[RADIATOR] Customizing the Radiator Server

Heikki Vatiainen hvn at open.com.au
Wed Jan 11 09:36:32 CST 2012 

On 01/11/2012 04:38 PM, Saverino, Steven wrote:

Hello Steven,

try this to build a flat file based configuration:

1. Delete any Realm(s) you already have

2. Add new Realm. Name it DEFAULT. Realm DEFAULT will match any User-Name

3. Add new AuthBy for the Realm. Choose AuthBy FILE

4. The default Filename is %D/users.  You can set it explicitly to e.g.
/etc/radiator/users   %D by default is /usr/local/etc/raddb on Unix. See
the reference manual ref.pdf for more about DbDir

5. Save the configuration. It will overwrite any previous configuration
with the new settings

6. Create the users file. You can not do this with the Radiator web GUI.
You can use any editor that comes with your system. The users file
should look like below (2 lines). /etc/radiator/users:

root User-Password = "password"
    Redcom-User-Class = string

7. Create dictionary for Redcom VSAs since they are not yet in
Radiator's default dictionary. Lets call the file
/etc/radiator/dictionary.redcom   The file is (5 lines):

#
# Redcom VSAs
#
VENDOR      Redcom 32167
VENDORATTR  32167  Redcom-User-Class  1  string


8. Go back to Radiator web interface and choose 'Edit' from left side
panel. Click 'Show Advanced Options'. Locate 'DictionaryFile' textbox
and add ',/etc/radiator/dictionary.redcom' to the contents.
DictionaryFile should now have Radiator's default dictionary and
'dictionary.redcom' as value.


9. Save the configuration, test and check the log. If everything goes
well you should see this in the log:

*** Sending to 127.0.0.1 port 54351 ....
Code:       Access-Accept
Identifier: 170
Authentic:  <171><190><1><194>W1O<156><255><189>aj<16><212><229><22>
Attributes:
	Redcom-User-Class = "string"


10. An alternative is not to use the web interface. A simple Radiator
configuration file (/etc/radiator/radius.cfg) that does the above would
look like this:

AcctPort 1646
AuthPort 1645
DbDir /etc/radiator
DictionaryFile %D/dictionary,%D/dictionary.redcom
LogDir .
LogFile %L/logfile
LogStdout
PidFile %L/radiusd.pid
Trace 4

<Client DEFAULT>
	Secret mysecret
</Client>

<Realm DEFAULT>
	<AuthBy FILE>
		Filename %D/users
	</AuthBy>
</Realm>


Thanks!
Heikki



> I am trying to evaluate the Radiator Application. I have installed
> ActivePerl and modules and Radiator and so far according to the
> documentation I have read. I am now trying to understand how I can
> utilize the RADIUS Server. The equipment I will be logging into thru
> the RADIUS Server will require the user to enter a "Username" and
> "Password" which is passed to the server (sample of output to Server
> from REDCOM below). When Radiator receives the request, we want the
> server to be set up to identify the REDCOM system (would like to
> setup REDCOM with a Vendor ID = 32167 and a Attribute labeled
> Redcom-User-Class which would send a string back to our system
> (Capture shown below). I am trying to use the HTTP GUI interface and
> I think I would have to customize the REALM section but not sure how
> and if a flat file is required how to set this up. I have a
> connection with the server from our equipment, it is just a matter of
> getting the proper response back. Would appreciate any assista nce.


> Plus any info on setting up the RADSEC also but want to understand how to customize the server to my needs. Thanks
> 
> 
> FROM REDCOM to SERVER:
> 
> Radius Protocol
> Code: Access-Request (1)
> Packet identifier: 0xd (13)
> Length: 66
> Authenticator: 6362808e9710451697889a204d1af7db Attribute Value Pairs
>   AVP: l=7  t=User-Name(1): root
>   AVP: l=18  t=User-Password(2): Decrypted: "pokey\000\000\000\000\000\000\000\000\000\000\000"
>   AVP: l=15  t=NAS-Identifier(32): redcom switch
>   AVP: l=6  t=NAS-Port(5): 4
> 
> 
> FROM SERVER to REDCOM:
> 
> Radius Protocol
> Code: Access-Accept (2)
> Packet identifier: 0xd (13)
> Length: 67
> Authenticator: e5da6909de553531aa74ebde05e1d446 Attribute Value Pairs
>     Attribute Value Pairs
>         AVP: l=12  t=Vendor-Specific(26) v=REDCOM Laboratories, Inc(32167)
>             VSA: l=6 t=Unknown-Attribute(1): string
> 
> 
> Steven Saverino
> Integration Lab
> One Redcom Center
> Victor, New York
> Phone: (585) 924-7550
> Extension: 455
> E-mail: ssaverin at redcom.com
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list