Authentication Module, RadiusAuth

RadiusAuth authenticates against a Radius server, it suffers from one problem. Radius servers do not suppport user lookups and without a valid password it's impossible for SurgeMail to know a user is valid until the user has first checked/read their email, when this occurs RadiusAuth stores the username for future reference.

To supply additional information (like groups=x.y.z or fwd=fred@domain) you can use the radius 'VENDOR-SPECFIC' attribute.

Installing and Setup

Building from Source

Configuration Options

Command Line Options

Supported Commands

Installing and Setup

Some applications come with RadiusAuth already built. If you have not got a build and/or require the lastest code it can be downloaded from the one of the links below:

Source: auth_src_2.4b.zip 118k

Windows radiusauth_2.4b_windows.zip 67k

Freebsd4 radiusauth_2.4b_freebsd4.tar.gz 31k

Linux (Libc6) radiusauth_2.4b_linux.tar.gz 27k

Solaris radiusauth_2.4b_solaris7_sparc.tar.gz 27k

Building From Source:

If you are building RadiusAuth from the source you will need to have a C compiler either cc or
gcc and make. To build the command line prompt would be:

make -f Makefile.radius

Configuration Options:

RadiusAuth comes requires an radiusauth.ini to configurate it's options. This file is located in the same directory as the RadiusAuth binary OR in a directory specified by the -path command line option. The available options are:

Label

Default

Explanation

log false Enables verbose debug output.

unix_password false Only designed to be used on UNIX machines. Tells the auth program to use the UNIX password system for storing passwords.

plain_password false Tells the auth program to save the passwords as clear text.

domain (none) This is the domain that is attached when users are created in the database.
eg: lynden becomes- lynden@your.default.domain

lowercase_username false This will convert all usernames to lowercase when comparing names.

lowercase_username_set false This will convert all names to lowercase before adding them to the database.

search_min 0 This is the minimum number of characters that any search routine must have before a search is performed.

radius_host localhost This is the IP address or Name of the Radius server.

radius_port 1812 This is the TCPIP port of the Radius server (Normally 1812)

radius_secret (none) This is the encryption_key that is setup on the Radius server that the Mail server needs to use.

radius_attribute (none) This is the Radius attribute that is used that stores the fwd and quota settings. (string)

field_username username The label of the username field in your table.

field_password passwd The label of the password field in your table.

field_forward forward The label of the forward field in your table. This is the forwarding information that SurgeMail uses to determine what it forwards the EMail to.

field_quota (none) The label of the quota field in your table. This is the disk quota the user has.
eg: 100k, 10M

field_mailmask (none) The label of the mailmask field in your table. This is the IP mask that RadiusAuth checks against the "from IP" of the user. This forces the user to use only the specified IP.

field_maildrop (none) The label of the maildrop field in your table. This is the location where SurgeMail will drop the user mail files.

radius_user_file radius.dat This is the file where usernames/passwords are stored so that lookups without passwords can be done, eg: RadiusAuth stores the passwords itself as it adds the users.

Command Line Options:

-path Tells RadiusAuth where to create its logfile and where to find its config file.

-debug Sets the logging level to debug.

-log Turns on logging to radiusauth.log.

-version This display the RadiusAuth version information

-filtername,str1,str2 The username on a set,del,lookup,check command is check for 'str1' and replaced with 'str2'

-convert_nwauth nwauth_path This will create a 'nw_convert.bat' file from the nwauth.add and nwauth.txt files that when run will runn radiusauth with various command to make the Radius database match NWAuth setup.

Supported Commands

The commands below are the list of commands that this module supports. For a full description about the command see Authentication Protocol

Command	Parameters
check	<user> <pass>
lookup	<user>
quit
exit

Source:	auth_src_2.4b.zip	118k
Windows	radiusauth_2.4b_windows.zip	67k
Freebsd4	radiusauth_2.4b_freebsd4.tar.gz	31k
Linux (Libc6)	radiusauth_2.4b_linux.tar.gz	27k
Solaris	radiusauth_2.4b_solaris7_sparc.tar.gz	27k

Label	Default	Explanation
log	false	Enables verbose debug output.
unix_password	false	Only designed to be used on UNIX machines. Tells the auth program to use the UNIX password system for storing passwords.
plain_password	false	Tells the auth program to save the passwords as clear text.
domain	(none)	This is the domain that is attached when users are created in the database. eg: lynden becomes- lynden@your.default.domain
lowercase_username	false	This will convert all usernames to lowercase when comparing names.
lowercase_username_set	false	This will convert all names to lowercase before adding them to the database.
search_min	0	This is the minimum number of characters that any search routine must have before a search is performed.
radius_host	localhost	This is the IP address or Name of the Radius server.
radius_port	1812	This is the TCPIP port of the Radius server (Normally 1812)
radius_secret	(none)	This is the encryption_key that is setup on the Radius server that the Mail server needs to use.
radius_attribute	(none)	This is the Radius attribute that is used that stores the fwd and quota settings. (string)
field_username	username	The label of the username field in your table.
field_password	passwd	The label of the password field in your table.
field_forward	forward	The label of the forward field in your table. This is the forwarding information that SurgeMail uses to determine what it forwards the EMail to.
field_quota	(none)	The label of the quota field in your table. This is the disk quota the user has. eg: 100k, 10M
field_mailmask	(none)	The label of the mailmask field in your table. This is the IP mask that RadiusAuth checks against the "from IP" of the user. This forces the user to use only the specified IP.
field_maildrop	(none)	The label of the maildrop field in your table. This is the location where SurgeMail will drop the user mail files.
radius_user_file	radius.dat	This is the file where usernames/passwords are stored so that lookups without passwords can be done, eg: RadiusAuth stores the passwords itself as it adds the users.

-path	Tells RadiusAuth where to create its logfile and where to find its config file.
-debug	Sets the logging level to debug.
-log	Turns on logging to radiusauth.log.
-version	This display the RadiusAuth version information
-filtername,str1,str2	The username on a set,del,lookup,check command is check for 'str1' and replaced with 'str2'
-convert_nwauth nwauth_path	This will create a 'nw_convert.bat' file from the nwauth.add and nwauth.txt files that when run will runn radiusauth with various command to make the Radius database match NWAuth setup.