* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme

- handle dhparam via template [SME: 12964]

.gitignore

@@ -2,3 +2,4 @@
 *.log
 *spec-20*
 *.tar.xz
+*.bak

README.md

@@ -6,7 +6,14 @@ SMEServer Koozali developed git repo for smeserver-radiusd smeserver
 <br />https://wiki.koozali.org/
 
 ## Bugzilla
-Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-radiusd&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)\
+Show list of outstanding bugs:
+[All](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=NEEDINFO&bug_status=IN_PROGRESS&bug_status=RESOLVED&bug_status=VERIFIED&cf_package=smeserver-radiusd&classification=SME+Server&list_id=105756&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Confirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=CONFIRMED&cf_package=smeserver-radiusd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Unconfirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&cf_package=smeserver-radiusd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Need info](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=NEEDINFO&cf_package=smeserver-radiusd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[In progress](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=IN_PROGRESS&cf_package=smeserver-radiusd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Resolved](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=RESOLVED&cf_package=smeserver-radiusd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Verified](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=VERIFIED&cf_package=smeserver-radiusd&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
 And a list of outstanding Legacy bugs: (e-smith-radiusd) [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-radiusd&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
 
 ## Description

contriborbase

@@ -1 +0,0 @@
-sme10

createlinks

@@ -82,6 +82,8 @@ $event="smeserver-radiusd-update";
 safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/radiusd");
 safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog");
 templates2events("/etc/rsyslog.conf",$event);
+templates2events("/etc/raddb/certs/dh", $event);
+
 # systemd-specific action mandatory for this package-update event
 event_link("systemd-reload", $event, "89");
 event_link("systemd-default", $event, "88");
@@ -94,3 +96,12 @@ safe_symlink("restart", "root/etc/e-smith/events/ssl-update/services2adjust/radi
 safe_symlink("../mods-available/ldap", "root/etc/raddb/mods-enabled/ldap");
 safe_symlink("../mods-available/smbpasswd", "root/etc/raddb/mods-enabled/smbpasswd");
 
+
+$event = "dhparam-update";
+templates2events("/etc/raddb/certs/dh", $event);
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/radiusd");
+
+$event = "smeserver-base-update";
+templates2events("/etc/raddb/certs/dh", $event);
+safe_symlink("try-restart", "root/etc/e-smith/events/$event/services2adjust/radiusd");
+

root/etc/dnf/plugins/post-transaction-actions.d/radius.action

@@ -0,0 +1 @@
+freeradius*:any:/sbin/e-smith/signal-event smeserver-radiusd-update

root/etc/e-smith/templates.metadata/etc/raddb/certs/dh

@@ -0,0 +1,5 @@
+TEMPLATE_PATH="/home/e-smith/dh.pem"
+OUTPUT_FILENAME="/etc/raddb/certs/dh"
+UID="root"
+GID="root"
+PERMS=0644

root/etc/e-smith/templates.metadata/etc/radiusclient/dictionary

@@ -0,0 +1 @@
+TEMPLATE_PATH="/usr/share/radiusclient/dictionary"

root/etc/e-smith/templates/usr/share/radiusclient/dictionary

@@ -75,22 +75,67 @@ ATTRIBUTE	Acct-Output-Packets	48	integer
 ATTRIBUTE	Acct-Terminate-Cause	49	integer
 ATTRIBUTE	Acct-Multi-Session-Id	50	string
 ATTRIBUTE	Acct-Link-Count		51	integer
+TTRIBUTE	Acct-Input-Gigawords	52	integer
+ATTRIBUTE	Acct-Output-Gigawords	53	integer
 ATTRIBUTE	Event-Timestamp		55	integer
+ATTRIBUTE	Egress-VLANID		56	string
+ATTRIBUTE	Ingress-Filters		57	integer
+ATTRIBUTE	Egress-VLAN-Name	58	string
+ATTRIBUTE	User-Priority-Table	59	string
 ATTRIBUTE	CHAP-Challenge		60	string
 ATTRIBUTE	NAS-Port-Type		61	integer
 ATTRIBUTE	Port-Limit		62	integer
 ATTRIBUTE	Login-LAT-Port		63	integer
+ATTRIBUTE	Tunnel-Type		64	string
+ATTRIBUTE	Tunnel-Medium-Type	65	string
+ATTRIBUTE	Tunnel-Client-Endpoint	66	string
+ATTRIBUTE	Tunnel-Server-Endpoint	67	string
+ATTRIBUTE	Acct-Tunnel-Connection	68	string
+ATTRIBUTE	Tunnel-Password		69	string
+ATTRIBUTE	ARAP-Password		70	string
+ATTRIBUTE	ARAP-Features		71	string
+ATTRIBUTE	ARAP-Zone-Access	72	integer
+ATTRIBUTE	ARAP-Security		73	integer
+ATTRIBUTE	ARAP-Security-Data	74	string
+ATTRIBUTE	Password-Retry		75	integer
+ATTRIBUTE	Prompt			76	integer
 ATTRIBUTE	Connect-Info		77	string
+ATTRIBUTE	Configuration-Token	78	string
+ATTRIBUTE	EAP-Message		79	string
+ATTRIBUTE	Message-Authenticator	80	string
+ATTRIBUTE	Tunnel-Private-Group-ID	81	string
+ATTRIBUTE	Tunnel-Assignment-ID	82	string
+ATTRIBUTE	Tunnel-Preference	83	string
+ATTRIBUTE	ARAP-Challenge-Response	84	string
+ATTRIBUTE	Acct-Interim-Interval	85	integer
+ATTRIBUTE	Acct-Tunnel-Packets-Lost	86	integer
+ATTRIBUTE	NAS-Port-Id-String	87	string
+ATTRIBUTE	Framed-Pool		88	string
+ATTRIBUTE	Chargeable-User-Identity	89	string
+ATTRIBUTE	Tunnel-Client-Auth-ID	90	string
+ATTRIBUTE	Tunnel-Server-Auth-ID	91	string
+ATTRIBUTE	NAS-Filter-Rule		92	string
+ATTRIBUTE	Originating-Line-Info	94	string
 
