Home Dave Heppenstall | E-mail Contact

Find 
 
[Résumé]Résumé [Academics]Academics [About Me]About Me
Rogers Cable Page 1 2 3 4 5 6 7 |  » 

freeRadius

freeRadiusThe freeRadius.org Open Source Project.

FreeRadius.org is a project which provides RADIUS authentication for the web.

FreeRadius provides an extension module for use with Apache. The single .c source file needs to be compiled with Apache's apxs utility to compile it into the HTTP daemon. Compiling, installing and configuring the module did not pose much of a problem:

apxs -i -a -c mod_auth_radius-2.0.c

Now we return to Apache's httpd.conf file to make a few more changes and additions:

First, load the newly-compiled module:

LoadModule radius_auth_module modules/mod_auth_radius-2.0.so

Next, add the general Radius configuration parameters:
AddRadiusAuth hostname sharedsecret retries:timeout
AddRadiusCookieValid minutes

Now, configure an authenticated web-location:
[Location /secure]
  AuthType Basic
  AuthType Basic AuthName "Insert a description"
  AuthType Basic AuthAuthoritative on
  AuthType Basic AuthRadiusCookieValid minutes
  AuthType Basic AuthRadiusActive on
  AuthType Basic require valid-user
[/Location]

You can determine if this setup has worked when you visit your web site in the folder called "secure." You should see something like this:

freeRadius Login Dialog Box
Figure 1 - freeRadius Login Dialog Box

An elusive error with the Apache-Subversion-Radius configuration resulted in weeks of trial and error testing. Source codes were sifted through and I attempted to debug an error which caused an authenticated Subversion Location directive result in nothing but 404 errors. Putting together the two different directives from Basic Subversion and the Radius Configuration result in:

[Location /svn-secure]
  DAV svn
  SVNParentPath path/to/repositories/
  AuthType Basic
  AuthName "Insert a description"
  AuthAuthoritative off
  AuthRadiusAuthoritative on
  AuthRadiusCookieValid minutes
  AuthRadiusActive On
  require valid-user
[/Location]

Although it seems simple enough, the DAV logic in the Subversion module didn't seem to like being authenticated. A few weeks later, a breakthrough! A very wise person on the Apache HTTPD Mailing-List shared an invaluable piece of advice.

The solution as described by Joe Orton on the Apache mailing list.

My original post on the Subversion mailing list.

Apparently, commenting out a few lines of code solve the problem completely. Finally, Subversion was running on a web server with Radius authentication on the existing infrastructure!

Page 1 2 3 4 5 6 7 |  » 

- Top of Page