RADIUSdesk is a web based management on top of the FreeRADIUS server. Every RADIUS server will have RADIUS clients. RADIUS clients have two important characteristics.
A NAS device control the access and resources on a data network.
A NAS device in turn is a server to clients which need to connect through them to the data network.
There are also clients to the RADIUS server which does not always need to be a NAS device. Some of them are:
One of the first actions you are likely to do is to add a NAS device to RADIUSdesk. This is done through the Nas devices applet.
When you add a NAS device through the NAS devices applet you need to collect some information beforehand in order to supply it when you add the NAS device.
The information itself depends on the connection type of the device.
There are four connection types:
Your installation of RADIUSdesk may not have all of them enabled since not everyone need to have all four types available. Enabling and disabling the connection types is beyond the scope of this document and is discussed under the Technical discussions section.
With a direct connected device you need to have:
Item | Typical value | Comment |
---|---|---|
NAS device's IP Address | 42.34.12.12 | |
Shared secret | testing123 | something that is secure and obscure |
Name for device | Coova-AP-Pta-01 | This can be anything really but you are encouraged to work out a convention. |
With a Dynamic Client you need to have:
Item | Typical value | Comment |
---|---|---|
Unique AVP attribute | NAS-Identifier | Can be one of the other from the list also |
Unique AVP attribute value | Coova-AP-Pta-01 | Some value to identify the device by uniquely. The device will include this AVP and value when it contacts the RADIUS server |
Shared secret | testing123 | something that is secure and obscure |
Name for device | Coova-AP-Pta-01 | This can be anything really but you are encouraged to work out a convention. |
With a dynamic client you have to ensure that FreeRADIUS is compiled and configured in such a way as to allow Dynamic Clients.
You can read more about Dynamic Clients on this page: https://sourceforge.net/apps/trac/hotcakes/wiki/YfiTechDynamicClients.
Dynamic Clients will typically be used when the NAS device sits behind a NAT firewall.
Although you do not need to know the IP Address of the Dynamic Client; there is something a bit more involved to know about the NAS device.
For a Dynamic Client to be identifiable we have to zoom in on one of the AVPs in the RADIUS packet coming. Usually it will be one of the following:
One of these AVP's are typically included in every RADIUS packet which the client sends to the server, allowing FreeRADIUS to identify the client and registering the device on the fly.
The simplest to find out which are included is to do the following:
sudo /etc/init.d/radiusd stop sudo radiusd -X
This section is quite technical and you do not need to understand everything from the word go.
If you know CoovaChilli for instance; the values of these attributes are determined by settings like: