Understanding freeradius

Alan DeKok aland at deployingradius.com
Fri Dec 12 15:30:37 CET 2008

> I'm currently developing a new 802.11 authentication and association
> protocol to achieve fast handovers in 802.11 infrastructured networks.
> I need to add a new module to freeradius to manage new keys that will be
> derived during the initial 802.1X authentication.
> What I need from freeradius is to add new attributes in the
> Access-Request and Access-Accept messages and save some data in a new
> structure for each user.

  That should be easy.

> I've been looking at the code, and reading the wiki trying to understand
> how freeradius work, but  with no success.

  See src/modules/rlm_example for an example module.  It uses the
internal API to look for, and add, sample attributes.

> Can anyone help me getting started by pointing some functions where the
> freeradius reads and constructs messages, sends and receive and how it
> choses the authentication method, or any other useful information that
> may help me achieve my goal?

  Don't look at the functions that send/receive messages.

  The server is designed so that the modules don't have to understand
how it processes RADIUS packets.  The server is designed so that the
modules don't need to know how authentication methods are chosen.

  See the CHAP module for a simple example of a module that looks for
certain attributes, and does authentication.

  See the MS-CHAP module for a more complicated example of a module that
adds attributes to the Access-Accept.

  Alan DeKok.

More information about the Freeradius-Devel mailing list