marc-casavant
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc/all.mk‎
Lines changed: 14 additions & 0 deletions b/‎doc/all.mk‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎doc/antora/modules/ROOT/pages/bestpractices.adoc‎
Lines changed: 11 additions & 11 deletions b/‎doc/antora/modules/ROOT/pages/bestpractices.adoc‎
Lines changed: 11 additions & 11 deletions
diff --git a/‎doc/antora/modules/ROOT/pages/directories.adoc‎
Lines changed: 1 addition & 1 deletion b/‎doc/antora/modules/ROOT/pages/directories.adoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc/antora/modules/ROOT/pages/faq.adoc‎
Lines changed: 1 addition & 1 deletion b/‎doc/antora/modules/ROOT/pages/faq.adoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc/antora/modules/ROOT/pages/getstarted.adoc‎
Lines changed: 1 addition & 1 deletion b/‎doc/antora/modules/ROOT/pages/getstarted.adoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc/antora/modules/ROOT/pages/index.adoc‎
Lines changed: 1 addition & 1 deletion b/‎doc/antora/modules/ROOT/pages/index.adoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎doc/antora/modules/concepts/pages/aaa/aaa.adoc‎
Lines changed: 3 additions & 3 deletions b/‎doc/antora/modules/concepts/pages/aaa/aaa.adoc‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎doc/antora/modules/concepts/pages/aaa/authn.adoc‎
Lines changed: 2 additions & 2 deletions b/‎doc/antora/modules/concepts/pages/aaa/authn.adoc‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎doc/antora/modules/concepts/pages/aaa/authz.adoc‎
Lines changed: 7 additions & 7 deletions b/‎doc/antora/modules/concepts/pages/aaa/authz.adoc‎
Lines changed: 7 additions & 7 deletions
@@ -92,7 +92,7 @@ Do NOT post the configuration files to the mailing list.  They're not
 useful.  Instead, post the output of `radiusd -X`.  We really cannot
 emphasize that enough.
 
-DO post a clear description ofwhat the problem is.  Empty questions
+DO post a clear description of what the problem is.  Empty questions
 will not make you friends.  e.g. "I changed things and now it doesn't
 work.  What do I do to fix it?"
 
 
@@ -268,6 +268,20 @@ doc/man/%.1: doc/man/%.adoc
 asciidoc: $(ADOC_FILES)
 docsite: build/docsite/sitemap.xml
 
+#
+#  OSX: pcregrep --color
+#  Linux: grep --color='auto' -P -n
+#
+
+.PHONY: doc.ascii
+doc.ascii:
+	@pcregrep --color  '[\x80-\xFF]'  $$(find doc/antora -name "*.adoc" -print)
+
+.PHONY: doc.fixascii
+doc.fixascii:
+	@perl -p -i -e "s,‘,',g;s,’,',g;s,–,-,g;s,—,-,g;s, , ,g;s:…:,:g;s,“,\",g;s,”,\",g;s,≤,<=,g;s,≥,>=,g;s,→,->,g" $$(find doc/antora -name "*.adoc" -print)
+
+
 doc: build/docsite/sitemap.xml
 
 # end of WITH_DOC
 
@@ -1,34 +1,34 @@
 = Best Practices
 
 == Not properly resourcing your RADIUS infrastructure
-We’ve said it once, we’ll say it again:
+We've said it once, we'll say it again:
 
 RADIUS is a key component of your critical infrastructure. You should treat it that way.
 
 We often see RADIUS on hardware (or VM) that is also running many other things. Put bluntly, this is a bad idea. Putting other components on your RADIUS box increases the risk of library collisions and incompatibilities, and can starve RADIUS of system resources.
 
 We recommend running RADIUS in a VM, by itself where it uses 5-10% CPU capacity in everyday operations.
 
-Some system administrators consider this wasteful, because there is so much idle CPU time. That’s when they start installing other components onto their RADIUS system.
+Some system administrators consider this wasteful, because there is so much idle CPU time. That's when they start installing other components onto their RADIUS system.
 
