www.Itconsult2000.
com
WinRadius User Guide
1. Introduction 1.1 Description
WinRadius is a standard RADIUS server for network authentication, accounting. It's easy to use, and can be used for telecommunication accounting platform, PPP authentication, accounting server. It support PPP, PPPoE, PPTP, VPN, VoIP, ADSL, Cable Modem, CDMA, GSM, GPRS, WLAN(802.1x), etc. WinRadius is suitable for intelligent building, wide-band network, remote CAI, ISP, VPN, IP Phone, and so on. It's a stable, full-functioned solution. Now, WinRadius can support more than 100 kinds of NAS. And there are more than 5000 users of WinRadius in the world; you are welcome to join in this tide.
1.2 Features
WinRadius can real-timed process all kinds of authentication, accounting message, such as PPP, PPPoE, PPTP, VPN, VoIP, ADSL, Cable Modem, CDMA, GSM, GPRS. Can generate many Log information and all this Log can be viewed or saved on both server side and client side. Support authentication, accounting port configuration, interim-update and multi-keys. Support binding your user to a telephone number or MAC address. Support all kinds of database by use ODBC to connect database, such as Sql Server, MySql, Oracle, etc. Support all kinds of Windows OS. Support PAP, CHAP, MS-CHAPv1, MS-CHAPv2, EAP-MD5, 802.1x. Can response very fast by using Cache and multi-thread structure of mainframe. Can automatic backup data while database shutdown and recover while database is OK. Can communicate safely by using safe communication method. Can statistic accounting report and print accounting report. Can show performance vividly and monitor the load situation remotely. Designed for telecommunication, it's very stable, strong error tolerance ability, fast response ability. Performance test tool is free of charge. Can be customized for custom's requirements. WinRadius standard version is free of charge, you can use and deliver freely
1.3 RFCs supported
RFC 2138, RFC 2139, RFC 2865, RFC 2866, RFC 2867, RFC 2868, RFC 2869
1.4 Advantages
Lower purchase cost: WinRadius can be run on PC or server. No special hardware needed. At the same time, WinRadius is the cheapest in the world. Lower running cost.: Save your money for training by using Windows OS; WinRadius' simple interface can reduce your trouble while you operate it. More safe than ever: All communications are ciphered with key, so WinRadius is safe; Source code available with some conditions, So no back door can exist. Smaller than any other rivals: Small means fast, small means cheap, small means easy to understand, small means easy to manage.
www.Itconsult2000.com
1.5 Honors
2. Installation
Launch WinRadius. Click "Configure ODBC automatically" button at "Settings/Database...". Restart WinRadius. Now, all settings of WinRadius are OK. Add some users to WinRadius by clicking "+" toolbar button. Configure your NAS to WinRadius. That's all. If these users access to NAS, authentication and accounting information will be logged into WinRadius and be saved to database. Now, you can use RadiusTest to test your WinRadius, please recheck the Radius IP, port and user name. (RadiusTest's secret is the default secret, and the user's password is: "password"). Good luck with you.
3. General NAS configuration
Configuration variances are: primary_port <port_number> primary_secret <"secret_string"> primary_server [IP_address or host_name] retransmissions <number> secondary_port <port_number> secondary_secret <"secret string"> secondary_server [IP_address or host_name] timeout [number_seconds]
4. User Information
Username: Please input the username, PIN or calling-number here. Password: Please input the password here. Group: Please input billing group name here, this field is useful for billing with different rate by the group. You can let it be blank if no different rate applied. Address: Please input calling-number, MAC address, IP address to assign or From-NAS-IP here. You can let it be blank if no rule about address applied. Cash: Please input prepaid cash here if this is a prepaid user. Otherwise, let it be blank. Expiry: Please input expiry date here. Otherwise, let it be blank. Others: Please let it be blank. This field will be used in the future.
5. Database configuration 5.1 MS Access
The default database is MS Access. WinRadius can configure it automatically. For some Windows platform, it may generate an error some like Cannot open database, It may not be a database that your application recognizes, or the file may be corrupt." Or ODBC Microsoft Access Driver Login Failed". Its because the databases version is not compactable with your ODBC driver.
