FreeRADIUS InkBridge

Virtual Servers

This documentation is a work in progess. This page is taken from the version 3 documentation, and has not yet been updated for version 4.

The general approach of this page is correct, but you will have to update the syntax if you are using version 4.

Contact InkBridge Networks for more details.

Goal: To understand how to create and use a new virtual server.

Time: 20-30 minutes

File:

  • etc/raddb/sites-enabled/virtual

documentation page: raddb/sites-available/README

A "virtual server" is a configuration file that contains the following sections:

  • listen Defines a new socket.

  • authorize The authorization section

  • authenticate The authentication section

  • post-auth The post-authentication section

  • pre-proxy The pre-proxy section

  • post-proxy The post-proxy section

  • preacct The pre-accounting section

  • accounting The accounting section

Create a new file raddb/sites-enabled/virtual. Put the following text into it:

listen {
    ipaddr = 127.0.0.1
    port = 18273   # some random 5 digit number
    type = auth
}

authorize {
    control.Clearext-Password := "hello"
    pap
}

authenticate {
    pap
}

Start the server in debugging mode, and use radtest to send a PAP authentication request to the server at the port defined above.

Questions

  1. What happens when you try to use CHAP or MS-CHAP? Why does this result occur?

  2. How can you make that virtual server use CHAP or MS-CHAP?

  3. What happens when you try different User-Names? Why does this result occur?

  4. How can you make the above configuration authenticate different users via different passwords?