Configuration consists of several distinct areas:
A minimal server (two are found in the examples directory, a terminal authentication server and a pure proxy server) would look something like this:
// Create the RADIUS server.
RADIUSServer rs = new RADIUSServer();
// Set up SNMP - this must be done immediately since many methods depend on this.
// If you don't want SNMP enabled just use the startSNMP() method
// without any parameters:
// rs.startSNMP();
//
// First get the trap manager's address.
try {
snmpManager = InetAddress.getByName("192.168.1.101");
} catch (UnknownHostException uhe) {
System.err.println("Can't get snmp manager address, disabling traps.");
snmpManager = null;
}
// Start SNMP with the default read/write communities and trap community.
// Set the port number (normally 161) for the SNMP receiver. This is set
// to 163 to avoid conflicts with any existing SNMP agents on this machine.
// Set the trap manager and it's port number.
rs.startSNMP("public", "private", "public", 163, snmpManager, 162);
// The server is multi-homed by default. This may be changed to a single
// address (defined by the setServerInfo() method below) using the following
// method. True for multi-home, false for single-home.
rs.setMultihome(true);
// Set up logging for the implementations.
// The logging implementations allow two things - set up the server and
// debugging logs, and initialize anything that other implementations may
// need. The indirection through a 'factory' allows the implementation
// classes to be initialized or found using another class loader.
// Create the main server log file name and pass it to the implementation.
String svrLogFile = "server.log";
rs.setServerLogImplFactory(new MakeSvrLog(serverLogFile));
// Create a debug log file. This is required even if you aren't planning
// to do any debugging. This is because debugging may be enabled or
// disabled at any time.
// Create the debug log file name and pass it to the implementation.
String dbgLogFile = "debug.log";
rs.setDebugLogImplFactory(new MakeDbgLog(dbgLogFile));
// Set up an initial set of NAS's so the authentication and accounting
// have something to work with. NAS's may be added or removed anytime
// during the life of the accounting and authentication servers.
// Create two NASs with the address 192.168.1.1 and .2, no NAS-Identifier,
// a secret, and the NAS-IP-Address is enforced.
// By enforced it means that all packets from this NAS MUST have a
// NAS-IP-Address that matches the one given here and the NAS-Identifier
// must match the NAS Identifier. Unenforced NAS's do not have to have
// matches for their packets to be accepted. If the fastNAS(true) method is
// used it disables all NAS identifier attribute checking and only checks
// that the source address is correct.
NAS n;
n = new NAS(InetAddress.getByName("192.168.1.1", "", "test1", true);
rs.addNAS(n);
n = new NAS(InetAddress.getByName("192.168.1.2", "", "test2", true);
rs.addNAS(n);
// Create a proxy target. This is used if the server will act as a proxy
// to another server. In this case we'll add one proxy server with the
// realm name "proxy.axl" with standard ports, a secret of "proxysecret",
// and no enforcement of NAS attribute information.
ProxyTarget pt = new ProxyTarget("proxy.axl", "192.168.1.13",
RADIUSSERVER.AUTH_PORT, RADIUSSERVER.ACCT_PORT,
"proxysecret", false);
// Set up this server's host information. This describes the server.
// The server is at the address 192.168.1.3. This is the only address the
// server will respond to if your used method setMultihome(false).
// The realm information is the name of this server. It's really only
// useful if this server is a proxy target. Any name will do.
// Use the default ports for authentication and accounting.
rs.setServerInfo(InetAddress.getByName("192.168.1.3"),
"server.auth", RADIUSSERVER.AUTH_PORT, RADIUSSERVER.ACCT_PORT);
// Set up the authentication and accounting implementations.
// If you're not using one or the other service you need not set up
// an implementation. For example if the server is only handling
// accounting only the setAccountingImplFactory() needs to be called.
// Set up the AccessImpl to handle authentications.
rs.setAccessImplFactory(new MakeAccess());
// Set up the AccountingImpl to handle accounting requests.
rs.setAccountingImplFactory(new MakeAccounting());
// Turn on debugging and log all server requests, failures, and successes.
// Debugging by default is initially off and the server log will not
// show successes or failures to authenticate.
rs.startDebug();
rs.setServerLogAll();
// fastNAS(true) will enable fast NAS checking - only the source address needs
// to be correct to accept a packet. Setting this to false requires that at least the
// NAS-IP-Address or NAS-Identifier attribute matches the source address.
// Set it to true for a faster server. There is no security breach
// setting this to true.
// It will be impossible to have a NAS and a server on the same machine
// if this is set to 'true';
rs.setFastNAS(true);
// Start the authentication & accounting servers.
rs.startAuthenticationServer();
rs.startAccountingServer();
while (true) // wait while threads run.
try {
Thread.sleep(10000);
} catch (InterruptedException ie) {
// Don't care
}