Kiwire 2.0 Documentation

  1. Home
  2. Docs
  3. Kiwire 2.0 Documentation
  4. Integrations
  5. Radius

Radius

The radius integrations module let you authenticate users with an external Radius server. The external Radius servers must accessible to the Kiwire platform for radius integration to work. Kiwire support authentication with multiple radius server or single server with multi profile by using realm suffix.

* NOTE : Remember to add Kiwire IP address into the Radius server as NAS device for Kiwire to integrate successfully.

Mode of Operation

Kiwire supports 2 mode of radius integration which are radius pass thru mode and override profile mode. Kiwire also have built-in features that check if the attribute replied by external radius server match with the realm configuration configured. This is useful in event you have multiple profile for each users group, using profile checks we will be able check if the realm suffix requested by user match the correct realm.

Mode : Radius Pass Thru

The radius pass thru mode, let you authenticate your users with the external radius and carry forward the restriction & profiles over to the Kiwire, if the user have 30 minutes credit left from the external radius , the user will also have the same 30 minutes restrictions when authenticating.

  1. User send username and password.
  2. External radius reply authentication status and associated profiles from the external radius.
  3. Kiwire will check if user granted authentication, temporary profile will be created on Kiwire profiles database, Kiwire will optional perform a secondary check if attribute response matched with keyword set during add radius connection setup. If attribute does not match, it will be rejected to authenticate.
  4. Kiwire will send the attributes it received from the external radius to the NAS and let user connect to network with attributes.
  5. Kiwire will send accounting information to the external radius server. In event of user disconnected from network.

Mode : Override Profile

In the override profile mode, Kiwire will only use external radius as authentication host only. If the user authenticated successfully will be assign a locally created Kiwire profiles when login. This is useful for multi group, single external radius server setup or if you wish to provide an different profile  for users when they connect to networks.

  1. User send username and password.
  2. External radius reply authentication status.
  3. Kiwire will check if user authenticated successfully. A locally assigned profile to the realm will be attached to the user’s authentication.
  4. Kiwire will optionally perform secondary check if attribute response matched with keyword set during add radius connection.
  5. Kiwire will send the local assign profiles to NAS and let user connect to network.
  6. Kiwire will send accounting information to the external radius server.

Radius Connection

To access the radius module click on Integration > Radius from the navigation. On the radius listing module, you may search for specific radius connection by using the search field.

The listed fields and its meaning are:

FieldMeaning & functions
RealmThe realm of radius.
Auth HostThe accounting host for the external radius server.
Acct HostThe accounting host for the external radius server.
NAS IDThe assumed NAS ID of Kiwire to the external radius server.
ProfileThe profile that link with the radius realm.
StatusEnable or disabled entry.
ActionModules action :  To edit the setting of the entry.  To delete the entry.

Add New Radius Connection

To add new radius connection to Kiwire platform, click on “Add Radius Connection” buttonand populate the required fields. Fill in the field with relevant information to complete the process.

The listed fields and its meaning are:

FieldFunction
RealmDefine a realm which user will use to that will trigger authentication with 3rd party radius.E.g. Domain, then username@domain will authenticate with the selected radius server as username / password.
Authentication hostThe IP address of the external radius server for use with authentication query.E.g.  192.168.0.5:1812
Accounting HostThe IP address of external radius server for accounting host.E.g.  192.168.0.5:1813
SecretThe shared password between NAS and the external radius server.
NAS IdentifierThe NAS client identifier for Kiwire that will use for communication to the external radius.
Realm in UsernameIf enabled Kiwire will send the username together with realm to the authentication and accounting host.E.g. If realm is domain the username send will be username@domain instead of username only.
Link ProfileIf no profile is selected, Kiwire will use pass thru mode for the radius integration. If a local profile is selected, it will use local profile override mode.
Local ProfileSelect the local profile.
Expiry (Days)The expiry date assign to the user when they 1st login to network successfully.
KeywordKeyword for Kiwire to perform checking on the external radius reply on the attributes received. Leave blank if you do not need to check for attributes match checking function.
Data TypeThe data type of the attributes.
Zone RestrictionDefault zone restriction assigned to user who login thru external radius. Leave it to “none” if you do not wish to assign restriction to users.
EnabledEnable or disable this function.

Edit / Delete Radius Connection

Click the edit icon on the listing screen to edit the setting of the radius connection. The edit screen be display which you can edit the setting of the radius connection. Click on the delete icon to delete the radius connection. A prompt will be display to ask for your confirmation to proceed to delete the radius connection. Please exercise with cautions as this not a reversible action.

Was this article helpful to you? Yes No

How can we help?