Documentation for ns_radius from Vlad Seryakov's nsradiusd module



Remote Authentication Dial In User Service, or RADIUS, is a UDP based network communication client/server protocol. See or for more information. RADIUS employs so called AAA (Authorization, Authentication and Accounting) transaction concept of communication. Historically, the RADIUS servers use UDP port 1812 for Authorization and Authentication messages (auth) while Accounting (acct) communication goes through port 1813.

Vlad's original nsradiusd module listened on a single port for both auth and acct messages.  In the AM-modified version, it listens to two separate ports.  You can override the ports as well configure the tcl procedure responsible for processing the messages in the config file as follows:

ns_section "ns/server/myserver/module/nsradiusd"
ns_param address
ns_param port 1812 ;# if not defined, 1812 is set by default.
ns_param proc radius::server          ;# TCL procedure that serves Authorisation and # Authentication requests.
ns_param acctport 1813 ;# if not defined, 1813 is set by default.
ns_param acctproc radius::acctserver    ;# TCL procedure that serves Accounting requests.
# If not defined, acctproc is same as proc
ns_param drivermode false                  ;# AOLserver only supports non-driver mode # NaviServer supports both

The following set of ns_radius commands provides facilities to manipulate the basic entities that a RADIUS server operates on, namely requests, users, clients and an attributes dictionary.


ns_radius send host port secret ?Code code? ?Retries retries? ?Timeout timeout? ?attr value? ...

ns_radius reqget name ?vendor?

ns_radius reqset attr value ...

ns_radius reqlist

ns_radius reqreply

ns_radius dictlist

ns_radius dictget name|attr ?vendor?

ns_radius dictdel del name|attr ?vendor?

ns_radius dictadd name attr vendor type valname1 valnum1 valname2 valnum2 ...

ns_radius  dictvalue name vendor label

ns_radius dictlabel  name vendor num

ns_radius clientadd host secret

ns_radius clientlist

ns_radius clientdel host

ns_radius clientget  host

ns_radius useradd name checkattrs ?replyattrs?

ns_radius userfind name

ns_radius  userdel name

ns_radius userlist 

ns_radius userattrfind name attr ?inreply?

ns_radius reset

ns_radius  debug [0 | 1]


nsradius send sends RADIUS request to the specified address (host, port). The request code is RADIUS_ACCESS_REQUEST by default. It waits "timeout" seconds (2 by default) for response and retries to resend it "retries" times (3 by default). RADIUS Attribute Value Pairs (AVP) could also be specified. The command returns the reply code and attributes list or error. The "secret" is a hash key that is used to encrypt the value of the User-Password attribute if present. 

ns_radius reqget - If "name" is  [code | id | ipaddr] then either code or id or IP address of the current request is returned. If "name" is a "vendor" specific attribute then its value is returned.

ns_radius reqset sets reply AVP.

ns_radius reqlist returns the code, id, IP address and request AVP.

ns_radius reqreply returns the code, id, IP address and reply AVP.

ns_radius dictlist returns the list of vendor specific attributes. 

ns_radius dictget returns an attribute if it exists.

ns_radius dictdel removes an attribute from the dictionary. (currently crashes server)

ns_radius dictadd adds an AVP of any of the following type [string | filter | integer | ipaddr | date].

ns_radius  dictvalue returns the value of an attribute that matches the specified label. 

ns_radius dictlabel returns the list of labels of an attribute that has a specified value.

ns_radius clientadd add a client, characterized by its IP address ("host") and encryption key ("secret") used to decrypt the data in the message from the client.  Note that the only encrypted part of a client request is the value of the User-Password attribute.

ns_radius clientlist returns the list of clients registered so far.

ns_radius clientdel removes a client from the list.

ns_radius clientget returns the "secret" of a client if it exists.

ns_radius useradd creates a user identified by its "name".  The parameters "checkattrs" and  "replyattrs" are expected to be key-value TCL lists of attributes.

ns_radius userfind returns the list of attributes of a user.

ns_radius  userdel removes a user from the list.

ns_radius userlist returns the list of users registered so far.

ns_radius userattrfind - for a specified user, returns a value of an attribute.

ns_radius reset resets the number of communication errors to zero.

ns_radius debug enables/disables debug printouts.

Tuning Config Params | ODBC/SQL Server Setup | ns_column | ns_table | ns_radius

© Copyright 1996-2014 by and Solitex Networks. Legal Notices.
Creative Commons License Articles on this site are licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.