Radiator Policy Server configuration guide

Radiator is configured using a file or web based GUI. This guide currently describes file based configuration.

Configuration file structure

Radiator's configuration file location defaults to /etc/radiator/radiator-server.conf Directory /etc/radiator typically contains more files and directories Radiator's configuration requires.

The basic structure of a Radiator configuration file is shown below. The configuration file sets up listening to requests from the network, defining allowed request sources, specifying backends from which users are authenticated and policies that tie together clients, policies and users.

A full configuration adds logging, statistics, web GUI and other configuration parameters too. These will be shown later in this guide.

servers {
    # Sets up sockets that listen to incoming messages
}

clients {
    # Clients specify where messages are acceepted from
    # This includes source IP addresses, Radius shared shared secets
}

dictionary {
    # Required for Radius. Includes Radius attribute defintions
}

backends {
    # Tells where end user information is stored.
    # Examples are SQL, HTTP REST and files
}

aaa {
    # Authentication, Authorization and Accounting policies
    policy "policy_name" {
        handler "handler_name" {
            conditions name {
                # When conditions are true, this handler processes the request
            }
            authentication {
                # How to authenticate with a previously defined backend
            }
            authorization {
                # Fiber connection speed, virtual LAN
                # or other user specific settings
            }
            accounting {
                # How to handle accounting: store, forward and reply
            }
            # More configuration blocks to define
            # logging and other possible processing
        }
    # Optional additional handlers
    }
}

A full configuration file can grow very long very quickly. The sample configurations that come with Radiator split the configuration into easily manageable files as shown here.

Full configuration sample: RADIUS/PAP

This is the main configuration file of a sample that shows a minimal Password Authentication Protocol (Radius/PAP) configuration. This file comes with Radiator and can be found in /opt/radiator/server/doc/example-configurations/pap-minimal

This configuration file simply includes the blocks described in the outline section. What it also includes are logging and management settings, including web GUI based management, and templates used to log authentication events and accounting messages.

As an example of a special feature in Radiator this configuration enables packet capture. Packet capture allows saving the received and sent messages in a file that can be later viewed with a tool, such as Wireshark. Even SSL/TLS encrypted connections can be decrypted with Radiator's capture.

# Radiator logging configuration
include "/etc/radiator/conf.d/logging.conf";

# Radiator logging templates
include "/etc/radiator/conf.d/templates-logging.conf";

# Radiator license configuration
include "/etc/radiator/conf.d/license.conf";

# Radiator dictionary configuration
include "/etc/radiator/conf.d/dictionary.conf";

# Radiator packet capture support
include "/etc/radiator/conf.d/capture.conf";

# Radiator statistics configuration
include "/etc/radiator/conf.d/statistics.conf";

# Radiator management interface configuration
include "/etc/radiator/conf.d/no-management.conf";
#include "/etc/radiator/conf.d/management.conf";

# Radiator backend configuration
include "/etc/radiator/conf.d/backends.conf";

# Radiator RADIUS client configuration
include "/etc/radiator/conf.d/clients-radius.conf";

# Radiator RADIUS server configuration
include "/etc/radiator/conf.d/servers-radius.conf";

# Radiator Authentication, Authorisation and Accounting policies
include "/etc/radiator/conf.d/policies.conf";

Detailed look: what's in a backend configuration

Backends configuration for PAP is simple: the usernames, passwords and other user information is kept in a file named by the confguration parameter filename.

The backend has name USER_INTERNAL_FILE. This name is used by the other parts of the configuration when they need information from a backend.

This is the full contents of file /etc/radiator/conf.d/backends.conf

backends {

    # file backend configuration
    file "USERS_INTERNAL_FILE" {
        filename "/var/lib/radiator/db/users-internal/users-internal.file";
    }

}