updated.

DC-SLES-freeradius-setup-server

@@ -0,0 +1,18 @@
+# This file originates from the project https://github.com/openSUSE/doc-kit
+# This file can be edited downstream.
+
+## Basics
+MAIN="freeradius-setup-server.asm.xml"
+SRC_DIR="articles"
+IMG_SRC_DIR="images"
+
+## Profiling
+PROFOS="sles"
+PROFCONDITION="16.0"
+#PROFARCH="x86_64;zseries;power;aarch64"
+
+DOCBOOK5_RNG_URI="urn:x-suse:rng:v2:geekodoc-flat"
+
+## stylesheet location
+STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns"
+FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2021-ns"

DC-SLES-freeradius-setup-server.xml

@@ -0,0 +1,18 @@
+# This file originates from the project https://github.com/openSUSE/doc-kit
+# This file can be edited downstream.
+
+## Basics
+MAIN="freeradius-setup-server.asm.xml"
+SRC_DIR="articles"
+IMG_SRC_DIR="images"
+
+## Profiling
+PROFOS="sles"
+PROFCONDITION="16.0"
+#PROFARCH="x86_64;zseries;power;aarch64"
+
+DOCBOOK5_RNG_URI="urn:x-suse:rng:v2:geekodoc-flat"
+
+## stylesheet location
+STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns"
+FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2021-ns"

articles/freeradius-setup-server.asm.xml

@@ -74,7 +74,7 @@
      <!-- <subtitle>Subtitle if necessary</subtitle>-->
       <!-- Create changelog to enable versioning; add most recent entries at the top. -->
       <revhistory xml:id="rh-freeradius-server">
-        <revision><date>2023-09-11</date>
+        <revision><date>2025-12-05</date>
           <revdescription>
             <para>
               Initial version
@@ -106,7 +106,7 @@
         <phrase>&power;</phrase>
       </meta>
       <meta name="productname" its:translate="no">
-        <productname version="15 SP6">&sles;</productname>
+        <productname version="16.0" os="sles;sles4sap">&productname;</productname> 
       </meta>
       <meta name="title" its:translate="yes">Set up a FreeRADIUS Server</meta>
       <meta name="description" its:translate="yes">An overview of setting up FreeRADIUS server.</meta>
@@ -147,7 +147,7 @@
           <term>EFFORT</term>
             <listitem>
               <para>
-                 It takes 15 minutes to install and configure FreeRADIUS. You need up to an hour to fully understand the FreeRADIUS architecture and functionality.
+                 It takes 15 minutes to install and configure FreeRADIUS. You need up to 30 minutes to fully understand the FreeRADIUS architecture and functionality.
               </para>
             </listitem>
         </varlistentry>
@@ -160,7 +160,10 @@
             </listitem>
         </varlistentry><varlistentry>
           <term>REQUIREMENTS</term>
-           <listitem><itemizedlist><listitem><para>A virtual machine or instance to install FreeRADIUS.</para></listitem> <listitem><para>Another virtual machine on your network to test client functions.</para></listitem></itemizedlist>
+           <listitem><itemizedlist>
+            <listitem><para>A virtual machine or instance to install FreeRADIUS.</para></listitem> 
+            <listitem><para>Another virtual machine on your network to test client functions.</para></listitem>
+          </itemizedlist>
             </listitem>
         </varlistentry>
       </variablelist>

concepts/freeradius-setup-server-concept.xml

@@ -13,7 +13,7 @@
        xmlns:xlink="http://www.w3.org/1999/xlink"
        xmlns:trans="http://docbook.org/ns/transclusion">
   <info>
-    <title>The FreeRADIUS concept</title>
+    <title>About FreeRADIUS</title>
     <meta name="maintainer" content="[email protected]" its:translate="no"/>
     <abstract>
       <para>

concepts/freeradius-setup-server-troubleshooting.xml

@@ -26,9 +26,9 @@
         <para>
           Check if FreeRADIUS is running.
         </para>
-        <screen>systemctl status freeradius </screen>
+        <screen>&prompt.sudo; systemctl status freeradius </screen>
         <para>If FreeRADIUS is not running, start FreeRADIUS.</para>
-        <screen>systemctl start freeradius </screen><para>If a FreeRADIUS server is already running, an error <literal>Address already in use </literal> appears. Stop that server before running the server in debugging mode.</para>
+        <screen>&prompt.sudo; systemctl start freeradius </screen><para>If a FreeRADIUS server is already running, an error <literal>Address already in use </literal> appears. Stop that server before running the server in debugging mode.</para>
         <para>If the server does not start, verify the output. The output includes the details about the errors. You can direct the output to a text file with <command>tee:</command>
         </para><screen>radiusd -X | tee radiusd.text</screen>
       </listitem>
@@ -54,6 +54,5 @@
         </para>
       </listitem>
       </itemizedlist>
-    <para>When you are satisfied with your testing and ready to create a production configuration, remove all the test certificates in <filename>/etc/raddb/certs</filename> and replace them with your own certificates, comment out all the test users and clients, and stop radiusd by pressing <keycombo><keycap function="control"/><keycap>C</keycap></keycombo>. Manage the radiusd.service with systemctl, just like any other service.</para>
   </topic>
 

