====== Upgrade FreeRADIUS to 3.0.13 ======
===== Background =====
  * It came to our attention that the version of FreeRADIUS which is available on the **Personal Package Archive (PPA)** repository has the following bug: http://lists.freeradius.org/pipermail/freeradius-users/2016-October/085317.html
  * Please follow these instructions either when you do a clean install of a RADIUSdesk system, or if you have an existing server that needs to be upgraded.

===== Upgrade instructions =====

<code bash>

# Stop the current isntance of FreeRADIUS is there might be one running
sudo systemctl stop freeradius.service

#Check out the FreeRADIUS packages from the RADIUSdesk source tree using SVN

#If you have a 64 bit system
svn checkout https://svn.code.sf.net/p/radiusdesk/code/tags/FreeRADIUS/amd64  
#If you have a 32 bit system
svn checkout https://svn.code.sf.net/p/radiusdesk/code/tags/FreeRADIUS/i386

#If you have a 64 bit system
cd amd64
#If you have a 32 bit system
cd i386

#Install all the packages
sudo dpkg -i *.deb

#Just hit the **Enter** key each time it asks a question about aoverriding an existing file. 
#That will choose the default and keep the current one.

#Next we will replace the current configuration
cd /etc
sudo mv freeradius freeradius.bakup

#Copy the RADIUSdesk specific one
sudo cp /usr/share/nginx/html/cake2/rd_cake/Setup/Radius/freeradius-3-radiusdesk.tar.gz /etc/

cd /etc
#Extract it
sudo tar -xzvf freeradius-3-radiusdesk.tar.gz


</code>

==== Do the following to further configure FreeRADIUS 3.x to work with RADIUSdesk ====

  * Configure the site wide shared secret. This will be the value used by <wrap em>ALL</wrap> Dynamic Clients.
<code bash>
sudo vi /etc/freeradius/sites-enabled/dynamic-clients
</code>
  * Look for this part in the file and change **FreeRADIUS-Client-Secret** to the value you choose to use.
<code bash>
#  Echo the IP address of the client.
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"

# require_message_authenticator
FreeRADIUS-Client-Require-MA = no

# secret
FreeRADIUS-Client-Secret = "testing123"

# shortname
FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"

</code>
  * Comment out the following two lines in the systemd service file
<code bash>
sudo vi /lib/systemd/system/freeradius.service
</code>
  * See this sample to see which two lines to comment out. Failing to do this will result in a broken system with FreeRADIUS not starting up during boot
<code bash>
[Unit]
Description=FreeRADIUS multi-protocol policy server
After=syslog.target network.target
Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ http://networkradius.com/doc/

[Service]
Type=forking
PIDFile=/run/freeradius/freeradius.pid
#EnvironmentFile=-/etc/default/freeradius
#ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cxm -lstdout
ExecStart=/usr/sbin/freeradius $FREERADIUS_OPTIONS
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

</code>
  * After you completed these commands you can test if FreeRADIUS starts up fine.
<code bash>
sudo systemctl daemon-reload 
sudo systemctl restart freeradius.service
sudo systemctl status freeradius.service
</code>

<WRAP center round tip 100%>
  * If in future you need to run FreeRADIUS in debug mode on the terminal use this as a reference:
<code bash>
#Stop the current FreeRADIUS instance
sudo systemctl stop freeradius.service
#If it is perhaps stuck use killall
sudo killall freeradius
#Start it in debug mode
sudo freeradius -X
</code>
</WRAP>