Developers Documentation



301 error for file:

User Tools

Site Tools


RADIUS is a simple mechanism and can be added to the main core of ClearOS with relative ease so that it snaps into the LDAP infrastructure. Ideally this will be added to ClearOS 5.2 as a feature.

This spec assumes that the steps in the RADIUS HowTo have be completed as well.



A new tab should appear in the Directory » Setup section entitled 'RADIUS'.

RADIUS Service Page

The body of the page is standard.

Start/Stop ToAuto/Manual

This tab should have the typical 'Start' button for the service and also have the 'To Auto' button.


This element should be a pulldown menu that enumerates all the current groups. This is the group whose members will register as Access-Accept when the authentication request comes in.

When this element is set it changes the groupmembership_attribute value in the ldap{} element in radiusd.conf

Servers that can access this RADIUS Server

This area will look similar to Web Server page and will have the ability to add multiple entries. These entries directly affect and are enumerated by the the /etc/raddb/clients.conf file. By default, the local host entry will be enumerated and instead of the 'Remove' button, it will have a Disable/Enable button. This will comment or uncomment the entry in clients.conf.

Table will look like this:

Name Server Address Shared Secret
Debug localhost radiustest
wap w1r3l35s
server server4.mycompany.lcl VpNS3cr3t
machines cl13nt5

The output of such a configuration in /etc/raddb/clients.conf would be:

#client {
#secret = radiustest
#shortname = debugging
#nastype = other
client {
secret = w1r3l35s
shortname = wap
nastype = other
client server4.mycompany.lcl {
secret = VpNS3cr3t
shortname = server
nastype = other
client {
secret = cl13nt5
shortname = machines
nastype = other

When an entry is created, nastype is set to 'other' if the user manually specifies a different type, adding new servers/networks to the list should NOT override the manual setting of the other entries.

  • Name (shortname): should be 15 characters of less and should not have any spaces or funky characters, dashes and underscores are ok.
  • Server Address (client): can me FQDN, IP, or CIDR
  • Shared Secret (secret): Needs to be tested to see if characters such as $ or * give problems.


content/en_us/dev_apps_radius.txt · Last modified: 2015/02/28 15:36 (external edit)