HOME

FolkeHacks - mod_auth_xradius NAS-Identifier Enhancement

mod_auth_xradius NAS-Identifier Enhancement

This is a hack for the mod_auth_xradius authentication module for apache 2.0 from OutOfOrder.cc's mod_auth_xradius


With mod_auth_xradius you can do BasicAuthentication using a Radius-Server.

mod_auth_xradius sends as NAS-Identifier just the hostname of the virtual-host of the accessed website, but if you have different secured websites within one virtual-host and if you want to check on your radius-server which of the websites has been accessed, you probably need my patch.

mod_auth_xradius NAS-Identifier Enhancement gives you the possibility to set the NAS-Identifier on a per-directory base (.htaccess or <Location ...>).

Also available
For freeradius.org's mod_auth_radius (which supports good old apache 1.0) i've wrote a patch with exactly the same enhancement.
It can be found here: Goto my mod_auth_radius NAS-Identifier hack

Installation:


Untar the original mod_auth_xradius_v0.4.X.tar.bz2 , dive into new directory and then apply the patch:
# cat mod_auth_xradius.nasname.diff | patch -p0

Then compile and install as usual (./configure, make, make install) (note for debian users: configure needs --with-apxs=/usr/bin/apxs2).

Usage:


The parameter AuthXRadiusNasName is new. Can be used in <Directory> or .htaccess.
If AuthXRadiusNasName is not set then ServerName is sent as NAS-Identifier insted - this is the default behaviour without my patch.
A sample config looks like:

.htaccess:
AuthType Basic
AuthName "SQL-Admin"
AuthXRadiusAddServer "123.123.123.123:1645" "verysecurepassword"
AuthXRadiusRetries 2
AuthXRadiusTimeout 2
AuthXRadiusNasName "anystringwhichissenttoradiusserver"
require valid-user

Note on mod_auth_xradius with Apache 2.2:

Apache >= 2.1 needs AuthBasicProvider, otherwise you'll get errors like:
#[Mon Apr 30 15:09:11 2007] [error] [client 192.168.10.136] (9)Bad file descriptor: Could not open password file: (null)
#[Mon Apr 30 15:09:11 2007] [error] Internal error: pcfg_openfile() called with NULL filename
You have to add this to your .htaccess:
AuthBasicProvider "xradius"

Download:


Patch for mod_auth_xradius-0.4.6: mod_auth_xradius-0.4.6-nasname.diff

Back to FolkeHacks



HOME

© 1999-2018 by Folke Ashberg | <>