Action disabled: backlink
content:en_us:dev_apps_radius

Radius

RADIUS is a simple mechanism and can be added to the main core of ClearOS with relative ease so that it snaps into the LDAP infrastructure. Ideally this will be added to ClearOS 5.2 as a feature.

This spec assumes that the steps in the RADIUS HowTo have be completed as well.

Webconfig

Add RADIUS Tab

A new tab should appear in the <navigation>Directory » Setup</navigation> section entitled 'RADIUS'.

RADIUS Service Page

The body of the page is standard.

Start/Stop ToAuto/Manual

This tab should have the typical 'Start' button for the service and also have the 'To Auto' button.

Group

This element should be a pulldown menu that enumerates all the current groups. This is the group whose members will register as Access-Accept when the authentication request comes in.

When this element is set it changes the groupmembership_attribute value in the ldap{} element in radiusd.conf

Servers that can access this RADIUS Server

This area will look similar to Web Server page and will have the ability to add multiple entries. These entries directly affect and are enumerated by the the /etc/raddb/clients.conf file. By default, the local host entry will be enumerated and instead of the 'Remove' button, it will have a Disable/Enable button. This will comment or uncomment the entry in clients.conf.

Table will look like this:

Name Server Address Shared Secret
Debug localhost radiustest Enable
wap 10.1.1.50 w1r3l35s Remove
server server4.mycompany.lcl VpNS3cr3t Remove
machines 10.1.1.192/28 cl13nt5 Remove
en_us en_us en_us Add

The output of such a configuration in /etc/raddb/clients.conf would be:

#client 127.0.0.1 {
#secret = radiustest
#shortname = debugging
#nastype = other
#}
client 10.1.1.50 {
secret = w1r3l35s
shortname = wap
nastype = other
}
client server4.mycompany.lcl {
secret = VpNS3cr3t
shortname = server
nastype = other
}
client 10.1.1.192/28 {
secret = cl13nt5
shortname = machines
nastype = other
}

When an entry is created, nastype is set to 'other' if the user manually specifies a different type, adding new servers/networks to the list should NOT override the manual setting of the other entries.

  • Name (shortname): should be 15 characters of less and should not have any spaces or funky characters, dashes and underscores are ok.
  • Server Address (client): can me FQDN, IP, or CIDR
  • Shared Secret (secret): Needs to be tested to see if characters such as $ or * give problems.

Interfaces

content/en_us/dev_apps_radius.txt · Last modified: 2020/05/07 13:12 (external edit)