Virtual Servers
|
This documentation is a work in progess. This page is taken from the version 3 documentation, and has not yet been updated for version 4. The general approach of this page is correct, but you will have to update the syntax if you are using version 4. Contact InkBridge Networks for more details. |
Goal: To understand how to create and use a new virtual server.
Time: 20-30 minutes
File:
-
sites-enabled/virtual
documentation page: virtual servers
A "virtual server" is a configuration file that contains sections
which process packets. These are usually recv FOO or send FOO.
They can also include listen sections, long with a few others.
For RADIUS, the common sections are:
-
listen Defines a new socket.
-
recv Access-Request Run pilicies when receiving an
Access-Requestpacket -
authenticate <name> Run an authentication method
-
send Access-Accept Run policies when sending an
Access-Accept -
send Access-Reject Run policies when sending an
Access-Reject -
send Access-Challenge Run policies when sending an
Access-Challenge -
recv Accounting-Request Run policies when receiving an
Accounting-Requestpacket -
accounting <type> Run policies for a particular value of
Acct-Status-Type -
send Accounting-Response Run policies when receiving an
Accounting-Responsepacket
Create a new file sites-enabled/virtual. Put the following text
into it:
listen {
ipaddr = 127.0.0.1
port = 18273 # some random 5 digit number
type = auth
}
recv Access-Request {
control.Clearext-Password := "hello"
pap
}
authenticate pep {
pap
}
Start the server in debugging mode, and use radtest to send a PAP
authentication request to the server at the port defined above.
Questions
-
What happens when you try to use CHAP or MS-CHAP? Why does this result occur?
-
How can you make that virtual server use CHAP or MS-CHAP?
-
What happens when you try different User-Names? Why does this result occur?
-
How can you make the above configuration authenticate different users via different passwords?