tasks/freeradius-setting-up-server.xml

@@ -125,7 +125,7 @@ Ready to process requests
     your server has started correctly. If it does not start, read the
     output carefully because it tells you what went wrong. You may direct
     the output to a text file with <command>tee</command>:
-   </para> <screen>&prompt.user;<command>radiusd -X | tee radiusd.text</command></screen>
+   </para> <screen>&prompt.user;radiusd -X | tee radiusd.text</screen>
     </step>
     <step>
     <para>
@@ -152,7 +152,7 @@ Reply-Message := "Hello, %{User-Name}" </screen>
         unprivileged user use the <command>radtest</command> command to log
         in as bob:
     </para>
-    <screen>&prompt.user;<command>radtest bob hello 127.0.0.1 0 testing123</command>
+    <screen>&prompt.user;radtest bob hello 127.0.0.1 0 testing123
 Sent Access-Request Id 241 from 0.0.0.0:35234 to 127.0.0.1:1812 length 73
         User-Name = "bob"
         User-Password = "hello"
@@ -200,7 +200,7 @@ Waking up in 4.9 seconds.
       is better to use the IP address of the RADIUS server rather than the
       hostname because it is faster:
     </para>
-    <screen>&prompt.user;<command>radtest bob hello &wsIip; 0 testing123-1</command></screen>
+    <screen>&prompt.user;radtest bob hello &wsIip; 0 testing123-1</screen>
    </step>
    </procedure>
    <para>

tasks/freeradius-setup-server-add-client-user.xml

@@ -16,55 +16,41 @@
  xmlns:xlink="http://www.w3.org/1999/xlink"
  xmlns:trans="http://docbook.org/ns/transclusion">
   <info>
-    <title>Adding a test client with a user on the server</title><!-- can be changed via merge
+    <title>Adding a test client and a user on the server</title><!-- can be changed via merge
 in the assembly -->
     <!-- add author's e-mail -->
     <meta name="maintainer" content="[email protected]" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-        You can add a client and a user to test authentication for the FreeRADIUS server. The client is a client of the RADIUS server, such as a wireless access point or switch. The users are added in the user configuration file and the clients are added in the client configuration file. These configuration files are stored on the server where FreeRADIUS is installed.
-      </para>
-      <para>The machines that can use the devices of the FreeRADIUS server are defined in the <filename>client.conf</filename> file.</para>
+        You can add a client and a user to test authentication for the FreeRADIUS server. The client is a client of the RADIUS server, such as a wireless access point or switch. The users are added in the <filename>/etc/raddb/users</filename> configuration file.</para>
+      <para>The machines that can use the devices of the FreeRADIUS server are defined in the <filename>/etc/raddb/clients.conf</filename> file. These configuration files are stored on the server where FreeRADIUS is installed.</para>
     </abstract>
   </info>
   <procedure xml:id="add-client-user"><title>Configuring users and clients</title>
     <para>Add the machines that can use the devices of the FreeRADIUS server and the users by using the following example:</para>
     <step><para>Configure users in the authorization file, <filename>/etc/raddb/mods-config/files/authorize</filename>.</para>
-    <para>To do this, open <filename>/etc/raddb/mods-config/files/authorize</filename> and uncomment the following lines:</para>
-  <screen>bob   Cleartext-Password := "hello"
-    Reply-Message := "Hello, %{User-Name}"
-
-  "john" Cleartext-Password := "newpassword"
-    Service-Type = New-User,
-    Framed-IP-Address = 190.155.2.50</screen></step>
+    <para>To do this, open <filename>/etc/raddb/mods-config/files/authorize</filename> and add the following lines:</para>
+  <screen>bob Cleartext-Password := "testpass"
+    Reply-Message := "Hello, %{User-Name}"</screen></step>
   <step>
-    <para>Add a test client and user to test the authentication in <filename>/etc/raddb/client.conf</filename>.</para>
-    <screen>vi /etc/raddb/client.conf</screen>
-    <para>A test client, localhost, is provided in <filename>/etc/raddb/client.conf</filename>, with the secret <literal>testing123</literal>.</para>
-    <screen>client private-networks {
-      ipaddr          = 190.1.0/22
-      secret          = testingabc-1
-      }
-      client common-network {
-        ipaddr          = 191.1.0/27
-        secret          = testingxyz
-        }
-    </screen> 
+    <para>Add a test client and user to test the authentication in <filename>/etc/raddb/clients.conf</filename>.</para>
+    <screen>&prompt.sudo; vi /etc/raddb/clients.conf</screen>
+    <para>Add a test client, <literal>localhost</literal>, in <filename>/etc/raddb/clients.conf</filename>, with the secret <literal>testing123</literal>.</para>
+    <screen>client localhost {
+    ipaddr = 127.0.0.1
+    secret = testing123
+    }
+</screen> 
   </step><step>
-<para>Add clients of the RADIUS server, such as a wireless access point, network switch, or another form of NAS.</para>
-<para>Create a client configuration on your server by using the following example.</para>
-<para>Uncomment the following entry in <filename>/etc/raddb/client.conf</filename> and use the IP address of your test client machine or access gateway instead of the given IP address.</para>
+<para>You can add clients of the RADIUS server, such as a wireless access point, network switch, or another form of NAS.</para>
+<para>If your RADIUS server is on a remote machine <filename>192.0.2.0</filename>Create a client configuration on your server by using the following example.</para>
+<para>Add the following entry in <filename>/etc/raddb/clients.conf</filename> and use the IP address of your test client machine or access gateway instead of the given IP address.</para>
 <screen>client private-network-1 {
 ipaddr          = 192.0.2.0/24
 secret          = testing123-1
 }</screen>
-<para>You must also configure the client to talk to the RADIUS server by using the IP address of the machine running the RADIUS server. The client must use the same secret as configured above in the client section.</para>
-</step>
-<step>
-<para>On the client machine, install <command>freeradius-server-utils</command>. </para>
-<screen>&prompt.sudo;sudo zypper install freeradius-server and freeradius-server-utils</screen>
+<para>You must configure the client to talk to the RADIUS server by using the IP address of the machine running the RADIUS server. The client must use the same secret as configured above in the client section.</para>
 </step>
  </procedure>
- <para>You can now add more users and configure databases. </para>
-  <para>Run one more login test from a different computer on your network. </para>
+ <para>You can add more users and configure database.</para>
 </topic>

