Creating freeRADIUS extensions (beginner)

Phil Mayers p.mayers at imperial.ac.uk
Sun Apr 3 21:25:11 CEST 2011


On 04/03/2011 04:07 PM, Tiberiu Breana wrote:
> Hello.
> I'm doing my thesis project on advanced authentication techniques. I
> want to use freeRADIUS to implement extensions regarding one or more of
> the following:

I don't want to sound like I'm being discouraging, but none of those are 
"advanced" IMO.

> 1)Location-based authentication

See RFC 5580

> 2)Prepay codes for timed access

This is either just "normal" authentication, or at most token-card auth 
(e.g. EAP-GTC). Or do you mean something else?

> 3)QoS parameters (allocate network resources according to the user's
> services)

This is usually just extra attributes in the Access-Accept, or using CoA 
packets to update mid-sessions.

>
> Do you think these extensions are 'doable' for a beginner?

None of these seem very hard. They probably don't need new modules - you 
could probably write the policies needed in "unlang".

> What are the major steps in implementing a new module? From what I've
> understood so far, I have to create a .c file and add some attributes to
> the dictionary. Is implementing new message types difficult? (does the
> finite-state machine need to be modified?)

Implementing new radius message types is an error. Don't do that. Lots 
and lots of experienced people e.g. equipment vendors get RADIUS wrong; 
there's little chance you'll avoid those mistakes.

>
> Any advice/information/tips are greatly welcome. Thanks!

Don't be offended but: I'd spend some time actually looking at what 
FreeRADIUS can do, and reading the RFCs for radius-related 
authentication methods. The server comes with a list of applicable RFCs.

HTH,
Phil



More information about the Freeradius-Users mailing list