-When everything is running well, loading up your RADIUS machine with other components will not cause any problems. But if there is one thing we know for sure, it’s that everything won’t run well all the time. It is good system administration practice to plan for the worst case scenario. If your network goes down for any reason, (and it will), you will desperately need that extra CPU capacity when all your users try to log back onto your network. If you don’t have those reserve CPU resources available, you can end up with a cascading series of failures that becomes difficult to recover from as users overwhelm your system.
+When everything is running well, loading up your RADIUS machine with other components will not cause any problems. But if there is one thing we know for sure, it's that everything won't run well all the time. It is good system administration practice to plan for the worst case scenario. If your network goes down for any reason, (and it will), you will desperately need that extra CPU capacity when all your users try to log back onto your network. If you don't have those reserve CPU resources available, you can end up with a cascading series of failures that becomes difficult to recover from as users overwhelm your system.
 
 == Setup your RADIUS server in a VM
 The primary benefit of running RADIUS inside a Virtual Machine (VM) is that it makes recovering from problems almost trivial. If you take regular snapshots of your VM (which you should), the cost of recovering from a problem is as simple as reverting back to a previous snapshot.
 
-As we’ve already mentioned, it is a certainty that your systems will encounter some kind of problem at some point. For example: after a system update, or a library update, or if a file becomes corrupted. When RADIUS is not run in a VM, it can take hours or even days to find the problem and fix it. If you do run RADIUS in a VM however, it will take minutes to revert to your previous snapshot.
+As we've already mentioned, it is a certainty that your systems will encounter some kind of problem at some point. For example: after a system update, or a library update, or if a file becomes corrupted. When RADIUS is not run in a VM, it can take hours or even days to find the problem and fix it. If you do run RADIUS in a VM however, it will take minutes to revert to your previous snapshot.
 
 == Enable automatic updates
-Updates are not in themselves a bad thing, you just shouldn’t do them automatically. If you run your RADIUS server in a VM (which you should), you should take a snapshot of your VM before installing the update. If the only thing running on your VM is your RADIUS server (see point #1) taking a snapshot shouldn’t take more than a couple of minutes. After you’ve taken the snapshot and installed the update, you can recover from any unexpected issues by quickly reverting back to your previous image.
+Updates are not in themselves a bad thing, you just shouldn't do them automatically. If you run your RADIUS server in a VM (which you should), you should take a snapshot of your VM before installing the update. If the only thing running on your VM is your RADIUS server (see point #1) taking a snapshot shouldn't take more than a couple of minutes. After you've taken the snapshot and installed the update, you can recover from any unexpected issues by quickly reverting back to your previous image.
 
 == Reboot after an OS update
-Rebooting after an OS update is simply good system administration hygiene, but we’ve seen this issue often enough that we realize it might not be common knowledge.
+Rebooting after an OS update is simply good system administration hygiene, but we've seen this issue often enough that we realize it might not be common knowledge.
 
-When you update your operating system, the update isn’t actually “complete” until you have restarted your system.
+When you update your operating system, the update isn't actually "complete" until you have restarted your system.
 
-We have encountered situations where an administrator performed a system update, and didn’t reboot until weeks or months later. If the update caused any problems, it can be extremely difficult to track down when you’ve forgotten about the update. We realize that nobody likes to reboot their system, and it never seems like there is a good time to do it. But you should do it anyways.
+We have encountered situations where an administrator performed a system update, and didn't reboot until weeks or months later. If the update caused any problems, it can be extremely difficult to track down when you've forgotten about the update. We realize that nobody likes to reboot their system, and it never seems like there is a good time to do it. But you should do it anyways.
 
-== Store your RADIUS logs “off-box”
+== Store your RADIUS logs "off-box"
 In keeping with our philosophy of designing for the worst case scenario, we recommend that all log files should be stored in different hardware than your RADIUS server. Keeping logs and server separate makes it much easier to recover from errors. If something catastrophic happens to your RADIUS server, you will still have your logs to help you diagnose the problem and recover. By distributing the potential points of failure, your overall system becomes more resilient to problems.
 
 == Setup your database on separate hardware
@@ -47,10 +47,10 @@ The risk of clashes between libraries and dependencies is greatly reduced.
 == Export database backups regularly
 Optimism is not the most helpful system administrator trait.
 
-It is extremely likely that at some point, your database will encounter a problem. Perhaps because of a new library update, or because someone accidentally typed the wrong thing and deleted all your records. When this happens (and it will), a backup of your database will make recovery trivial. If you don’t have a backup, it can be almost impossible to recover from a catastrophic failure.
+It is extremely likely that at some point, your database will encounter a problem. Perhaps because of a new library update, or because someone accidentally typed the wrong thing and deleted all your records. When this happens (and it will), a backup of your database will make recovery trivial. If you don't have a backup, it can be almost impossible to recover from a catastrophic failure.
 
