Skip to main content
OCLC Support

RADIUS authentication

Overview

RADIUS authentication requires that a shared secret be configured into the RADIUS server and RADIUS client. To enable RADIUS authentication, you need to start by contacting the administrator of your RADIUS server. The administrator will need the IP address of your EZproxy server, and will likely assign the secret value for your use in EZproxy.

EZproxy's RADIUS implementation supports acting as a client using Password Authentication Protocol (PAP) with MD5.

Once you have this information, you can enable RADIUS authentication by editing and adding a line like this:

::radius=radserv.yourlib.org,secret=linkup

replacing radserv.yourlib.org with the name of your RADIUS authentication server and linkup with the shared secret assigned by your RADIUS administrator.

Please note that EZproxy defaults to using port 1645 for RADIUS service, regardless of any entry in your services files. If your RADIUS server operates on port 1812, you need to use an entry like this instead:

::radius=radserv.yourlib.org:1812,secret=linkup

Realms

If your organization uses RADIUS realms, you may specify a realm by changing the entry to:

::radius=radserv.yourlib.org,realm=abc,secret=linkup

Use of this entry would make EZproxy append "@abc" to the end of the username before sending it to the RADIUS server.

Misconfiguration issues

Due to the security design of the RADIUS protocol, if your RADIUS server or EZproxy is misconfigured, EZproxy will not be able to determine the source of the problem as it will be ignored by the server. Your RADIUS server logs may indicate the source of the problem. If EZproxy is unable to receive response from the RADIUS server, it logs messages to messages.txt stating "No response from Radius server radserv.yourlib.org".

RADIUS timeout

When communicating with your RADIUS server, EZproxy will resend the request once a second while waiting up to 5 seconds for a response. You can increase the window of time during which EZproxy will wait for a response by adding a line like this to :

RADIUSTimeout 20

This line tells EZproxy to wait for up to 20 seconds for a response from the RADIUS server.

Configuration questions

If you have any problem configuring RADIUS authentication, contact OCLC Support.