IMG 1010 - Configure Free RADIUS on Red Hat Linux
The IMG runs a RADIUS client that is configured to send CDR start & stop events to a RADIUS server. The RADIUS Server is configured on a separate server and can be running any type of operating system RADIUS is supported on. The procedure below describes how to configure the Free RADIUS application on a Linux Server running Red Hat Enterprise Linux and is intended to be used as a sample or reference only. If configuring RADIUS on a different operating system, it is up to the user to configure their own RADIUS server.
Existing RADIUS servers migrating to GCEMS software 10.5.3 must be modified to use the dictionary.dialogic file otherwise the updated VSA's will not be parsed correctly.
Requirements
Server running Linux Redhat Enterprise Linux 3.0, 4.0, 5.1, 5.4 (64-bit), or 6.7 (64-bit) with Free RADIUS installed.
When RADIUS authentication is accomplished, the username and password specified in the WebGUI for the Radius server authentication either needs to be in the /etc/raddb/users configuration -or- if using the Linux server for authentication should be added as a Linux user.
Procedure
If adding a RADIUS user by editing the users file, start with Step 1.
If using a Linux username for authentication, skip to Step 2.
If using RADIUS authentication (accounting only), skip to Step 3.
Step 1
In the Free RADIUS users file /etc/raddb/users, replace <your_username> and <your_password> with the RADIUS username and password.
<your_username> Auth-Type:=Local, User-Password==<"your_password">
Fall-Through = No
Step 2
Verify the DEFAULT Authorization Type is Reject. Edit the Free RADIUS users file /etc/raddb/users. If the following line below is missing, add it to the end of the file.
# IF NOTHING ELSE MATCHES, REJECT USER
DEFAULT Auth-Type:= Reject
Step 3
Modify the Detail File Rollover Interval in /etc/raddb/radiusd.conf. This is required for users with high call rates as the details file could reach the max file size in < 24 hours. This can cause incoming calls to be blocked and additional CDR records to not be logged.
Look for the following line around line 1030:
# Write a detailed log of all accounting records received
At the end of this line, add the %H to have the log files roll over every hour.
Step 4
Add access for each IMG by editing the clients.conf file located at /etc/raddb/clients.conf. If there are multiple IMG’s, the username should be different for each IMG.
Shortname = The username configured in the RADIUS users file and ClientView. A unique username is recommended for each IMG.username.
Secret = A password that you choose for each IMG that is used in the ClientView RadiusServer Authentication & Accounting configuration.Key used to encrypt sensitive account information transmitted between the IMG and the RADIUS server.
Password = The RADIUS password configured in the RADIUS users file and ClientView:
Step 5
Copy the dictionary.dialogic or dictionary.cantata file from /opt/dialogic/common/radius to /usr/share/freeradius. In the /usr/share/freeradius/ folder, edit the dictionary file and add the following include line.
In software 10.5.3, the dictionary.cantata file was renamed to dictionary.dialogic. Any software prior to 10.5.3 will utilize the dictionary.cantata format.
Step 6
Start the Radius service by entering the following command:
$service radiusd restart
Step 7
Set the Radius service to restart when the system restarts:
$chkconfig radiusd on
Step 8
In ClientView, Configure a Radius Client and Servers on the IMG. See Configuring RADIUS.
Step 9
Verify CDR’s are being generated. By default, the files will roll over once a day. Follow the instructions in step 3 to roll the log files over once an hour. CDR's stored at: /var/log/radius/radacct/<IMG_IP>. The file names are: detail-YYYYMMDDHH and detail-2005081801.
Step 10
Archive & delete CDR detail files. A copy of the following files can be found at /opt/dialogic/IMG/radius.
Step 11
In the /var/log/radius/radacct folder, create a script to archive files. Name the file "CDR".
Step 12
Create a cron task to run this script. This cron task can be run hourly or daily. The example below will run it hourly.
Step 13
After creating this script, either restart the cron service or restart the server. In the /etc/cron.hourly folder, create a file to run the script created in the previous step.