We recently added support for RADIUS to Mini Maxwell. This allows Mini Maxwell to be controlled by HTTPS.
We first used the relatively well known mod_auth_radius module for the Apache web server.
However we hit a snag – mod_auth_radius can handle only one RADIUS server. It has no way to define a fallback RADIUS server that will be used if the primary one is non-responsive.
We found an alternative – mod_auth_xradius.
However, the current version, v.0.4.6 is fairly old and needs some patches to give it the ability to accommodate multiple RADIUS servers.
We found some useful material at http://www.howtoforge.com/apache_radius_two_factor_authentication. However the patch shown there had some white-space issues which caused the patch process to fail.
So below is a version of the patch that we use – it is essentially identical to the original patch but with clean white-space.
--- src/mod_auth_xradius.c.orig 2012-03-15 14:19:25.000000000 -0700 +++ src/mod_auth_xradius.c 2012-03-15 14:23:20.000000000 -0700 @@ -125,15 +125,15 @@ rctx = xrad_auth_open(); /* Loop through the array of RADIUS Servers, adding them to the rctx object */ - sr = (xrad_server_info *) dc->servers->elts; for (i = 0; i servers->nelts; ++i) { - rc = xrad_add_server(rctx, sr[i].hostname, sr[i].port, sr[i].secret, + sr = &(((xrad_server_info*)dc->servers->elts)[i]); + rc = xrad_add_server(rctx, sr->hostname, sr->port, sr->secret, dc->timeout, dc->maxtries); if (rc != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "xradius: Failed to add server '%s:%d': (%d) %s", - sr[i].hostname, sr[i].port, rc, xrad_strerror(rctx)); + sr->hostname, sr->port, rc, xrad_strerror(rctx)); goto run_cleanup; } } @@ -294,7 +294,7 @@ /* To properly use the Pools, this array is allocated from the here, instead of inside the directory configuration creation function. */ if (dc->servers == NULL) { - dc->servers = apr_array_make(parms->pool, 4, sizeof(xrad_server_info*)); + dc->servers = apr_array_make(parms->pool, 4, sizeof(xrad_server_info)); } sr = apr_array_push(dc->servers);
## This Loads mod_auth_xradius into Apache LoadModule auth_xradius_module /usr/lib/apache/mod_auth_xradius.so# AuthXRadiusCache none - AuthXRadiusCache dbm "/var/cache/auth_xradius_cache" AuthXRadiusCacheTimeout 300 # See http:http://www.outoforder.cc/projects/httpd/mod_auth_xradius/docs/ AuthName "RADIUS authentication for something or other" AuthType Basic AuthXRadiusAddServer "10.0.0.10:1812" "2secrets" AuthXRadiusAddServer "10.0.0.11:1812" "secret1" AuthXRadiusTimeout 5 AuthXRadiusRetries 3 AuthBasicProvider xradius Require valid-user