tasks/freeradius-setup-server-add-clients.xml

@@ -42,7 +42,6 @@ in the assembly -->
     <step><para>Log in from the client as bob, using the <command>radtest</command> command.</para> 
       <para>The following example users the IP address of the RADIUS server instead of the hostname as it is faster.</para>
       <screen>&prompt.user; radtest bob hello 192.168.2.100 0 testing123-1</screen>
-      <para>If the client connection test fails, refer <xref linkend="_freeradius-troubleshooting"></xref>.</para>
     </step>
    </procedure>
 </topic>

tasks/freeradius-setup-server-create-test-certificates.xml

@@ -23,7 +23,7 @@ in the assembly -->
     <abstract><!-- can be changed via merge in the assembly -->
       <para>Certificates enable secure communication between the FreeRADIUS clients and the FreeRADIUS server.</para>
       <para>
-        To allow access to the server, certificate authentication is required. To test the authentication using FreeRADIUS, you can create test certificates. The following example shows how to create test certificates to test FreeRADIUS. Ensure that you remove the test certificates and use the correct certificates after testing FreeRADIUS.</para>
+        To allow access to the server, certificate authentication is required. To test the authentication using FreeRADIUS, you can create test certificates. The following example shows how to create test certificates to test FreeRADIUS. Ensure that you remove the test certificates created for testing and use the correct certificates after testing FreeRADIUS.</para>
       <note><para>The test certificates created are not suitable for production use.</para></note>
     </abstract>
   </info>

