User Guide

Integrate Access Manager With Freeradius

Access Manager and Freeradius are two independent applications. So, to make them work together, we use Freeradius's exec module. We'll be creating two sub-modules to the FR's exec module. One to check if Access Manager wants given user to be authenticated or rejected. And another one to update Access Manager on all accounting requests it receives. Let's create these by editing freeradius/modules/exec.

user@host~$  cd /etc/freeradius
user@host~$  sudo nano modules/exec

Add following code to the end of the file

exec am-authorize {
input_pairs = request
shell_escape = yes
wait = yes
output_pairs = reply
program = "/usr/bin/php /var/www/html/access-manager/radius am:authorize %u"
}

exec am-accounting {
input_pairs = request
shell_escape = yes
wait = no
output = none
program = "/usr/bin/php /var/www/html/access-manager/radius am:account %Z "
}

Adding above mentioned code creates two new sub-modules named 'am-authorize' and 'am-accounting'. Next, we've to tell freeradius to use them for authorization & accounting. To do so edit the default virtual server. And add 'am-authorize' and 'am-accounting' in their respective code blocks. 'am-accounting' block can be added anywhere with-in the accounting{ .. } block. But, 'am-authorize' should be added, in authorize{ ...} block, before the sql module.

user@host~$  nano sites-enabled/default
authorize{
am-authorize
.......
.........
sql
}
accounting{
am-accounting
....
}

Congratulations! You've successfully completed the server setup. Now, Add A New Router and start authenticating your users.