auth_radius
The `auth_radius` directive configures HTTP authentication via the RADIUS protocol for a specified location.
Description
The auth_radius directive activates the RADIUS authentication mechanism for a specified location in your NGINX configuration. When a request hits this location, the server will prompt the user for credentials, then send these credentials to the defined RADIUS server for verification. This interaction is based on the RADIUS protocol, which is widely used for providing centralized Authentication, Authorization, and Accounting (AAA) services.
This directive requires one argument: the authentication realm, which is a string that identifies the scope of protection for the resources being accessed. The realm helps the RADIUS server determine how to process the authentication request. Optionally, you can turn off the authentication by setting the argument to "off". In the event of network issues, you can also specify parameters within the associated radius_server directives, such as connection timeouts and retry counts, to control the behavior of the authentication process.
The directive is typically used in conjunction with other related RADIUS settings to fully configure the authentication flow and ensure a secure interaction with the RADIUS server. It is particularly useful in environments where centralized user authentication is necessary for accessing protected resources or applications.
Config Example
location /protected {
auth_radius "My Protected Area";
radius_servers "radius_server_1";
}Ensure that the RADIUS server is properly configured and reachable before enabling this directive, or authentication will fail.
The realm string must be correctly defined to avoid confusion in user prompts for authentication.
If using multiple radius_server directives, make sure to define them before referencing them in radius_servers.