Skip to main content

Quite simple, really :-)

The fine folks at OSC have provided us with a WiKID specific configuration file for their Radius server. The testing was prompted by a user that wanted to be able to convert TACACS+ requests into Radius requests. Radiator can do this and to my knowledge, it is the only radius server that can.

Because both servers speak Radius, it is quite simple to add WiKID to Radiator for two-factor authentication.  Create a network client on the WiKID server for the Radiator and then use the file below to add a realm for the WiKID Strong Authentication Server.

You can download the file wikid.cfg here.

                                                        # wikid.cfg
#
# This is an example config file that shows how to proxy
# a realm to a WiKID 2 Factor authentication server.
#
# WiKID is 2 Factor authentication system from WiKID Systems
# (http://www.wikidsystems.com/). The WiKID Strong Authentication System is a
# patented dual-source, software-based two-factor authentication system
# designed to be less expensive and more extensible than hardware tokens.
# It is available with both soft- and hardware tokens.
#
# The WiKID Enterprise Server includes an optional RADIUS server. In this
# example, We show how to proxy just one realm to WiKID, demonstrating how to
# provide WiKID Strong Authentication for a subset of your user population.
# All requests in the form 'username@wikid.realm' will have the realm stripped and sent
# to the WiKID Server (which requires that the realm not be present in the
# request sent to it)
#
# All other request are handled locally, showing how it is possible to migrate users
# gradually from one authentication system to WiKID.
#
# Author: Mike McCauley (mikem@open.com.au)
# Copyright (C) 2010 Open System Consultants
# $Id: wikid.cfg,v 1.2 2010/02/18 02:15:10 mikem Exp $

# Set this to the directory where your logfile and details file are to go
LogDir .

# Set this to the database directory. It should contain these files:
# users The user database
# dictionary The dictionary for your NAS
DbDir .
Foreground
LogStdout
Trace 4

# Add a Client clause for each RADIUS client. This DEFAULT is useful for testing
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>

<Realm wikid.realm>
# WiKID needs the realm stripped:
RewriteUsername s/^([^@]+).*/$1/
<AuthBy RADIUS>
# Host name or IP address of the WiKID Enterprise Server:
Host 172.16.136.134
# THe secret must match waht you enter in the 'Network Client'
# configuration in the WiKID Server
Secret mysecret
# These are the default RADIUS port number for WiKID:
AuthPort 1812
AcctPort 1813
</AuthBy>
</Realm>

# This clause handles all other realms locally from a file, but it could be from a
# legacy token system etc.
<Realm DEFAULT>
<AuthBy FILE>
# The filename defaults to %D/users
</AuthBy>
</Realm>

 

 



 

Copyright © WiKID Systems, Inc. 2024 | Two-factor Authentication