2
www.Itconsult2000.com
What you shall do is Please not use the default database, but try to create a new empty database for WinRadius. What you shall do is:
1) Create a new empty database and give it an ODBC name; 2) Configure the ODBC name at the menu of "Settings/database" of WinRadius; 3) Restart WinRadius and follow the guide of WinRadius says. 4) That's all. 5.2 SQL Server
Prepare an empty database of your database, such as SQL server, Oracle, etc. Go to "Control panel/ODBC", add a data source to this empty database. Making sure you having enough rights. Launch WinRadius as server; set the ODBC name to the data source name at "Settings/Database...". Click "Advanced/Create Radius Table" to create radius tables. Restart WinRadius as server. That's all.
5.3 Oracle
Prepare an empty database of your database, such as SQL server, Oracle, etc. Go to "Control panel/ODBC"; add a data source to this empty database. Making sure you having enough rights. Launch WinRadius as server; set the ODBC name to the data source name at "Settings/Database...". Click "Advanced/Create Radius Table" to create radius tables. Restart WinRadius as server. That's all.
5.4 MySql
First, please make sure that you are using mySql ODBC driver v3.51 or later, and add your mySql database as an ODBC data source whose name must be the same as the one of "Settings/Database...". Then, Please use "Advanced/Create Radius tables" to create RADIUS tables. Please choose "This database supports forwardOnly" at "Settings/Database..." and restart WinRadius. Restart WinRadius. That's all.
5.5 Database operation
If you modify the user table of the database directly, please click Advanced/Refresh User Information to apply those changes.
6. Wideband configuration 6.1 General
Please check "Response message includes 'Framed-IP-Address'" at "Settings/Authentication/Basic...". Enable your NAS to support DHCP. Please configure the DNS, Gateway at your NAS or clients.
6.2 Assign an IP address
Please set the IP address, such as 192.168.0.123, at "address" field when you insert new users.
www.Itconsult2000.com
Please check "Response message includes 'Framed-IP-Address'" at "Settings/Authentication/Basic...". Please check "Use 'address' field as 'Framed-IP-Address'" at "Settings/Authentication/Security...".
6.3 Bind to MAC address
Fill the telephone number or MAC address to "Address" field of the user when you add users. Check "'Calling number' must be ..." at "Settings/Auth.../Security". If you want bind a user to more than one telephone number or MAC address, you can input "number1, number2, ..." to "Address" field of the user when you add users.
6.4 Bind to a NAS address
Fill the IP address of the NAS to "Address" field of the user when you add users. Check "From-NAS-IP must be ..." at "Settings/Auth.../Security".
6.5 Configure QoS
You can configure the users' band-width by setting "Class" attribute at "Settings/Authentication...". For example, "00655360001310720065536000131072" means Input-Peak-Rate=640K(00655360), Input-Average-Rate=128K(00131072), Output-PeakRate=640K(00655360), Output-Average-Rate=128K(00131072). If it's no use for you, please just let it be blank
7. VoIP configuration 7.1 Cisco
Router# show running-config Building configuration... Current configuration: ! ! Last configuration change at 08:41:12 PST Mon Jan 10 2000 by lab ! version 12.1 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname GW ! logging buffered 100000 debugging aaa new-model aaa authentication login default local group radius aaa authentication login h323 group radius aaa authentication login con none aaa authorization exec h323 group radius aaa accounting connection h323 start-stop group radius ! username lab password xxx username 111119 password xxx ! ! ! controller T1 3 ! gw-accounting h323 vsa ! interface FastEthernet0 ip address 16.0.0.2 255.xxx.255.0
4
www.Itconsult2000.com
no ip directed-broadcast duplex full speed 10 no cdp enable ! ip classless ip route 0.0.0.0 0.0.0.0 1.14.xxx.5 ip route 192.14.xxx.32 255.255.xxx.240 16.0.0.1 no ip http server ! ! radius-server host 1.14.132.2 auth-port 1812 acct-port 1813 radius-server key WinRadius radius-server vsa send accounting radius-server vsa send authentication ! end
7.2 Quintum
Please check "Use Access-Accept as Account-Request start record" at "settings/Authentication.../VoIP". Then Access CLI of Quintum. 1. Access the config radius# prompt. 2. Type host p, followed by the IP address for the primary RADIUS server (i.e., host p 208.22.234.34). The p indicates the primary RADIUS server. 3. Type host s, followed by the IP address for the secondary RADIUS server (i.e., host s 208.22.234.32). The s indicates the secondary RADIUS server. 4. Type sharedsecret (sharedsecret is similar to password), followed by the RADIUS key (up to 64 characters) (i.e., sharedsecret 454AJU). 5. Ensure accountingtype is configured. If this field shall not set to 0, otherwise no stop accounting messages will be sent.
