Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

radius(8) [suse man page]

RADIUS(8)						    InterNetNews Documentation							 RADIUS(8)

NAME

       radius - nnrpd RADIUS password authenticator

SYNOPSIS

       radius [-h] [-f config]

DESCRIPTION

       radius is an nnrpd authenticator, accepting a username and password from nnrpd (given to nnrpd by a reader connection) and attempting to
       authenticate that username and password against a RADIUS server.  See readers.conf(5) for more information on how to configure an nnrpd
       authenticator.  It is useful for a site that already does user authentication via RADIUS and wants to authenticate news reading connections
       as well.

       By default, radius reads pathetc/radius.conf for configuration information, but a different configuration file can be specified with -f.
       See radius.conf(5) for a description of the configuration file.

OPTIONS

       -f config
	   Read config instead of pathetc/radius.conf for configuration information.

       -h  Print out a usage message and exit.

EXAMPLE

       The following readers.conf(5) fragment tells nnrpd to authenticate all connections using this authenticator:

	   auth radius {
	       auth: radius
	       default: <FAIL>
	       default-domain: example.com
	   }

       "@example.com" will be appended to the user-supplied identity, and if RADIUS authentication failes, the user will be assigned an identity
       of "<FAIL>@example.com".

BUGS

       It has been reported that this authenticator doesn't work with Ascend RADIUS servers, but does work with Cistron RADIUS servers.  It's also
       believed to work with Livingston's RADIUS server.  Contributions to make it work better with different types of RADIUS servers would be
       gratefully accepted.

       This code has not been audited against the RADIUS protocol and may not implement it correctly.

HISTORY

       The RADIUS authenticator was originally written by Aidan Cully.	This documentation was written by Russ Allbery <rra@stanford.edu>.

       $Id: radius.pod 7664 2007-09-02 12:58:07Z iulius $

SEE ALSO

       nnrpd(8), radius.conf(5), readers.conf(5)

       RFC 2865, Remote Authentication Dial In User Service.

INN 2.5.2							    2009-05-21								 RADIUS(8)

Check Out this Related Man Page

RADIUS.CONF(5)						    InterNetNews Documentation						    RADIUS.CONF(5)

NAME

       radius.conf - Configuration for nnrpd RADIUS authenticator

DESCRIPTION

       This describes the format and attributes of the configuration file for the nnrpd RADIUS authenticator.  See radius(1) for more information
       about the authenticator program.  The default location for this file is radius.conf in pathetc.

       Blank lines and lines beginning with "#" are ignored, as is anything after a "#" on a line.  All other lines should begin with a parameter
       name followed by a colon and the value of that key, except that each section of configuration for a particular server should be enclosed
       in:

	   server <name> {
	       # parameters...
	   }

       where <name> is just some convenient label for that server.

       The available parameters are:

       radhost
	   The hostname of the RADIUS server to use for authentication.  This parameter must be set.

       radport
	   The port to query on the RADIUS server.  Defaults to 1645 if not set.

       lochost
	   The hostname or IP address making the request.  The RADIUS server expects an IP address; a hostname will be translated into an IP
	   address with gethostbyname().  If not given, this information isn't included in the request (not all RADIUS setups require this
	   information).

       locport
	   The port the client being authenticated is connecting to.  If not given, defaults to 119.  This doesn't need to be set unless readers
	   are connecting to a non-standard port.

       secret
	   The shared secret with the RADIUS server.  If your secret includes spaces, tabs, or "#", be sure to include it in double quotes.  This
	   parameter must be set.

       prefix
	   Prepend the value of this parameter to all usernames before passing them to the RADIUS server.  Can be used to prepend something like
	   "news-" to all usernames in order to put news users into a different namespace from other accounts served by the same server.  If not
	   set, nothing is prepended.

       suffix
	   Append the value of this parameter to all usernames before passing them to the RADIUS server.  This is often something like
	   "@example.com", depending on how your RADIUS server is set up.  If not set, nothing is appended.

       ignore-source
	   Can be set to "true" or "false".  If set to false, the RADIUS authenticator will check to ensure that the response it receives is from
	   the same IP address as it sent the request to (for some added security).  If set to true, it will skip this verification check (if your
	   RADIUS server has multiple IP addresses or if other odd things are going on, it may be perfectly normal for the response to come from a
	   different IP address).

EXAMPLE

       Here is a configuration for a news server named news.example.com, authenticating users against radius.example.com and appending
       "@example.com" to all client-supplied usernames before passing them to the RADIUS server:

	   server example {
	       radhost: radius.example.com
	       lochost: news.example.com
	       secret: IamARADIUSsecRET
	       suffix: @example.com
	   }

       The shared secret with the RADIUS server is "IamARADIUSsecRET".

HISTORY

       This documentation was written by Russ Allbery <rra@stanford.edu> based on the comments in the sample radius.conf file by Yury B. Razbegin.

       $Id: radius.conf.pod 8200 2008-11-30 13:31:30Z iulius $

SEE ALSO

       radius(1)

INN 2.5.3							    2009-05-21							    RADIUS.CONF(5)
Man Page