7.8. How to properly modify Radius configuration files

Sometimes it is necessary to make modifications to the radius configuration files to adapt the behavior of the module to the needs of the environment.

It is important to identify which files we are modifying and make these modifications following the process defined here to avoid problems in the future.

During the update of the OpenNAC servers, when the new packages with the new radius files are installed, they overwrite the current ones and so the changes we have made may be lost if this process has not been followed.

The files that are affected by the updates and require following this procedure so that they are not lost are:

  • All opennac files (*_opennac) within /etc/raddb/mods-available/

  • The file /etc/raddb/policy.d/opennac

  • The file /etc/raddb/mods-config/queries_opennac.conf (This file should not be modified)

Note

The /etc/raddb/sites-available/default and /etc/raddb/sites-available/inner-tunnel files will not be overwritten during updates. So, any modification will be preserved and there is no need to create new files.

Note

If at any time this procedure was not carried out and when updating you have lost your files, there are options to recover the files. It is possible that your original file was saved as a copy with the extension “.rpmsave” during the update process so you could recover it. Another option would be to check the server backup to recover the files (ON Core Restore). In both cases, once the files are recovered, make sure to carry out the correct procedure so that they are not lost again in future updates.

7.8.1. Radius module files modification process

The correct procedure to modify the files corresponding to mods-available (mods-enabled):

  1. Create a copy of the file to be modified with another name:

cp -ipr /etc/raddb/mods-available/opennac /etc/raddb/mods-available/opennac_custom

  1. Apply the relevant modifications to the new file:

vim /etc/raddb/mods-available/opennac_custom

  1. Re-make the mods-enabled link to point to the new file:

ln -s /etc/raddb/mods-available/opennac_custom /etc/raddb/mods-enabled/opennac

Since the enabled module is now “opennac_custom”, it will not be affected in the update process.

7.8.2. Radius policy files modification process

If at any time we want to create a new policy to use in radius, we will have to follow the following process:

  1. Create a new policy file with a name different from the existing ones:

vim /etc/raddb/policy.d/opennac_custom

  1. In this new file we must create the new policies.

At this point, the new policy file will not be affected in the update process unlike the default files, which will be overwritten.