 == Minimize the admin queries against your production database
-We often see clients running into problems when they run complex billing queries against the “live” production database. These queries can be very long lived and resource intensive, which make the database stop responding to FreeRADIUS. This outage can result in “unresponsive child” error messages in the FreeRADIUS logs.
+We often see clients running into problems when they run complex billing queries against the "live" production database. These queries can be very long lived and resource intensive, which make the database stop responding to FreeRADIUS. This outage can result in "unresponsive child" error messages in the FreeRADIUS logs.
 
 If your system design includes a secondary database which is synchronized with the primary one, all complex queries should be run against the secondary database. If you only have a single primary database, we recommend exporting the data to a backup system and running the complex queries on the backup.
 
 
@@ -12,7 +12,7 @@ The directories in the server source are laid out as follows:
 | `doc/developers/`   | Developer documentation for internal APIs
 | `doc/unlang/`       | The unlang processing language.
 | `doc/upgrade/`      | How to upgrade from version 3 to version 4.
-| `doc/rfc/`          | Copies of the RFC’s. If you have Perl, do a `make` in
+| `doc/rfc/`          | Copies of the RFC's. If you have Perl, do a `make` in
                         that directory, and look at the HTML output.
 | `doc/antora/`       | Metadata and documentation source files to build
                         an Antora based documentation site.
 
@@ -10,7 +10,7 @@ Read this FAQ before posting questions to the mailing lists as your question may
 
 == FreeRADIUS Overview
 
-FreeRADIUS is the worlds leading RADIUS server used by Internet Service Providers (ISPs), cellular providers, and corporate and educational networks.  RADIUS, which stands for “Remote Authentication Dial In User Service”, is a network protocol used to manage network access using xref:concepts:protocol/authproto.adoc[Authentication, authorisation and Accounting] processes.
+FreeRADIUS is the worlds leading RADIUS server used by Internet Service Providers (ISPs), cellular providers, and corporate and educational networks.  RADIUS, which stands for "Remote Authentication Dial In User Service", is a network protocol used to manage network access using xref:concepts:protocol/authproto.adoc[Authentication, authorisation and Accounting] processes.
 
 FreeRADIUS is developed by a group of people who call themselves "The FreeRADIUS Project" and is sponsored by https://www.inkbridgenetworks.com/[InkBridge Networks].
 
 
@@ -1,6 +1,6 @@
 = Getting Started
 
-To begin with FreeRADIUS, install it on your system and configure a basic setup with a test user and client. Next, test the server’s functionality in debug mode (`radiusd -X`). This process includes editing the client and users files to add a test user and client.
+To begin with FreeRADIUS, install it on your system and configure a basic setup with a test user and client. Next, test the server's functionality in debug mode (`radiusd -X`). This process includes editing the client and users files to add a test user and client.
 
 == Get the source
 
 
@@ -19,7 +19,7 @@ modular, high-performance server that's deployed in VPNs, Wi-Fi, and
 enterprise networks.
 
 The default settings are sufficient for a simple install and basic
-functionality. The software’s flexibility presents challenges when
+functionality. The software's flexibility presents challenges when
 configuring it for advanced or specialized environments. There are
 many options and customisations for the FreeRADIUS
 server. Administrators must decide how and what settings to change,
 
@@ -23,11 +23,11 @@ RADIUS server there are additional steps.
 
 The following analogy illustrates the difference between Authentication and Authorization:
 
-Imagine you are driving a car and you are stopped by a police officer. The officer asks you to provide a piece of identification to identify yourself. You could, for example, use your passport, driver’s license, or ID card to prove or *authenticate* who you are. In terms of the RADIUS protocol, the authentication process identifies the user as someone who is allowed to access the network.
+Imagine you are driving a car and you are stopped by a police officer. The officer asks you to provide a piece of identification to identify yourself. You could, for example, use your passport, driver's license, or ID card to prove or *authenticate* who you are. In terms of the RADIUS protocol, the authentication process identifies the user as someone who is allowed to access the network.
 
-The police officer may also ask you to prove that you are authorized to drive. In this case, there is only one document - a driver’s license - that proves that you are permitted or *authorized* to drive a car.
+The police officer may also ask you to prove that you are authorized to drive. In this case, there is only one document - a driver's license - that proves that you are permitted or *authorized* to drive a car.
 
