Radius

Authentication

Users

Password

Presentation

LL::NG uses Perl Authen::Radius as a simple authentication backend.

Currently, the module is simply handling a Radius Authentication request and has been tested only against a FreeRadius server.

Configuration

Install Authen::Radius

You have to install the corresponding Perl module.

For CentOS/RHEL:

yum install perl-Authen-Radius

In Debian/Ubuntu, install the library through APT

apt install libauthen-radius-perl

Configuration of LL::NG

In Manager, go in General Parameters > Authentication modules and choose Radius for authentication.

Tip

You can then choose any other module for users and password.

Then, go in Radius parameters:

  • Authentication level: authentication level for Radius module

  • Shared secret: this is the passphrase to use to connect to the Radius server

  • Server hostname: this is the hostname or IP address of the Radius server. Since 2.18.0 you can specify multiple servers, separated by spaces, for failover.

  • Authentication timeout (Optional): Allowed time to perform authentication

  • Authenticate Radius requests: Use the Message-Authenticator attribute to protect requests.

  • Exported variables: radius attributes stored in user session at authentication time. key is name in user session and value is attribute name in radius dictionary.

  • Dictionary: radius dictionary file ex: /usr/share/freeradius/dictionary This is mandatory to handle attributes as names or to send request attributes.

  • Request attributes: a list of additional Radius attributes to send with the Access Request. Key is the radius attribute name in the provided dictionary, value is a perl expression used to populate the attribute value.