[RADIATOR] Customizing the Radiator Server for RADSEC

Heikki Vatiainen hvn at open.com.au
Thu Jan 12 14:58:50 CST 2012 

On 01/12/2012 06:09 PM, Saverino, Steven wrote:

> With some help, I have started to get the Radiator Application to work with our equipment, thanks.
>
> I need to see if the radsec feature of the Radiator application works with our equipment and I have started to read up on it in the documentation provided but if anyone can provide an example or steps needed to make this work would be appreciated, thanks.

Here is my test setup for RadSec client and server:

% ls -l
total 52
drwxr-xr-x 3 hvn hvn 4096 2011-12-08 15:32 certificates
-r--r--r-- 1 hvn hvn 9501 2011-12-08 16:11 radsec-client.cfg
-rw-r--r-- 1 hvn hvn 6105 2011-12-08 16:11 radsec-server.cfg
-rw-r--r-- 1 hvn hvn   27 2011-12-08 16:27 users

File 'users' is simply this one line:
mikem	User-Password = fred

radsec-client.cfg and radsec-server.cfg are unmodified files from
Radiator distribution goodies/ directory.

certificates is a copy of certificates directory in Radiator
distribution directory.

Testing involves starting two radiusd instances. On Linux something like
this should work:

% perl ~/radiator/Radiator-4.9/radiusd -I ~/radiator/Radiator-4.9
-dictionary ~/radiator/Radiator-4.9/dictionary -config radsec-server.cfg

Since this is my test system, I am running radiusd directly from the
distribution diretory. If Radiator has been installed, something like
this should work:

% radiusd -dictionary ~/radiator/Radiator-4.9/dictionary -config
radsec-server.cfg

To start client, run run the same command in another terminal window but
use radsec-client.cfg as config file name.


Finally, open a third terminal window and run radpwtst:

% radpwtst -trace 4 -noacct

This will run simple authentication without accounting and use
mikem/fred as username and password.

If the test setup was done correctly, you should get back Access-Accept.
The request goes first to the server instance and gets sent over RadSec
to the client instance. The client does AuthBy FILE using users file.

At this point I strongly recommend using command line and going through
the configuration files to see what the configuration looks like. The
web gui would overwrite the comments which contain a lot of useful
information.

Please let us know how it goes.

Thanks!
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list