Configuring Apache to support RADIUS Authentication
Step 1 – Run apt-get install libapache2-mod-auth-radius to install the Radius Authentication Module (radius_auth_module).
Step 2 – Configure sites and directories for RADIUS Authentication by editing/etc/apache2/sites-available/default (or whatever virtual site you want to use with AuthAnvil.)
Sample /etc/apache2/sites-available/default file:
## RADIUS configuration for AuthAnvil Radius Server # Add configuration options for radius_auth_module <IfModule radius_auth_module>
# AddRadiusAuth server[:port] <shared-secret> [ timeout [ : retries ]] # AuthRadiusBindAddress <hostname/ip-address> # AddRadiusCookieValid <minutes-for-which-cookie-is-valid> # End of the module directives # Use RADIUS authentication for the locations below <Location /protected > # Use basic password authentication. # Tell users where they are authenticating to # Disable other authentication types # Use radius_auth_module for all authentication, and make the responses # Activate Radius Authentication for this directory.
# Require a valid user, deny access otherwise require valid-user # End of the per-location directives |
Step 3: Run sudo apache2ctl stop then sudo apache2ctl start to stop and restart Apache.
Step 4: Log into the website and when it prompts for a username and password, enter your username in the username box and your AuthAnvil PIN + OTP in the password box.
Other Configurations
For assistance with other configurations, including manually building and configuring the module, check out FreeRADIUS.org’s usage guide for mod_auth_radius. This guide includes a sample httpd.conf file for other configurations, as well as instructions for implementing RADIUS security for directories using .htaccess files.
Questions?
If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.