Configuration of DiamEAP

DiamEAP is an extension of freeDiameter to support the Extensible Authentication Protocol (EAP) within Diameter Protocol.

Before you start

Before start installing and configuring DiamEAP, you should install and configure freeDiameter (refer to freeDiameter documentation for more details on how to install and configure it and its extensions) and enable the two dictionaries: dict_eap (dictionary objects defined in RFC 4072 Diameter EAP Application) and dict_nasreq (dictionary objects defined in RFC 4005  Diameter Network Access Server application).

Some packages are required to compile DiamEAP from source.
If you are installing DiamEAP on Debian or Ubuntu system install the following packages:
flex bison libgnutls-dev libgcrypt-dev libmysqlclient-dev

Step1: Download DiamEAP

DiamEAP can be downloaded separately from the download page or from freeDiameter repository (using mercurial).

  • From DiamEAP download page:

Before downloading DiamEAP, navigate to the extensions directory of your freeDiameter installation. Then creates a new folder 'app_diameap' for DiamEAP extension.

Downloads DiamEAP using a download utility. For example using wget download utility, the command is:

# wget http://diameap.yagami.freediameter.net/download.php?file=diameap&ver=x.x.x
  • From freeDiameter repository:

Typically, if you get freeDiameter using mercurial, DiamEAP should exist with it under the 'extensions' folder at 'app_diameap'. If you can not find the 'app_diameap' folder upadate your freeDiameter to the last version, the command is:

$ hg pull -u

Step2: Create User's information Database

The current version of DiamEAP supports only a MySQL Database for storing user's information. Flat file Database and LDAP Database are under development and will be integrated in future releases.

Create database and user using MySQL commands or your preferred tool.

For information on installing and Configuring MySQL see http://www.mysql.com

In the following example, 'diameap_ui' is the name of the new database and 'username' and 'password' are the credentials of the user who will create the database for DiamEAP.

Create a new MySQL database for DiamEAP.

mysql> CREATE DATABASE diameap_ui;

 

Create tables using the sql script in the file INSTALL.mysql.txt:

$ mysql diameap_ui -u username -p password < INSTALL.mysql.txt

or you can execute the sql script from mysql prompt:

mysql> USE diameap_ui;

mysql> source INSTALL.mysql.txt

mysql> \. INSTALL.mysql.txt

Step3: Configure DiamEAP

DiamEAP requires a configuration file to start the DiamEAP server. If you downloaded DiamEAP separately you will find a sample configuration file 'diameap.conf.sample' in extensions/app_diameap or in doc folder if you get DiamEAP with freediameter. the file 'diameap.conf.sample' contains a description of all parameters that can be added to the DiamEAP configuration file. It is advised to start by a copy of the sample file, and customize the configuration to fit your needs.

  • MySQL Database settings

Specify connection parameters for DiamEAP MySQL database:
- username and password to connect to the MySQL Server
- databaseserver : the MySQL server location. It can be the IP address or the host name where MySQL server is located. 'localhost' can be used as the location if the server is locatd in the same host than DiamEAP.
- database_name : the created database for DiamEAP.
Syntax :

DiamEAP_MySQL = "<username>" , "<password>" , "<databaseserver>" , "<database_name>";
  • Load EAP Plugins

An EAP Method Plugins are implementation of EAP methods. These EAP methods became available in DiamEAP only if their EAP Method Plugins are added in DiamEAP configuration to be loaded at the startup. An EAP method is identified by its EAP method name, type, vendor and path to its EAP Method Plugin. Optionally, path to a configuration file of plugin can also be provided. location of plugins and their configuration files can be provided by the absolute pathor the relative path from the location configured in cmake.
Syntax :

Load_plugin = "<EAP method name>":EAP_TYPE:VENDOR:"<Path to EAP Method Plugin>":"<Path to configuration file>";
  • Authorization

In addition to authentication DiamEAP can be configured to check authorization of authenticated users. If set to 0 authorization is disabled, otherwise enabled.( by default disabled).

  • Multi round Timeout

This parameter specify the maximum number of seconds provided to the access device for responding to an EAP request. (by default set to 30 seconds)

  • Invalid EAP Packets

After receivin a number of invalid EAP packets, DiamEAP reject the authentication by responding with Failure Authentication. The default value of maximum number of invalid EAP packets is set to 5 packets. This maximum number can be modified by adding a new value.

For configuring DiamEAP plugins see the documentation pages.

Step4: Add DiamEAP to freeDiameter configuration

Edit the configuration file of freeDiameter. Then add a new entry to load the DiamEAP extension:

LoadExtension = "extensions/app_diameap.fdx":"doc/app_diameap.conf";

Step5: Add DiamEAP extension to freeDiameter

Browse to the extensions folder of freeDiameter. Then modify the CMakeLists.txt in order to add DiamEAP extension to be compiled. Add the following lines if they don't exist:

	OPTION(BUILD_APP_DIAMEAP "Build app_diameap? (Diameter EAP Application RFC4072)" ON)
    IF (BUILD_APP_DIAMEAP)
        SUBDIRS(app_diameap)
    ENDIF (BUILD_APP_DIAMEAP)

Step6: Enable DiamEAP extension

All extensions are not built by default in freeDiameter. DiamEAP extension need to be enabled in order to be started with freeDiameter. Therefore, enable BUILD_DIAMEAP in cmake (see freeDiameter documentation for more details).