Radius¶
Authentication |
Users |
Password |
---|---|---|
✔ |
Presentation¶
LL::NG uses Perl Authen::Radius as a simple authentication backend.
Currently, the module is simply handling a Radius Authentication request and has been tested only against a FreeRadius server.
Configuration¶
Install Authen::Radius¶
You have to install the corresponding Perl module.
For CentOS/RHEL:
yum install perl-Authen-Radius
In Debian/Ubuntu, install the library through APT
apt install libauthen-radius-perl
Configuration of LL::NG¶
In Manager, go in General Parameters
> Authentication modules
and choose Radius for authentication.
Tip
You can then choose any other module for users and password.
Then, go in Radius parameters
:
Authentication level: authentication level for Radius module
Shared secret: this is the passphrase to use to connect to the Radius server
Server hostname: this is the hostname or IP address of the Radius server. Since 2.18.0 you can specify multiple servers, separated by spaces, for failover.
Authentication timeout (Optional): Allowed time to perform authentication
Authenticate Radius requests: Use the Message-Authenticator attribute to protect requests.
Exported variables: radius attributes stored in user session at authentication time. key is name in user session and value is attribute name in radius dictionary.
Dictionary: radius dictionary file ex: /usr/share/freeradius/dictionary This is mandatory to handle attributes as names or to send request attributes.
Request attributes: a list of additional Radius attributes to send with the Access Request. Key is the radius attribute name in the provided dictionary, value is a perl expression used to populate the attribute value.