Follow

How can I setup Apache Websites for AuthAnvil Two Factor Auth Authentication using RADIUS?

Configuring Apache to support RADIUS Authentication

Step 1 – Run apt-get install libapache2-mod-auth-radius to install the Radius Authentication Module (radius_auth_module).

Step 2 – Configure sites and directories for RADIUS Authentication by editing/etc/apache2/sites-available/default (or whatever virtual site you want to use with AuthAnvil.)

Sample /etc/apache2/sites-available/default file:

## RADIUS configuration for AuthAnvil Radius Server
# Add configuration options for radius_auth_module
<IfModule radius_auth_module>

 

# AddRadiusAuth server[:port] <shared-secret> [ timeout [ : retries ]]
#
# Use RADIUS server on 10.10.30.3, RADIUS port is 1812,
# secret is ‘pass’, time out after 10 seconds.
# Do not allow retries since we are using Two-Factor Authentication.
AddRadiusAuth 10.10.30.3:1812 pass 10

# AuthRadiusBindAddress <hostname/ip-address>
#
# Bind client (local) socket to this local IP address.
# The server will then see RADIUS client requests will come from
# the given IP address.
# By default, the module does not bind to any particular address,
# and the operating system chooses the address to use.

# AddRadiusCookieValid <minutes-for-which-cookie-is-valid>
# The special value of 0 (zero) means the cookie is valid forever.
AddRadiusCookieValid 120

# End of the module directives
</IfModule>

# Use RADIUS authentication for the locations below

<Location /protected >
  Order Allow,Deny

# Use basic password authentication.
# AuthType Digest won’t work with RADIUS authentication.
  AuthType Basic

# Tell users where they are authenticating to
  AuthName “AuthAnvil RADIUS Server”

# Disable other authentication types
  AuthBasicAuthoritative off

# Use radius_auth_module for all authentication, and make the responses
# from it authoritative.
  AuthRadiusAuthoritative on

# Set RADIUS to be the provider for this basic authentication
  AuthBasicProvider radius

# Activate Radius Authentication for this directory.
# If there is a directory below ths one which you do NOT want to have RADIUS
# authentication for, then use a <Directory> or <Location> directive,
# and set “AuthRadiusActive Off”.  The default is “On”.
  AuthRadiusActive On  

 

 

# Require a valid user, deny access otherwise require valid-user
require valid-user

# End of the per-location directives
</Location>

Step 3: Run sudo apache2ctl stop then sudo apache2ctl start to stop and restart Apache.

Step 4: Log into the website and when it prompts for a username and password, enter your username in the username box and your AuthAnvil PIN + OTP in the password box.


Other Configurations

For assistance with other configurations, including manually building and configuring the module, check out FreeRADIUS.org’s usage guide for mod_auth_radius. This guide includes a sample httpd.conf file for other configurations, as well as instructions for implementing RADIUS security for directories using .htaccess files.

 

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk