This is version 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Enterprise Licenses Only#

The Radius plugin lets you validate authentication against a Radius server. This plugin is only enabled for Enterprise users. You can set the authentication type to use, the host information, and port information for the authentication process.
The RADIUS protocol itself and related terms are well documented (external link), outside the purpose of this wiki.

With the RADIUS plugin enabled the CrushFTP Server acts as the Network Access Server(NAS) in a RADIUS infrastructure, with HTTPS, SFTP, FTP, etc. endpoints on the front, passing authentication through to a RADIUS server backend by means of the plugin.
In the upper part of the config panel the Connection Parameters are set:

Authenticator Type

dropdown selector to choose the RADIUS authentication type (PAP, CHAP, etc.)

Server Item

dropdown list selector allows binding the plugin to specific server items (FTP, SFTP, etc)

Server Host and Port

the RADIUS server IP and Authentication port (IANA default 1812)

NAS IP

sets the NAS-IP-Address RADIUS attribute. If left empty, the local private address of the server is used.

NAS Port

sets the NAS-Port RADIUS attribute\

Retries

sets the number of retries in case of failing to connect to the specified RADIUS server.

Timeout (s)

sets the connection timeout for the connection to the RADIUS server.

Shared Secret

the RADIUS shared secret. The term is usually same for all RADIUS implementations.

IMPORTANT: The NAS-Port-Type attribute is hard coded to "Ethernet".
#

The mid section of the plugin panel allows setting the user directory (home directory) access options. Some form of directory access must be configured, otherwise the plugin will deny access even if the credentials validate successfully.

Username to use as template (except directory access)

the plugin-wide inheritance template user name. Usually "default". Various user customizations can be inherited from. In the chain of user inheritance, it has lowest prevalence.

Radius only used for Authentication (User manager then defines user's access.)

per user template mode or local home directory mode. When the checkbox is set, will need to create for each RADIUS user a matching user name un User Manager (local per user template account). VFS directory access arious user customizations can be inherited from.In the chain of inheritance, the local template has highest prevalence.

When the checkbox is un-set, the various home directory settings are revealed. The plugin will grant individual home directories automatically at login time.

Home folder location

the common root directory path for all automatic RADIUS user directories.

Directory Permissions

set of virtual permission flags.

Use local folder if HomeDirectory not found?

long standing GUI bug, ignored

Append username to path?

toggles the use of the user name as the user directory name. When off, all users will access the common root path under Home folder location

Create folder with username

toggles creation of the per user home directory automatically. When off, it needs to be created manually or the plugin denies login to all users who don't have a home directory already.

Create additional subfolders in home directory

allows creation of a set of subdirectories, with various permissions, under each user's own working(home) directory.

Advanced

can set up PGP file cryptography and CrushSync here.

The end section allows mapping of user groups