To use the RADIUS authentication protocol, deploy a server that implements this protocol, for example, FreeRADIUS (for details, see https://www.freeradius.org/).
To configure and enable RADIUS authentication
1.Copy the dictionary file dictionary.drweb located in the etc folder of Dr.Web Server to the /usr/share/freeradius folder. The dictionary contains a list of RADIUS attributes of Doctor Web (VSA—Vendor-Specific Attributes).
2.Use the command line to change the access permissions of the dictionary.drweb dictionary in the /usr/share/freeradius folder. Command example:
chmod 644 /usr/share/freeradius/dictionary.drweb |
3.Add the path to the dictionary.drweb dictionary file copied previously to the end of the <RADIUS_configuration_folder>/dictionary reference file:
$INCLUDE/usr/share/freeradius/dictionary.drweb |
|
The path to the RADIUS configuration folder depends on the OS and the FreeRADIUS version. You can check the folder location in the FreeRADIUS official documentation at https://www.freeradius.org/documentation/. |
4.Add an entry with the administrator login credentials to be used for authentication on Dr.Web Server, as well as the DrWeb-ES-Adm-Flag attribute (tab-indented) that identifies a user as a Dr.Web Server administrator, to the beginning of the <RADIUS_configuration_folder>/users user account configuration file:
<login> Cleartext-Password := "<password>" DrWeb-ES-Adm-Flag = 1 |
5.Enable RADIUS authentication on Dr.Web Server: select Administration in the main menu of the Control Center, then select Authentication in the control menu → RADIUS authentication and set the Use RADIUS authentication flag.
6.Specify the basic Dr.Web Server to RADIUS server communication parameters in the Connection settings subsection:
•Server—IP address or DNS name of the RADIUS server.
•Port—port number on the RADIUS server.
•Password—password specified in the client settings of the RADIUS server configuration (secret).
7.If necessary, specify the additional parameters:
•Set the Allow only HTTPS connections flag to forbid connecting to Dr.Web Server using RADIUS authentication over an insecure HTTP connection.
•In the Time-out field, specify the maximum wait time for a RADIUS server response in seconds.
•In the Retries number field, specify the maximum number of attempts to reconnect to the RADIUS server.
•In the NAS identifier field, specify the NAS (Network Access Server) identifier value. According to RFC 2865, the NAS identifier may be used instead of the IP address or DNS name as the client identifier when connecting to a RADIUS server.
8.Click Save.
9.Restart Dr.Web Server to apply changes.
You can also use the auth-radius.conf configuration file located in the etc folder of Dr.Web Server to configure the parameters of RADIUS authentication. In addition to the parameters available for configuration in the Control Center, the NAS IP address can be specified in the configuration file.