Creating freeRADIUS extensions (beginner)
Phil Mayers
p.mayers at imperial.ac.uk
Sun Apr 3 21:25:11 CEST 2011
On 04/03/2011 04:07 PM, Tiberiu Breana wrote:
> Hello.
> I'm doing my thesis project on advanced authentication techniques. I
> want to use freeRADIUS to implement extensions regarding one or more of
> the following:
I don't want to sound like I'm being discouraging, but none of those are
"advanced" IMO.
> 1)Location-based authentication
See RFC 5580
> 2)Prepay codes for timed access
This is either just "normal" authentication, or at most token-card auth
(e.g. EAP-GTC). Or do you mean something else?
> 3)QoS parameters (allocate network resources according to the user's
> services)
This is usually just extra attributes in the Access-Accept, or using CoA
packets to update mid-sessions.
>
> Do you think these extensions are 'doable' for a beginner?
None of these seem very hard. They probably don't need new modules - you
could probably write the policies needed in "unlang".
> What are the major steps in implementing a new module? From what I've
> understood so far, I have to create a .c file and add some attributes to
> the dictionary. Is implementing new message types difficult? (does the
> finite-state machine need to be modified?)
Implementing new radius message types is an error. Don't do that. Lots
and lots of experienced people e.g. equipment vendors get RADIUS wrong;
there's little chance you'll avoid those mistakes.
>
> Any advice/information/tips are greatly welcome. Thanks!
Don't be offended but: I'd spend some time actually looking at what
FreeRADIUS can do, and reading the RFCs for radius-related
authentication methods. The server comes with a list of applicable RFCs.
HTH,
Phil
More information about the Freeradius-Users
mailing list