-The authorization process combines the policy on the RADIUS server and the information in the request from the NAS. The NAS may add additional information to the request, such as the user’s Media Access Control (MAC) address. The NAS sends the information to the RADIUS server, where an authorization decision is made.
+The authorization process combines the policy on the RADIUS server and the information in the request from the NAS. The NAS may add additional information to the request, such as the user's Media Access Control (MAC) address. The NAS sends the information to the RADIUS server, where an authorization decision is made.
 
 // Copyright (C) 2025 Network RADIUS SAS.  Licenced under CC-by-NC 4.0.
 // This documentation was developed by Network RADIUS SAS.
@@ -5,9 +5,9 @@ the credentials do not match, authentication fails, and network access is denied
 
 Authentication can also fail if user credentials are entered incorrectly. For example, a site policy may allow a user network access from an on-site location using a cleartext password. However, if the same password is entered by the user from a remote location, access may be denied.
 
-An ISP can also choose to deny network access to authenticated users if the users’ account is suspended. As well, an administrator can permit limited network access to unknown users. For example, an administrator provides access to an area where the user can purchase additional network connectivity. This last example is most often seen in for-pay WiFi hotspots.
+An ISP can also choose to deny network access to authenticated users if the users' account is suspended. As well, an administrator can permit limited network access to unknown users. For example, an administrator provides access to an area where the user can purchase additional network connectivity. This last example is most often seen in for-pay WiFi hotspots.
 
-Authentication is simply a process of comparing a user’s credentials in a request with the "known good" credentials retrieved from a database. Authentication usually deals with password encryption. The modules `pap`, `chap`, `mschap`, etc., do the authentication.
+Authentication is simply a process of comparing a user's credentials in a request with the "known good" credentials retrieved from a database. Authentication usually deals with password encryption. The modules `pap`, `chap`, `mschap`, etc., do the authentication.
 
 Some modules do both authentication and limited authorization. For
 example, the `mschap` module authenticates MS-CHAP credentials, but it
 
@@ -14,17 +14,17 @@ available, the server can authenticate the user.
 
 Authorization refers to the process of determining what permissions are granted to the user. For example, the user may or may not be permitted certain kinds of network access or allowed to issue certain commands.
 
-The NAS sends a “request” - a packet of information about the user - and the RADIUS server either grants or denies authorization based solely on information in the “request” sent by the NAS. In each case, the RADIUS server manages the authorization policy and the NAS enforces the policy.
+The NAS sends a "request" - a packet of information about the user - and the RADIUS server either grants or denies authorization based solely on information in the "request" sent by the NAS. In each case, the RADIUS server manages the authorization policy and the NAS enforces the policy.
 
-The NAS “request” is really a set of statements. For example, the NAS may send the RADIUS server a “request” containing the following user information:
+The NAS "request" is really a set of statements. For example, the NAS may send the RADIUS server a "request" containing the following user information:
 
 ```
-“user name is Bob”
-“password is Hello”
-“ip address is 192.02.34”
+"user name is Bob"
+"password is Hello"
+"ip address is 192.02.34"
 ```
 
-Once the RADIUS server receives the request, it uses that information to figure out what properties the user should have (i.e., “Bob” is saying he/she has IP address 192.0.2.34, do the server records contradict this statement?).
+Once the RADIUS server receives the request, it uses that information to figure out what properties the user should have (i.e., "Bob" is saying he/she has IP address 192.0.2.34, do the server records contradict this statement?).
 The RADIUS server then sends a reply to the NAS. The reply contains a series of statements about what properties the user should have:
 
 ```
@@ -34,7 +34,7 @@ The RADIUS server then sends a reply to the NAS. The reply contains a series of
 
 [NOTE]
 ====
-The RADIUS server can’t request further information from the NAS. In contrast with SQL systems, RADIUS is limited in that it cannot make complicated queries. In SQL, queries such as "SELECT name from table where ipaddress = 192.02.34" are common. RADIUS does not have that capability. Instead, RADIUS
+The RADIUS server can't request further information from the NAS. In contrast with SQL systems, RADIUS is limited in that it cannot make complicated queries. In SQL, queries such as "SELECT name from table where ipaddress = 192.02.34" are common. RADIUS does not have that capability. Instead, RADIUS
 only makes statements about what is, and what should be.
 ====