RADIUS Authentication

To use the RADIUS authentication protocol, you must install a server that implements this protocol, e.g., freeradius (for details, see https://freeradius.org/).

Before you start configuring RADIUS authentication, make sure that the dictionary.drweb file located in the etc folder of Dr.Web Server is copied to the /usr/share/freeradius directory. The dictionary stores the list of RADIUS attributes of Doctor Web company (VSA—Vendor-Specific Attributes).

Use the command line to change the access permissions of the dictionary.drweb file located in the /usr/share/freeradius directory. Command example to change the access permissions:

chmod 644 /usr/share/freeradius/dictionary.drweb

Add the following line to the end of the /etc/raddb/dictionary file:

$INCLUDE/usr/share/freeradius/dictionary.drweb

Add the following lines to the beginning of the /etc/raddb file:

<Login> Cleartext-Password := "<password>"

DrWeb-ES-Adm-Flag = 1

After you complete these steps, enable RADIUS authentication via the Control Center.

To enable RADIUS authentication

1.Select Administration in the main menu of the Control Center.

2.Select Authentication in the control menu.

3.In the opened window, select RADIUS authentication section.

4.Set the Use RADIUS authentication flag.

5.Click Save.

6.Restart Dr.Web Server to apply changes.

In the Control Center you can specify the following parameters for the RADIUS server communication:

Server, Port, Password—parameters for connection to the RADIUS server: IP address/DNS name, port number, password (secret) correspondingly.

Timeout—time for waiting the response from the RADIUS server, in seconds.

Retries number—maximum number of retries to connect the RADIUS server.

Also, you can setup additional RADIUS parameters via the auth-radius.conf configuration file located in the etc folder of Dr.Web Server.

Besides parameters that are specified via the Control Center, in the configuration file you can specify the NAS identifier value. This identifier according to the RFC 2865, can be used instead of IP address/DNS name as a client's identifier for connection to the RADIUS server. In the configuration file it is stored in the following form:

<!-- NAS identifier, optional, default - hostname -->
<nas-id value="drwcs"/>