633)

Bug Fixes

The documentation of command-line arguments was incomplete and in some cases erroneous; some commands did not have a man page. The man pages and help output were updated to correct these deficiencies.
Previously, freeradius2 did not respect the core dump configuration flag. Consequently, the radiusd process did not produce a core dump file when it terminated unexpectedly with a segmentation fault. With this update the problem has been fixed, and now if radiusd aborts, a core dump is now generated if the core dump flag is enabled.
The freeradius-pam-conf configuration file, /etc/pam.d/radiusd, referenced a non-existent pam configuration "password-auth". This has been fixed to refer to "system-auth".
The previous version of freeradius generated its temporary SSL certificates the first time the server was run with the "-X" debug flag. Now the temporary certificates are created the first time the freeradius RPM is installed. It is no longer necessary to run the server in debug mode to create the initial certificates.
The radtest command-line argument to request the PPP hint option was not parsed correctly. Consequently, radclient did not add the PPP hint to the request packet and the test failed. This update corrects the problem and radtest now functions as expected.


The radtest tool did not send a Message-Authenticator by default in an Access-Request. Consequently, radtest could not connect to a RADIUS server if it required the authenticator as per RFC 5080. With this update the problem has been fixed, and now the Message-Authenticator is always sent.
Users are advised to upgrade to these updated freeradius2 packages, which fix these bugs and add this enhancement.