RADIUS authentication requires that a shared secret be configured into the RADIUS server and RADIUS client. To enable RADIUS authentication, you need to start by contacting the administrator of your RADIUS server. The administrator will need the IP address of your EZproxy server, and will likely assign the secret value for your use in EZproxy.
EZproxy's RADIUS implementation supports acting as a client using RFC1994 CHAP with MD5.
Once you have this information, you can enable RADIUS authentication by editing user.txt/ezproxy.usr and adding a line like this:
replacing radserv.yourlib.org with the name of your RADIUS authentication server and linkup with the shared secret assigned by your RADIUS administrator.
Please note that EZproxy defaults to using port 1645 for RADIUS service, regardless of any entry in your services files. If your RADIUS server operates on port 1812, you need to use an entry like this instead:
If your organization uses RADIUS realms, you may specify a realm by changing the entry to:
Use of this entry would make EZproxy append "@abc" to the end of the username before sending it to the RADIUS server.
Due to the security design of the RADIUS protocol, if your RADIUS server or EZproxy is misconfigured, EZproxy will not be able to determine the source of the problem as it will be ignored by the server. Your RADIUS server logs may indicate the source of the problem. If EZproxy is unable to receive response from the RADIUS server, it logs messages to messages.txt/ezproxy.msg stating "No response from Radius server radserv.yourlib.org".
When communicating with your RADIUS server, EZproxy will resend the request once a second while waiting up to 5 seconds for a response. You can increase the window of time during which EZproxy will wait for a response by adding a line like this to config.txt/ezproxy.cfg:
This line tells EZproxy to wait for up to 20 seconds for a response from the RADIUS server.
If you have any problem configuring RADIUS authentication, contact firstname.lastname@example.org.