tasks/freeradius-setup-server-installing-server.xml

@@ -22,10 +22,18 @@ in the assembly -->
     <meta name="maintainer" content="[email protected]" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-        The following example shows how to install a FreeRADIUS server. Ensure that you install the <literal>freeradius-server</literal> and <literal>freeradius-server-utils</literal> packages on a separate machine from your Network Access Server (NAS).
+        Ensure that you install the <literal>freeradius-server</literal> and <literal>freeradius-server-utils</literal> packages on a separate machine from your Network Access Server (NAS).
       </para>
     </abstract>
   </info>
    <para>Install <literal>freeradius-server</literal> and <literal>freeradius-server-utils</literal>.</para>
-   <screen>&prompt.sudo; sudo zypper install freeradius-server and freeradius-server-utils</screen>
+   <screen>&prompt.sudo; zypper install freeradius-server freeradius-server-utils</screen>
+   <para>In the main FreeRADIUS configuration directory, <filename>/etc/raddb/</filename>, various files are directories are created. The key files are:</para>
+   <itemizedlist><listitem><para><filename>radiusd.conf</filename>, the main configuration file that includes clients, modules, and sites and this controls the logging, security, and threading.</para></listitem>
+  <listitem><para><filename>clients.conf</filename> defines the RADIUS clients and the IP and shared secret are saved in this file.</para></listitem>
+<listitem><para><filename>users</filename> or <filename>mods-config/files/authorize</filename> contains the list of users.</para></listitem>
+<listitem><para><filename>sites-available</filename> defines how requests are processed and this contains the authentication flow.</para></listitem>
+<listitem><para><filename>mods-enabled</filename> contains symnlinks and FREERADIUS loads only the modules available in this directory.</para></listitem>
+<listitem><para><filename>/etc/raddb/certs/</filename> contains TLS certificates for EAP, PEAP, TTLS and includes <filename>ca.pem</filename>, <filename>server.pem</filename>, <filename>server.key</filename>, <filename>client.pem</filename>.</para></listitem>
+</itemizedlist>
  </topic>

tasks/freeradius-setup-server-start-freeradius.xml

@@ -22,8 +22,7 @@ in the assembly -->
     <meta name="maintainer" content="[email protected]" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-        After adding client and user, you must start the FreeRADIUS daemon.
-      </para>
+        After adding client and user, you must start the FreeRADIUS daemon.</para>
     </abstract>
   </info>
   <procedure xml:id="start-freeradius"><title>Starting the FreeRADIUS daemon</title>

tasks/freeradius-setup-server-start-server.xml

@@ -22,16 +22,11 @@ in the assembly -->
     <meta name="maintainer" content="[email protected]" its:translate="no"/>
     <abstract><!-- can be changed via merge in the assembly -->
       <para>
-        You must start FreeRADIUS on the server after installation.
-      </para>
+        You must start FreeRADIUS on the server after installation.</para>
     </abstract>
   </info>  
   <procedure xml:id="freeradius-setup-server-start-freeradius-server"><title>Starting FreeRADIUS</title>
-    <para>After the bootstrap is complete, start the server in debugging mode as a <literal>root</literal> user.</para>
-  <step>
-    <para>To do this, run the following command:</para>
-  <note><para>Start the FreeRADIUS server in debugging mode only for testing. Other than for testing, use <command>sudo systemctl start freeradius</command></para></note>
-
+    <step><para>For testing purpose, after creating certificates, start the server in debugging mode as a <literal>root</literal> user.</para>
     <screen>&prompt.sudo; radiusd -X
       [...]
       Listening on auth address * port 1812 bound to server default
@@ -42,7 +37,11 @@ in the assembly -->
       Listening on proxy address * port 54435
       Listening on proxy address :: port 58415
       Ready to process requests</screen>
+
+    </step>
+  <step><para>For production, start the server after installing:</para>
+  <screen>&prompt.sudo; systemctl start freeradius</screen>
       <para>The <literal>Listening</literal> and <literal>Ready to process requests</literal> appear when the server starts correctly.</para>
-  </step>
+   </step>
  </procedure>
 </topic>

tasks/freeradius-setup-server-test-authentication.xml

@@ -30,7 +30,7 @@ in the assembly -->
     <para>Test the authentication for the newly added user using the following example:</para>
     <step>
       <para>Open a new terminal, and as an unprivileged user, use the <command>radtest</command> command to log in as the newly added user <literal>bob</literal>.</para>
-      <screen>&prompt.user; radtest bob hello 127.0.0.1 0 testing123
+      <screen>&prompt.user; radtest testuser hello 127.0.0.1 0 testing123
         Sent Access-Request Id 241 from 0.0.0.0:35234 to 127.0.0.1:1812 length 73
                 User-Name = "bob"
                 User-Password = "hello"
@@ -53,4 +53,5 @@ in the assembly -->
           <para>The access request is successful and the authentication methods PAP, CHAP, MS-CHAPv1, MS-CHAPv2, PEAP, EAP-TTLS, EAP-GTC, EAP-MD5  work for the user <literal>bob</literal>.</para>
         </step>
         </procedure>
+        <para>When you are satisfied with your testing and ready to create a production configuration, remove all the test certificates in <filename>/etc/raddb/certs</filename> and replace them with your own certificates, comment out all the test users and clients, and stop radiusd by pressing <keycombo><keycap function="control"/><keycap>C</keycap></keycombo>. Manage the <filename>radiusd.service</filename> with systemctl, just like any other service.</para>
 </topic>