 #
 #	RFC3162 IPv6 attributes
 #
-ATTRIBUTE	NAS-IPv6-Address	95	string
+ATTRIBUTE	NAS-IPv6-Address	95	ipv6addr
 ATTRIBUTE	Framed-Interface-Id	96	string
-ATTRIBUTE	Framed-IPv6-Prefix	97	string
-ATTRIBUTE	Login-IPv6-Host		98	string
+ATTRIBUTE	Framed-IPv6-Prefix	97	ipv6prefix
+ATTRIBUTE	Login-IPv6-Host		98	ipv6addr
 ATTRIBUTE	Framed-IPv6-Route	99	string
 ATTRIBUTE	Framed-IPv6-Pool	100	string
+ATTRIBUTE	Error-Cause		101	integer
+ATTRIBUTE	EAP-Key-Name		102	string
+
+#
+#	RFC6911 IPv6 attributes
+#
+ATTRIBUTE       Delegated-IPv6-Prefix   123     ipv6prefix
+ATTRIBUTE	Framed-IPv6-Address	168	ipv6addr
+ATTRIBUTE	DNS-Server-IPv6-Address	169	ipv6addr
+ATTRIBUTE	Route-IPv6-Information	170	ipv6prefix
 
 #
 #	Experimental Non Protocol Attributes used by Cistron-Radiusd
@@ -133,11 +178,19 @@ VALUE		Service-Type		Callback-Framed-User	4
 VALUE		Service-Type		Outbound-User		5
 VALUE		Service-Type		Administrative-User	6
 VALUE		Service-Type		NAS-Prompt-User		7
+VALUE		Service-Type		Authenticate-Only	8
+VALUE		Service-Type		Callback-NAS-Prompt	9
+VALUE		Service-Type		Call-Check		10
+VALUE		Service-Type		Callback-Administrative	11
 
 #	Framed Protocols
 
 VALUE		Framed-Protocol		PPP			1
 VALUE		Framed-Protocol		SLIP			2
+VALUE		Framed-Protocol		ARAP			3
+VALUE		Framed-Protocol		GANDALF-SLMLP		4
+VALUE		Framed-Protocol		XYLOGICS-IPX-SLIP	5
+VALUE		Framed-Protocol		X75			6
 
 #	Framed Routing Values
 
@@ -150,6 +203,8 @@ VALUE		Framed-Routing		Broadcast-Listen	3
 
 VALUE		Framed-Compression	None			0
 VALUE		Framed-Compression	Van-Jacobson-TCP-IP	1
+VALUE		Framed-Compression	IPX-Header		2
+VALUE		Framed-Compression	Stac-LZS		3
 
 #	Login Services
 
@@ -157,6 +212,10 @@ VALUE		Login-Service		Telnet			0
 VALUE		Login-Service		Rlogin			1
 VALUE		Login-Service		TCP-Clear		2
 VALUE		Login-Service		PortMaster		3
+VALUE		Login-Service		LAT			4
+VALUE		Login-Service		X.25-PAD		5
+VALUE		Login-Service		X.25-T3POS		6
+VALUE		Login-Service		TCP-Clear-Quiet		8
 
