Apache Radius Authentication Module Installation on CentOS
1,854 views
Skip to first unread message
choe...@gmail.com
Jun 20, 2015, 4:32:38 AM6/20/15
to lin...@googlegroups.com
I'm trying to install and compile the Apache Radius Authentication Module on CentOS. The link http://freeradius.org/mod_auth_radius/ mentions a script called ./configure . The problem is that the file mod_auth_radius-1.5.8.tar does not come with the configure script. How can I run this command/script if it didn't come with it?
Mirko Ahnert
Jun 23, 2015, 3:55:50 AM6/23/15
to lin...@googlegroups.com, choe...@gmail.com
Hi,
have you tried
apxs -i -a -c mod_auth_radius.c
This command is include in the httpd-devel package.
Greetings,
Mirko
--
Mirko Ahnert
LSE Leading Security Experts GmbH, http://www.lsexperts.de
Postfach 100121, 64201 Darmstadt, Germany
Zentrale: +49 6151 86086-0 , Fax: -299
Support Hotline: +49 6151 86086-115
Unternehmenssitz: Weiterstadt Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther
choe...@gmail.com
Jun 23, 2015, 11:50:31 AM6/23/15
to lin...@googlegroups.com, choe...@gmail.com
Below are the exact steps I took to get mod_auth_radius to work on CentOS 6.5. It works perfectly now.
Download mod_auth_radius-1.5.8.tar
Extract and then upload contents to /opt
go into the directory where the files where extracted
yum install httpd-devel.x86_64
yum install openssl-devel
apxs -i -a -c mod_auth_radius-2.0.c
nano /etc/httpd/conf/httpd.conf and add the below to the bottom of your config file. This will allow the virtual directory 'secure' to prompt a username and password. The credentials entered in will authenticate against your radius server. If running the LinOTP appliance it will talk to FreeRadius on LinOTP and in return validate against LinOTP. Once this is working you can then implement into your production Apache config. Below is for lab / examples only. The below config works on clean installs of Apache.
<IfModule radius_auth_module>
AddRadiusAuth 192.168.1.10:1812 yourpassword 5:3
AddRadiusCookieValid 5
</IfModule>
<Location /secure>
AuthType Basic
AuthName "LinOTP two-factor authentication for default site"
AuthBasicProvider radius
AuthRadiusCookieValid 5
AuthRadiusActive On
require valid-user
</Location>
Mirko Ahnert
Jun 23, 2015, 11:54:17 AM6/23/15
to lin...@googlegroups.com, choe...@gmail.com
Good to hear and thank you for your configuration example!
Mirko
--
Mirko Ahnert
LSE Leading Security Experts GmbH, http://www.lsexperts.de
Postfach 100121, 64201 Darmstadt, Germany
Zentrale: +49 6151 86086-0 , Fax: -299
Support Hotline: +49 6151 86086-115
Unternehmenssitz: Weiterstadt Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther
Doc Fraggle
Jun 25, 2015, 1:09:11 AM6/25/15
to lin...@googlegroups.com, choe...@gmail.com
Hi all,
just for your information: I use mod_auth_xradius with CentOS 6.5, it can be easily installed via yum. My working config:
## RADIUS authentication for test site
LoadModule auth_xradius_module modules/mod_auth_xradius.so
<IfModule mod_auth_xradius.c>
## RADIUS cache set to 10 seconds, otherwise the test site won't work
AuthXRadiusCache dbm "conf/auth_xradius_cache"
AuthXRadiusCacheTimeout 10
<Directory "/var/www/html/test">
DirectoryIndex index.html
## This is what the client sees in their Prompt.
AuthName "LinOTP Test Page"
## Type of authentication to use.
AuthType basic
## Address and the Shared Secret of the RADIUS Server to contact.
AuthXRadiusAddServer "localhost:1812" "XXXXXXXXXXXXX"
## Time in Seconds to wait for replies from the RADIUS Servers
AuthXRadiusTimeout 2
## Number of times to resend a request to a server if no reply is received.
AuthXRadiusRetries 2
## This tells apache that we want a valid user and password.
require valid-user
AuthBasicProvider xradius
</Directory>
</IfModule>
Works like a charm.
Regards, Christian
just for your information: I use mod_auth_xradius with CentOS 6.5, it can be easily installed via yum. My working config:
## RADIUS authentication for test site
LoadModule auth_xradius_module modules/mod_auth_xradius.so
<IfModule mod_auth_xradius.c>
## RADIUS cache set to 10 seconds, otherwise the test site won't work
AuthXRadiusCache dbm "conf/auth_xradius_cache"
AuthXRadiusCacheTimeout 10
<Directory "/var/www/html/test">
DirectoryIndex index.html
## This is what the client sees in their Prompt.
AuthName "LinOTP Test Page"
## Type of authentication to use.
AuthType basic
## Address and the Shared Secret of the RADIUS Server to contact.
AuthXRadiusAddServer "localhost:1812" "XXXXXXXXXXXXX"
## Time in Seconds to wait for replies from the RADIUS Servers
AuthXRadiusTimeout 2
## Number of times to resend a request to a server if no reply is received.
AuthXRadiusRetries 2
## This tells apache that we want a valid user and password.
require valid-user
AuthBasicProvider xradius
</Directory>
</IfModule>
Works like a charm.
Regards, Christian
choe...@gmail.com
Jun 25, 2015, 9:41:01 AM6/25/15
to lin...@googlegroups.com, choe...@gmail.com
Question. Is there a benefit to using xradius over mod_auth_radius?
Doc Fraggle
Jun 25, 2015, 1:41:39 PM6/25/15
to Chris Hoerske, linotp
Yes you don't have to compile it yourself and you receive automatic updates via yum.
Regards, Christian
--
You received this message because you are subscribed to the Google Groups "LinOTP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to linotp+un...@googlegroups.com.
Visit this group at http://groups.google.com/group/linotp.
To view this discussion on the web visit https://groups.google.com/d/msgid/linotp/41a46b9d-d6ed-42e1-9134-2e2921199d81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
itpn...@gmail.com
Mar 15, 2018, 8:06:29 AM3/15/18
to LinOTP
Reply all
Reply to author
Forward
0 new messages