For Schools using the RADIUS networking protocol, your Linewize appliance can serve as your RADIUS Accounting Server.
Figure 1. - RADIUS Accounting data to School Manager
In this configuration, your school's RADIUS server sends RADIUS Accounting messages to the Linewize appliance using a shared secret key for security purposes. This uses the standard UDP port 1813 for RADIUS Accounting.
Your appliance needs to send the Framed-IP-Address and a User-Name that matches what is synced within School Manager. These are typically Active Directory usernames, but can also be Microsoft Entra ID or Google Workspace usernames, depending on your school’s authentication configuration.
The Linewize appliance does not validate users via a password for RADIUS. The Linewize appliance also expects a school’s RADIUS server to complete authentication and authorization, before passing accounting to the Linewize appliance.
Note
Schools using RUCKUS Cloudpath for RADIUS authentication can still use Linewize by adding School Manager as a second Accounting endpoint in your RUCKUS dashboard.
School Manager RADIUS Requirements
Your third-party appliance must:
- Support RADIUS Accounting
- Send the user’s IP address as a Framed-IP-Address
- Send the user’s login name as a User-Name (must contain the client’s username that matches a user in School Manager)
- Support shared secret
School Manager RADIUS Configuration
To configure RADIUS in School Manager, follow these steps:
- Sign in to School Manager.
- Go to Configuration > Authentication > RADIUS
- Select the Enabled checkbox.
- Enter the Shared Secret (must match with the network access appliance)
- (Optional) Enter an IP address Forward. This may be required to forward Accounting messages from the School Manager to another network appliance.
- (Optional) Select the Exclude criteria drop-down and select User or Group.
Search the Users or Groups box to exclude a user or group. - Select Save.
Forwarding RADIUS accounting data to School Manager
Refer to your hardware vendor’s instructions for forwarding RADIUS Accounting messages.
- Windows Network Policy Server (NPS) - Plan NPS as a RADIUS proxy
- Aruba Clearpass - Setting Up RADIUS Authentication, Authorization, and Accounting
- Extreme Networks - Product Documentation
- PacketFence - Support Documentation
- Meraki - Configuring RADIUS Authentication with WPA2-Enterprise
- UniFi - Help Center
Troubleshooting RADIUS Forwarding
Check Network Firewall Rules
Confirm no firewall rules exist that block RADIUS traffic to School Manager. Some network providers block RADIUS traffic by default.
Test RADIUS Server Configuration using NTRadPing
You can test the RADIUS Server configuration by using the NTRadPing tool. Download Link
RADIUS Server Configuration Failed using NTRadPing
If the RADIUS server configuration fails, ensure the Framed-IP-Address and User-Name attributes are sent to the Linewize appliance. Some third-party appliances send different attributes. If your device is sending different attributes or you can’t find the source of the failure, please contact Linewize Support.
Test RADIUS Server Configuration using School Manager and Wireshark
You can test your RADIUS Server configuration by using School Manager and Wireshark.
- Run a packet capture in School Manager on the management bridge and filter it by port 1813
- Open the .pcap file using Wireshark and:
- check the Framed-IP-Address and User-Name attributes are being sent to the Linewize appliance, and
- cross-check with authentication events in School Manager to ensure they match up.
If you are not capturing any packets, check that you are capturing them on the correct interface and that packets are being forwarded to that interface.
Comments
0 commentsPlease sign in to leave a comment.