HP UX Internet Express Software Considerations While Installing FreeRADIUS, Starting and Stopping the FreeRADIUS Server, Understanding FreeRADIUS Configuration Files

Considerations While Installing FreeRADIUS

The installation procedure includes the build, install of the IAEFRAD subset. For more details, refer the Installation Guide.

FreeRadius is installed in the /usr/local/radius directory. The configuration files exist in

/usr/local/etc/raddb directory.

When you install FreeRadius, all the necessary directories are created. You can run tests by using existing UNIX system accounts.

Starting and Stopping the FreeRADIUS Server

Follow these steps to start or stop the FreeRADIUS Server.

1.From the Manage Components menu, choose FreeRADIUS Server Administration.

2.From the FreeRADIUS Server Administration menu, choose Start/Stop FreeRADIUS Server. The current status of the server is displayed (either Running or Stopped).

3.To start a stopped server, click on the Start button

4.If the server is running, click on Stop to stop the server or Restart to stop and restart the server. The status message is displayed after each action.

Understanding FreeRADIUS Configuration Files

Important functions of FreeRADIUS are controlled by configuration directives in the users file, radiusd.conf and clients.conf.

Users File

This file contains authentication security and configuration information for each user. Accounting requests are not processed through this file. Instead, see acct_users in the same directory.

The first field is the user's name and can be up to 253 characters in length. This is followed (on the same line) with the list of authentication requirements for that user. This can include password, comm server name, comm server port number, protocol type (perhaps set by the hints file), and huntgroup name (set by the huntgroups file).

If you are not sure why a particular reply is being sent by the server, then run the server in debugging mode (radiusd -X), and you will see which entries in this file are matched.

When an authentication request is received from the comm server, these values are tested. Only the first match is used unless the Fall-Through variable is set to Yes.

A special user named DEFAULT matches on all user names. You can have several DEFAULT entries. All entries are processed in the order they appear in this file. The first entry that matches the login-request will stop processing unless you use the Fall-Through variable.

If you use the database support to turn this file into a .db or .dbm file, the DEFAULT entries have to be at the end of this file. You cannot have multiple entries for one user name.

You do not need to specify a password if you set Auth-Type += System on the list of authentication requirements. The RADIUS server will then check the system password file.

Indented (with the tab character) lines following the first line indicate the configuration values to be passed back to the comm server to allow the initiation of a user session. This can include things like the PPP configuration values or the host onto which the user will log on.

You can include another users file with $INCLUDE users.other.

The following example shows a typical users file entry format :

"Robert Auth-Type := Local, User-Password == "me66med" Service-Type = Callback-Login-User,

FreeRADIUS Server Administration 187