7.3 OpenH323 / gnuGK
Please choose "Billing on first leg" at "settings/Authentication.../VoIP". Please add the following lines to gnugk.conf. [RadAuth] Servers=192.168.3.2:1812; SharedSecret=WinRadius AppendCiscoAttributes=1 [RadAcct] Servers=192.168.3.2:1813; SharedSecret=WinRadius AppendCiscoAttributes=1
7.4 Saving CDRs to database
Just go to "Settings/Logs" and enable Save VoIP logs to database. Thus, WinRadius will save h323 (VoIP) CDRs to database.
7.5 Others
Please choose suitable legs at "Settings/Authentication.../VoIP" because different VoIP NAS may send different legs to Radius server. For example, you can always choose the first leg. For many kinds of NAS, you may need to enable "Called-Station-Id is in the start record" at "Settings/Authentication.../Security".
5
www.Itconsult2000.com
8. WLAN configuration 8.1 Client
Just go to Windows XP's configuration dialog box of the WLAN connection, and then enable IEEE 802.1x and choose MD5-Challenge as EAP type. Thus WinRadius will use 802.1x to authenticate the WLAN users.
8.2 NAS
Please enable "Response message includes 'Framed-IP-Address'" at "Settings/Authentication/Basic...", and enable your Access Point to support DHCP. Please configure the DNS, Gateway at your Access Point or clients.
9. Accountings 9.1 Prepaid users
Please choose the bill type as prepaid users when adding a new user. Please fill prepaid cash to the cash field when adding a new user.
9.2 Postpaid users
Please choose the bill type as prepaid users when adding a new user. The cash field will not be used.
9.3 Special Rate Table
You can add many billing rates to WinRadius at "Settings/Accountings.../Based on Time". For example, 001=30/60 means that the calls to USA/Canada (001) will be charged at 30 cent per 60 seconds; sales->001=30/60 means that the billing rate 001=30/60 will only be applied for the users of sales group. Here, empty called number means all called number, for example, sales->=30/60 means all calls will be charged at 30 cent per 60 seconds for the users of sales group.
9.4 Discounts Table
You can add discount rates to WinRadius at "Settings/Accountings.../Discount by Timeslot". For example, 08:00-08:30=20% means the users will save 20% fee.
9.5 Configure 30+6 or 60+6
You can configure 30+6 or 60+6 billing method at Settings/ Accountings.../Others". For example, you want to charge the customer $50 for the first 60 seconds while the standard fee is $10 for 6 seconds, thus you shall configure the rule as The first 60 sec. will be charged as 30 sec. because the first $50 is equal to 30 seconds of standard fee.
10. Others
Can restore the origin configuration by delete 'WinRadius.config'. If you changed configuration, please restart WinRadius to make it active. All backup information of database is saved in 'WinRadius.backup' file. Null password of a user means all passwords are acceptable. WinRadius server's interface can be minimized as an icon of task bar; you can also restore it by click the icon. If your database shutdown while your WinRadius is running, never mind, WinRadius server will automatic backup all information. What you need do is only do "recovery" operation when your database is OK.