Documentation for ns_radius from Vlad Seryakov's nsradiusd module
ns_radius
Overview
Remote Authentication Dial In User Service, or RADIUS, is a UDP based network communication client/server protocol. See http://en.wikipedia.org/wiki/RADIUS or http://technet.microsoft.com/en-us/library/bb742489.aspx for more information. RADIUS employs so called AAA (Authorization, Authentication and Accounting) transaction concept of communication. Historically, the RADIUS servers use UDP port 1812 for Authorization and Authentication messages (auth) while Accounting (acct) communication goes through port 1813.
Vlad's original nsradiusd module listened on a single port for both auth and acct messages. In the AM-modified version, it listens to two separate ports. You can override the ports as well configure the tcl procedure responsible for processing the messages in the config file as follows:
ns_section "ns/server/myserver/module/nsradiusd" ns_param address 0.0.0.0
ns_param port 1812 ;# if not defined, 1812 is set by default.
ns_param proc radius::server ;# TCL procedure that serves Authorisation and # Authentication requests.
ns_param acctport 1813 ;# if not defined, 1813 is set by default.
ns_param acctproc radius::acctserver ;# TCL procedure that serves Accounting requests.
# If not defined, acctproc is same as proc
ns_param drivermode false ;# AOLserver only supports non-driver mode # NaviServer supports both
The following set of ns_radius commands provides facilities to manipulate the basic entities that a RADIUS server operates on, namely requests, users, clients and an attributes dictionary.
Syntax
ns_radius send host port secret ?Code code? ?Retries retries? ?Timeout timeout? ?attr value? ...
ns_radius reqget name ?vendor?
ns_radius reqset attr value ...
ns_radius reqlist
ns_radius reqreply
ns_radius dictlist
ns_radius dictget name|attr ?vendor?
ns_radius dictdel del name|attr ?vendor?
ns_radius dictadd name attr vendor type valname1 valnum1 valname2 valnum2 ...
ns_radius dictvalue name vendor label
ns_radius dictlabel name vendor num
ns_radius clientadd host secret
ns_radius clientlist
ns_radius clientdel host
ns_radius clientget host
ns_radius useradd name checkattrs ?replyattrs?
ns_radius userfind name
ns_radius userdel name
ns_radius userlist
ns_radius userattrfind name attr ?inreply?
ns_radius reset
ns_radius debug [0 | 1]
Description
nsradius send sends RADIUS request to the specified address (host, port). The request code is RADIUS_ACCESS_REQUEST by default. It waits "timeout" seconds (2 by default) for response and retries to resend it "retries" times (3 by default). RADIUS Attribute Value Pairs (AVP) could also be specified. The command returns the reply code and attributes list or error. The "secret" is a hash key that is used to encrypt the value of the User-Password attribute if present.
ns_radius reqget - If "name" is [code | id | ipaddr] then either code or id or IP address of the current request is returned. If "name" is a "vendor" specific attribute then its value is returned.
ns_radius reqset sets reply AVP.
ns_radius reqlist returns the code, id, IP address and request AVP.
ns_radius reqreply returns the code, id, IP address and reply AVP.
ns_radius dictlist returns the list of vendor specific attributes.
ns_radius dictget returns an attribute if it exists.
ns_radius dictdel removes an attribute from the dictionary. (currently crashes server)
ns_radius dictadd adds an AVP of any of the following type [string | filter | integer | ipaddr | date].
ns_radius dictvalue returns the value of an attribute that matches the specified label.
ns_radius dictlabel returns the list of labels of an attribute that has a specified value.
ns_radius clientadd add a client, characterized by its IP address ("host") and encryption key ("secret") used to decrypt the data in the message from the client. Note that the only encrypted part of a client request is the value of the User-Password attribute.
ns_radius clientlist returns the list of clients registered so far.
ns_radius clientdel removes a client from the list.
ns_radius clientget returns the "secret" of a client if it exists.
ns_radius useradd creates a user identified by its "name". The parameters "checkattrs" and "replyattrs" are expected to be key-value TCL lists of attributes.
ns_radius userfind returns the list of attributes of a user.
ns_radius userdel removes a user from the list.
ns_radius userlist returns the list of users registered so far.
ns_radius userattrfind - for a specified user, returns a value of an attribute.
ns_radius reset resets the number of communication errors to zero.
ns_radius debug enables/disables debug printouts.