Documentation

Introduction

Introduction to configuration

Package file structure

Radiator uses a configuration layout (identical for container and host installations):

  • Binary: /opt/radiator/server/bin/radiator
  • Other read-only assets (dictionaries, templates, built‑in failsafe): /opt/radiator/server/
  • Working directory (mutable runtime & configuration): /var/lib/radiator. This should not grow to be more than a gigabyte.
  • Logs: /var/log/radiator. This can grow up to several gigabytes depending on logging verbosity. See radiator sizing.
  • Main configuration file: /var/lib/radiator/radiator-server.radconf
  • Additional configuration fragments: /var/lib/radiator/radconf.d/**/*.radconf (referenced via an include_glob)

Example startup (see Containerfile):

/opt/radiator/server/bin/radiator \
    --working-directory /var/lib/radiator \
    --configuration-file radiator-server.radconf

Legacy layout (for reference only): Some older deployments use a main file /etc/radiator/radiator-server.conf which includes multiple fragment files under /etc/radiator/conf.d/*.conf. New installations should not create new /etc/radiator based trees. To migrate, move each fragment into /var/lib/radiator/radconf.d/ (any directory structure you prefer) and replace the individual include lines with a single include_glob "radconf.d/**/*.radconf" in radiator-server.radconf.

Suffix of Radiator configuration files has been changed to .radconf to make it easier to distinguish it from some generic .conf file.

Introduction to Radiator Policy Server configuration structure

The basic structure of a Radiator configuration file is shown below. The configuration file sets up listening to requests from the network, defining allowed request sources, specifying backends from which users are authenticated and policies that tie together clients, policies and users.

A full configuration adds logging, statistics, web GUI and other configuration parameters too. These will be shown later in this guide.

servers {
    # Sets up sockets that listen to incoming messages
}

clients {
    # Clients specify where messages are acceepted from
    # This includes source IP addresses, Radius shared shared secets
}

dictionary {
    # Required for Radius. Includes Radius attribute defintions
}

backends {
    # Tells where end user information is stored.
    # Examples are SQL, HTTP REST and files
}

aaa {
    # Authentication, Authorization and Accounting policies
    policy "policy_name" {
        handler "handler_name" {
            conditions name {
                # When conditions are true, this handler processes the request
            }
            authentication {
                # How to authenticate with a previously defined backend
            }
            authorization {
                # Fiber connection speed, virtual LAN
                # or other user specific settings
            }
            accounting {
                # How to handle accounting: store, forward and reply
            }
            # More configuration blocks to define
            # logging and other possible processing
        }
    # Optional additional handlers
    }
}

A full configuration file can grow very long very quickly. The sample configurations that come with Radiator split the configuration into easily manageable files as shown here.

Full configuration sample: RADIUS/PAP

This is the main configuration file of a sample that shows a minimal Password Authentication Protocol (Radius/PAP) configuration. This file comes with Radiator and can be found in /opt/radiator/server/doc/example-configurations/pap-minimal

This configuration file simply includes the blocks described in the outline section. What it also includes are logging and management settings, including web GUI based management, and templates used to log authentication events and accounting messages.

As an example of a special feature in Radiator this configuration enables packet capture. Packet capture allows saving the received and sent messages in a file that can be later viewed with a tool, such as Wireshark. Even SSL/TLS encrypted connections can be decrypted with Radiator's capture.


Unified layout example:

```text
# Main file: /var/lib/radiator/radiator-server.radconf

# Load all configuration fragments relative to server root
include_glob "radconf.d/**/*.radconf";

# Example fragment under /var/lib/radiator/radconf.d/logging.radconf:
# logging {
#     # logging configuration entries
# }

Detailed look: what's in a backend configuration

Backends configuration for PAP is simple: the usernames, passwords and other user information is kept in a file named by the confguration parameter filename.

The backend has name USER_INTERNAL_FILE. This name is used by the other parts of the configuration when they need information from a backend.

This is the full contents of file /var/lib/radiator/radconf.d/backends.radconf

backends {

    # file backend configuration
    file "USERS_INTERNAL_FILE" {
        filename "/var/lib/radiator/db/users-internal/users-internal.file";
    }

}