Forwarding RADIUS accounting data to School Manager

This article is intended for IT support. 

For Schools using the RADIUS networking protocol, your Linewize appliance can serve as your RADIUS Accounting Server.

Figure 1. - RADIUS Accounting data to School Manager

In this configuration, your school's RADIUS server sends RADIUS Accounting messages to the Linewize appliance using a shared secret key for security purposes. This uses the standard UDP port 1813 for RADIUS Accounting.

Your appliance needs to send the Framed-IP-Address and a User-Name that matches what is synced within School Manager. These are typically Active Directory usernames, but can also be Microsoft Azure or Google Workspace usernames, depending on your school’s authentication configuration.

The Linewize appliance does not validate users via a password for RADIUS. The Linewize appliance also expects a school’s RADIUS server to complete authentication and authorization, before passing accounting to the Linewize appliance.

Note

Schools using RUCKUS Cloudpath for RADIUS authentication can still use Linewize by adding School Manager as a second Accounting endpoint in your RUCKUS dashboard.

 

School Manager RADIUS Requirements

Your third-party appliance must:

  • Support RADIUS Accounting
  • Send the user’s IP address as a Framed-IP-Address
  • Send the user’s login name as a User-Name (must contain the client’s username that matches a user in School Manager)
  • Support shared secret

 

School Manager RADIUS Configuration

To configure RADIUS in School Manager, follow these steps:

  1. Sign in to School Manager.
  2. Go to Configuration > Authentication > RADIUS
  3. Select the Enabled checkbox.
  4. Enter the Shared Secret (must match with the network access appliance)
  5. (Optional) Enter an IP address Forward. This may be required to forward Accounting messages from the School Manager to another network appliance.
  6. (Optional) Select the Exclude criteria drop-down and select User or Group.
    Search the Users or Groups box to exclude a user or group.
  7. Select Save.

 

Forwarding RADIUS accounting data to School Manager

Refer to your hardware vendor’s instructions for forwarding RADIUS Accounting messages.

 

Troubleshooting RADIUS Forwarding

Check Network Firewall Rules

Confirm no firewall rules exist that block RADIUS traffic to School Manager. Some network providers block RADIUS traffic by default.

 

Test RADIUS Server Configuration using NTRadPing

You can test the RADIUS Server configuration by using the NTRadPing tool. Download Link

RADIUS Server Configuration Failed using NTRadPing

If the RADIUS server configuration fails, ensure the Framed-IP-Address and User-Name attributes are sent to the Linewize appliance. Some third-party appliances send different attributes. If your device is sending different attributes or you can’t find the source of the failure, please contact Linewize Support.

 

Test RADIUS Server Configuration using School Manager and Wireshark

You can test your RADIUS Server configuration by using School Manager and Wireshark.

  1. Run a packet capture in School Manager and filter it by port 1813.
  2. Open the .pcap file using Wireshark and:
    1. check the Framed-IP-Address and User-Name attributes are being sent to the Linewize appliance, and
    2. cross-check with authentication events in School Manager to ensure they match up.

If you are not capturing any packets, check that you are capturing them on the correct interface and that packets are being forwarded to that interface.

Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.