 #	Status Types
 
@@ -170,6 +229,7 @@ VALUE		Acct-Status-Type	Accounting-Off		8
 
 VALUE		Acct-Authentic		RADIUS			1
 VALUE		Acct-Authentic		Local			2
+VALUE		Acct-Authentic		Remote			3
 VALUE		Acct-Authentic		PowerLink128		100
 
 #	Termination Options
@@ -184,6 +244,17 @@ VALUE		NAS-Port-Type		Sync			1
 VALUE		NAS-Port-Type		ISDN			2
 VALUE		NAS-Port-Type		ISDN-V120		3
 VALUE		NAS-Port-Type		ISDN-V110		4
+VALUE		NAS-Port-Type		Virtual			5
+VALUE		NAS-Port-Type		PIAFS			6
+VALUE		NAS-Port-Type		HDLC-Clear-Channel	7
+VALUE		NAS-Port-Type		X.25			8
+VALUE		NAS-Port-Type		X.75			9
+VALUE		NAS-Port-Type		G.3-Fax			10
+VALUE		NAS-Port-Type		SDSL			11
+VALUE		NAS-Port-Type		ADSL-CAP		12
+VALUE		NAS-Port-Type		ADSL-DMT		13
+VALUE		NAS-Port-Type		IDSL			14
+VALUE		NAS-Port-Type		Ethernet		15
 
 #	Acct Terminate Causes, available in 3.3.2 and later
 

root/etc/logrotate.d/radiusd-sme

@@ -7,7 +7,7 @@
         delaycompress
         sharedscripts
         postrotate
-        	/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
+        	/usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true
         endscript
 }
 

root/sbin/e-smith/systemd/radiusd-configure

@@ -1,10 +1,7 @@
 #!/bin/sh
 
 # Ensure that PRNG is adequately seeded.
-[ -s /etc/raddb/certs/dh ] ||\
-  /usr/local/bin/envuidgid stunnel \
-      /usr/bin/openssl gendh > /etc/raddb/certs/dh
 [ -s /etc/raddb/certs/random ] ||\
-  /usr/local/bin/envuidgid stunnel \
+  /usr/bin/envuidgid stunnel \
       /bin/dd if=/dev/urandom of=/etc/raddb/certs/random bs=1k count=1
 

root/usr/lib/systemd/system/radiusd.service.d/50-koozali.conf

@@ -5,6 +5,7 @@ After=ldap.service
 ExecStartPre=
 ExecStartPre=/sbin/e-smith/service-status radiusd
 ExecStartPre=/sbin/e-smith/systemd/radiusd-configure
+ExecStartPre=/sbin/e-smith/expand-template /etc/raddb/certs/dh
 ExecStartPre=/sbin/e-smith/expand-template /etc/raddb/certs/radiusd.pem
 ExecStartPre=-/bin/chown -R radiusd.radiusd /var/run/radiusd
 ExecStartPre=/usr/sbin/radiusd -C

smeserver-radiusd.spec

@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - configure PPTP inbound VPN
 %define name smeserver-radiusd
 Name: %{name}
 %define version 11.0.0
-%define release 6
+%define release 11
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -17,6 +17,8 @@ Requires: smeserver-lib >= 1.15.1-16
 Requires: freeradius >= 2.1.12
 Requires: freeradius-ldap >= 2.1.12
 Requires: freeradius-client
+# daemontools bins in use 
+Requires: /usr/bin/envuidgid
 Obsoletes: radiusclient-ng <= 0.5.6
 Obsoletes: radiusclient <= 0.3.2
 BuildRequires: smeserver-devtools >= 1.13.1-03
@@ -28,6 +30,19 @@ Provides: e-smith-radiusd
 smeserver server and gateway - configure radius server
 
 %changelog
+* Tue Mar 18 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
+- handle dhparam via template [SME: 12964]
+
+* Sun Jan 26 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
+- prestart script requires daemontools bins [SME: 12566]
+
+* Tue Aug 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
+- fix new log does not fill after log rotate [SME: 12691]
+
+* Mon Apr 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
+- rewrite radiusd-configure [SME: 12624]
+- move forgotten templates [SME: 12623]
+
 * Sat Apr 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme
 - change path from radiusclient-ng to radiusclient [SME: 12526]
 - update tmpfiles.d [SME: 12584]
@@ -276,13 +291,6 @@ echo "%doc COPYING" >> %{name}-%{version}-%{release}-filelist
 %pre
 /sbin/e-smith/create-system-user stunnel %{stunnelid} \
     'chrooted stunnel user user' /var/log/stunnel/ssl /bin/false
-if [ $1 -gt 1 ] ; then
-  if [ -e /var/service/radiusd/run ] ; then
-        /usr/bin/sv d radiusd
-        /usr/bin/sv d radiusd/log
-  fi
-fi
-
 
 %clean 
 rm -rf $RPM_BUILD_ROOT