Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This article is

...

This article intended for JANET and GÉANT pilot participants, and it describes the upgrade from Trust Router 1v1.2 or 1v1.3 and FreeRADIUS 3v3.0.1 -3and v3.0.3, as there are some significant changes within FreeRADIUS.

Step-by-step guide

Upgrading Trust Router:

Upgrade the trust router as per your operating system instructions:

  1. On RHEL platforms, run yum update trust_router trust_router-libs
  2. On Debian platforms, run apt-get install moonshot-trust-router

 

Trust Router now ships with a System V init script. 

...

Code Block
languagebash
ipaddr="127.0.0.1"						# IP address that the TIDS is reachable on
hostname="trustrouter.host.name"			# The host name that the TIDS is known as
gssname="trustrouter@apc.moonshot.ja.net"	# The GSS service name for the TIDS APC
 
TIDS_USER="trustrouter"					# The user that the TIDS is running as
TIDS_GROUP="trustrouter"					# The group that the TIDS is running as 

...

Upgrading FreeRADIUS:

Upgrade FreeRADIUS as per your operating system instructions:

  1. On RHEL platforms, run yum update freeradius
  2. On Debian platforms, run apt-get install freeradius
  3. Repeat the command for any other FreeRADIUS modules that you use in your installation, such as the LDAP, KRB5 and SQLite modules, and install the ABFAB module to enable the trust router IDP and RP proxy.
  4. Do not start the server.

 

Several items in FreeRADIUS have been superceded:

Note
In the below instructions, /etc/raddb will be equivalent to /etc/freeradius on Debian platforms.
  1. Delete /etc/raddb/sites-enabled/chbind and /etc/raddb/sites-enabled/tls
  2. Delete /etc/raddb/mods-enabled/psk
  3. Edit /etc/sites-available/abfab-tr-idp and comment out the psk_authorize line in the authorize section. This will no longer be necessary once all pilot sites have upgraded to the same minimum version of FreeRADIUS that supports channel bindings.

  4. On the Moonshot IdP only, transfer the SAML assertion (as created per the Issue SAML Assertions section) from the post-auth section in /etc/raddb/sites-available/default into the post-auth section of /etc/raddb/sites-available/abfab-tr-idp.
  5. Start the server. It should start ok and continue to function as normal.

Content by Label
showLabelsfalse
max5
spacesWikiDev
sortmodified
showSpacefalse
reversetrue
typepage
labelsfreeradius trustrouter kb-how-to-article upgrade

 

These instructions apply to both Identity Providers and Relying Party Proxies.

Linux