How do I keep the FreeRADIUS config when the package manager updates it?
-
This post is deleted! -
You shouldn't be editing the files directly, config should be updated via the gui.. That config will be retained..
My config for freerad is always there after update of the package.
-
This post is deleted! -
@KyleP said in How do I keep the FreeRADIUS config when the package manager updates it?:
I figured that's how everybody does it because there's no way to touch settings like cipher_server_preference otherwise.
There is a whole eap config section in the gui.. Could you give an example of what your doing exactly that you can not do in the gui?
So your editing these settings?
cipher_list = "DEFAULT" cipher_server_preference = no
To what exactly?
-
This post is deleted! -
Never looked into changing that.. From a quick look no don't see anyway to change that without doing what your doing.
You could put in a feature request for that..
You could prob make your changes to the .inc file that puts those defaults in.. Then you would only need to update them when you update pfsense itself. Could even create a patch to do such a thing automagically ;)
Out of curiosity, why are you wanting/needing to set that? I use freerad for eap-tls auth for one of my wifi network.
Other than feature request, and or continue doing what your doing - my only other off the top suggestion would be to run your freeradius on something other than pfsense.
Quick look for feature requests for freerad, I see this one
https://redmine.pfsense.org/issues/10479
This one also got fast response
https://redmine.pfsense.org/issues/10415Which looks like got pretty quick response.. So maybe your request could happen very quickly as well.
-
This post is deleted! -
Yeah eap-tls is great, but you don't have to manually edit the eap.conf for it to work - can all be done in the gui.
You pick the CA and certs from the gui.
tls-config tls-common { private_key_file = ${certdir}/server_key.pem certificate_file = ${certdir}/server_cert.pem ca_path = ${confdir}/certs ca_file = ${ca_path}/ca_cert.pem dh_file = ${certdir}/dh random_file = /dev/urandom fragment_size = 1024 include_length = yes check_crl = no check_cert_cn = %{User-Name} cipher_list = "DEFAULT" cipher_server_preference = no ecdh_curve = "prime256v1"
Example that is from my eap.conf - snipped out some stuff.. But you can see the path to certs and ca, and the cipher list, etc.
So was just curious why you were trying set specifics for your list and curve, etc.