[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[Radius] I tried verifying Radius authentication (radtest) via Global.

2020.05.27

Server construction/operation

Hello, this is Nagatani from the System Development Department.
This time, we will introduce the steps to verify Radius authentication globally using the radtest command.

To be honest, the method itself is relatively easy to do without any particular twist, but when I searched on the internet, I basically only found methods for local verification...

Also, it is almost impossible for Radius authentication to be completed locally, and I wanted to perform verification in a form that is close to actual operation, so I decided to introduce it this time.

What to prepare

Local server with FreeRadius installed
AWS server with FreeRadius and DaloRadius installed

1 is a server just for being able to use the radtest command.
To use the radtest command, you must have FreeRadius installed.

2 is a Radius server for performing global verification from the local server built in 1.
Since we want to create a Radius account, let's install DaloRadius, which allows account management.

This time we are building a server on AWS, but you can use other platforms as well, so feel free to use whatever you like. Basically the method is the same.

Visually, 1 is the Radius client and 2 is the Radius server.

Building a local server with FreeRadius installed

is clearly written on
this site Also, since the purpose of this time is to be able to use the radtest command, there is no need to configure the client or user.

Building an AWS server with FreeRadius and DaloRadius installed

Launch an EC2 instance on AWS and install FreeRadius and DaloRadius.
this site for easy-to-understand instructions on how to install DaloRadius.

Register a RADIUS account

Create a Radius account to verify Radius authentication on the AWS server built above.

Log in to the DaloRadius management screen

Access and log in to the installed DaloRadius.

If you are not playing with anything in particular, you can log in with Username:administrator, Password:radius.

Create an account

1. Select Management ⇒ New User

↓

2. Enter your username and password in Username Authentication and click Apply.

You have now created an account. This time I created it with testuser and testpassword.
You can also check the created account in List Users.

↓

Change Client settings to allow authentication from global IP

This time, in order to authenticate from the global client, add the following settings to clients.conf.

client all { ipaddr = 0.0.0.0/0 secret = testing123 }

0.0.0.0/0 allows authentication from all IPs.
Let's set the secret key to testing123 this time.
Now restart Radius and you're done.

Perform Radius authentication from local server to AWS server

Now that the preparations are complete, let's actually perform Radius authentication from the local to the AWS server.
Run the following radtest command on the local server.

$ radtest testuser testpassword {AWS server IP} 1812 testing123

In terms of composition,

radtest {username} {password} {AWS server IP} 1812 {secret key}

It will look like this.

If successful, Access-Accept will be returned as shown below.

Sent Access-Request Id 43 from 0.0.0.0:48774 to {AWS server IP}:1812 length 78 User-Name = "testuser" User-Password = "testpassword" NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Message-Authenticator = 0x00 Cleartext-Password = "testpassword"

Radius authentication via global is now successful.

If Radius authentication fails

If you run the above radtest but there is no response and it times out as shown below,

(0) No reply from server for ID 43 socket 3

Access may be restricted to port 1812 on the AWS server side.

Let's edit the inbound rule and add UDP for port 1812.

summary

What did you think?
Well, I don't think it was that difficult since it's basically the same as what we normally do locally.
However, this method was surprisingly not listed, so I would like to introduce it here.

I hope this can be of some help.

lastly

I have opened the system development service site "SEKARAKU Lab" to which I belong.
Beyond is a one-stop service for everything from server design and construction to operation, so if you have any trouble with server-side development, please feel free to contact us.
SEKARAKU Lab: [https://sekarakulab.beyondjapan.com/](https://sekarakulab.beyondjapan.com/)

Well, that's it.
thank you very much!

If you found this article helpful , please give it a like!

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[Osaka/Yokohama] Actively recruiting infrastructure engineers and server side engineers!

The person who wrote this article

About the author

Tatsuya Hase

Joined Beyond Co., Ltd. as a new graduate.

We develop web systems (development of services and systems that run on browsers, such as web services, digital content, and business management systems) and game APIs (development of programs that communicate with application games).

We also develop private/custom apps for Shopify.

Originally worked at the Osaka office, but transferred to the Yokohama office in 2019.
His hobbies are baseball/karaoke/anime

[In-house LT competition] Why is remote work difficult? 6 Persian Cat Solutions [Coronavirus Countermeasures] How to communicate internally during telework