Apr 062011

Few notes to myself, to avoid forgetting a cool thing I’ve just learned.

The need is to implement radius based authentication to access a directory on Apache2 Web server.

Here’s how to proceed (instructions have been tested on an Ubuntu 10.10).

First, you need to install the needed module for Radius authentication on Apache2, using the command:

apt-get install libapache2-mod-auth-radius

Then, you need to enable it with command:

a2enmod auth_radius

You need now to make your apache web server aware of where to send authentication requests for Radius. There are two ways, depending if you want to make this configuration apache-wide (therefore edit /etc/apache2/http.conf) or if you want to limit it to a specific virtual host (thus you’ll edit /etc/apache2/sites-enabled/<yoursitename>.conf).

Add the line:

AddRadiusAuth <IP address of the Radius server>:<port where Radius service is listening> <shared secret> [timeout [:retries]]

Assuming you want to protect a specific directory called auth-test, you can insert the following directive in your site/virtualhost configuration file (/etc/apache2/sites-enabled/<yoursitename>.conf):

<Directory “/var/www/testmyauth”>
Options Indexes FollowSymlinks
AuthType Basic
AuthName “Roarin RADIUS Authentication”
AuthBasicAuthoritative Off
AuthBasicProvider radius
AuthRadiusAuthoritative on
AuthRadiusActive On
Require valid-user


Naturally you might add the above directives also in a .htaccess file in the directory you want to protect with Radius based authentication…

Finally, restart or reload you apache2 using one of the commands:

service apache2 reload

service apache2 restart

Enjoy 😉