RadiusApp
RADIUS Application Configuration
The N2SVCD RADIUS Application is a protocol gateway application which can accept and perform requests using the RADIUS protocol.
The following configuration is used to create a RADIUS Application instance to act as a protocol gateway for RADIUS clients.
<?xml version="1.0" encoding="utf-8"?>
<n2svcd>
...
<applications>
...
<application name="RADIUS Auth Server" module="RadiusApp">
<include><lib>../apps/radius/lib</lib></include>
<parameters>
<parameter name="local_host" value="10.42.2.122"/>
<parameter name="local_port" value="1812"/>
</parameters>
<config>
<peers>
<peer address="10.42.2.123" secret="client_shared_secret"/>
<peer address="10.42.2.124" secret="another_client_shared_secret"/>
</peers>
<handlers>
<handler code="1" application="Logic"/>
</handlers>
</config>
</application>
...
</application>
...
</n2svcd>
The following configuration is used to create a RADIUS Application instance to act as a protocol gateway to a RADIUS server.
<?xml version="1.0" encoding="utf-8"?>
<n2svcd>
...
<applications>
...
<application name="RADIUS Auth Client" module="RadiusApp">
<include><lib>../apps/radius/lib</lib></include>
<parameters>
<parameter name="local_host" value="10.42.2.122"/>
<parameter name="local_port" value="18120"/>
<parameter name="remote_host" value="10.42.2.154"/>
<parameter name="remote_port" value="1812"/>
</parameters>
<config>
<peers>
<peer address="10.42.2.154" secret="n2svcdn2svcdn2svcd"/>
</peers>
</config>
</application>
...
</application>
...
</n2svcd>
A single RADIUS Application instance will maintain a single connection to a single port exposed by a single RADIUS peer. You may need to configure more than one application instance per peer (e.g. for both authentication and accounting), or to connect to more than one remote RADIUS server.
Configuration Details
The application element attributes for a RADIUS Application instance may include the below.
For details of the various parameter types used, refer to Common Configuration.
| Parameter Name | Type | XML Type | Description |
|---|---|---|---|
| See: Common Application configuration | |||
| See: TCP Application configuration | |||
module
|
String | Attribute |
[Required] RadiusApp
|
include.lib
|
String | Element |
[Required] ../apps/radius/lib
|
parameters
|
Array | Element |
[Required] As per Common Configuration Application
parameters.
|
"edr_enabled"
|
- | - | This value is ignored; the RADIUS Application does not support writing EDRs. |
"local_host"
|
String | Attribute |
Server or Client. As per common TCP configuration for local_host.
|
"local_port"
|
Positive Integer | Attribute |
Server or Client. As per common TCP configuration for local_port.
|
"remote_host"
|
String | Attribute |
Client only. As per common TCP configuration for remote_host.
|
"remote_port"
|
Positive Integer | Attribute |
Client only. As per common TCP configuration for remote_port.
|
config
|
Object | Element | Container for extended configuration for this Application instance. |
.peers
|
Array | Element |
Array of peer elements defining RADIUS peer details.
|
.handlers
|
Array | Element |
Array of handler elements, rules for selecting the owning
Application for inbound RADIUS requests.
|
Note: Typical RADIUS Servers will allow multiple outstanding requests per client connection.
RADIUS Peers
The peers section of the config block enables the definition of peer details,
and in particular, the shared secret for each peer as described in RFC 2865.
Packets received from peers for which the shared secret is not defined will be discarded.
Similarly, attempts to send packets to peers for which the shared secret is not defined will fail.
| Parameter Name | Type | XML Type | Description |
|---|---|---|---|
address
|
String | Attribute | [Required] The IP address of the peer. |
secret
|
String | Attribute |
[Required] The plaintext (unencrypted) secret shared with the peer. Security of this secret currently relies on limiting access to the machine and configuration file in which the secret is configured. |
RADIUS Handlers
Handler rules define which Application is used to process inbound RADIUS Requests.
Each handler Object in the config.handlers Array is configured as follows.
| Parameter Name | Type | XML Type | Description |
|---|---|---|---|
code
|
Integer | Attribute |
The RADIUS packet type code for the request received from the packet header, e.g. 1 for RADIUS Access-Request.(Default = Handle all packet type code values)
|
application
|
String | Attribute | [Required] The name of the application which should process matching requests. This will normally refer to a LogicApp instance. |
The handlers will be checked in order, and the first matching handler will be used.
Message Handling
In addition to the common Application management messages, the RadiusApp uses the following messages:
- RADIUS-C Messages (
RADIUS-C-REQUESTinbound). - RADIUS-S Messages (
RADIUS-S-REQUESToutbound).