Adding New Users

Adding new users may prove to be a complex process as it requires to associate the user with existing group/profile, specifying specific attributes (such as dedicated IP allocation) and filling-in general User Information or Billing Information for the user.

With that said, adding users may also be a very immediate and easy process depending on your management requirements and business type. (For quickly adding new users to the system consult see Adding New Users – Quick add)

Image: Adding a new user (the comprehensive version)

User Types

In the New User page we firstly notice that the main tab Account Info is split to 3 possible option for user types:

Username Authentication – this user type is the most common. The user is setup with a username and a password to authenticate in the system and as such may require to enter them in an

authentication process (such as a captive portal login screen or a dial-up vpn window).

A convenient option to randomly generate a username and password are present, though this doesn't check with the database for an existing user with the same username so the randomly generated username may already exist and the process may fail, requiring you to choose a different username.

An advanced option to define the user's password type is also available. This is mostly relevant to RADIUS power-users and is related to how FreeRADIUS should interpret the passwod. Most commonly the user will have a password in clear text (not encrypted) hence the correct password type is

Cleartext-Password starting from FreeRADIUS v1.1.7 and is strictly what is required in FreeRADIUS v2. For older versions of FreeRADIUS, there is the User-Password entry. For crypted password types

daloRADIUS User Guide Page 27/243 http://freeradius.org/radiusd/man/rlm_pap.txt

Lastly, it is possible to associate a user to a group of attributes (in daloRADIUS mostly refer to groups as profiles) which saves a lot of work when managing users in the future. To associate the user with more than one group of attributes simply click the right-handed Add link which will result in another select box with group options. To remove each of those click the Del link next to each.

MAC Address Authentication – It is possible to authenticate users or more accurately – devices, based on their MAC address. This is most commonly used for automatically signing-in permanent users or devices such as smart-phone by avoiding the hassle of creating a login process for them.

On the technical side, to explain how devices/users are authenticated without a password – If a MAC Address Authentication type is toggled, daloRADIUS creates an Auth-Type Accept attribute record for the user. When the RADIUS server looks up the MAC address and finds this entry it accepts the user without requiring the NAS to provide username/password records. The NAS then gets an Access-Accept response and signs the user/device in resulting in a seemingly transparent login process for the user.

PIN Code Authentication – Much like MAC Address Authentication, PIN Code Authentication provides the possibility of transparently signing in a user based on a PIN code which is mostly a randomly generated string array of characters (alpha numeric or otherwise).

Additional User Information

When managing users (adding or editing) it is possible to provide additional general information related to the user being created, such as contact information and general notes. Moreover, this tab of user information also manage the option for enabling and controlling the user portal for this user.

Image: Managing User Information

daloRADIUS User Guide Page 29/243

After filling-in the user information tab, it's possible to copy some relevant information to the User Billing Information tab by simply toggling the 'Copy contact information' checkbox.

Enabling the user account to access the Users Portal (see Users Portal) – simply toggle the 'Enable User Portal Login' checkbox and fill in the password to assign to the user. It is possible to restrict the user from updating his own contact information or other parameters by not toggling the 'Enable User Update', or toggle it otherwise.

Additional User Billing Information

Much like the User Information, this tab allows managing information related to the users Billing account.

Image: Managing User Billing Information

daloRADIUS User Guide Page 31/243 Attributes

Setting up attributes for a user should not be a foreign task to RADIUS power-users and we will describe it's process now for everyone else as well.

As mentioned previously, the process of adding a new user might require 'advance' capabilities such as associating a user with specific attributes. This is what the attribute tab is for.

Adding an attribute can be performed in 2 ways:

1. Specifying manually the attribute name by typing it in the auto-complete Custom Attribute text field.

Image: Managing User Attributes – Showing how the auto-complete works

2. Using the Vendor and Attribute select box to locate the attribute you need. This is helpful if you already know the vendor name for the attribute you are looking after.

Image: Managing User Attributes

After typing the attribute as described in option 1 or finding the attribute you are looking for as described in option 2, click the Add Attribute button in the relevant place and you will see the attribute box.

2

The opened up attribute box in the image below is showing how the user used option 2 as described above to find the attribute from the Vendor select box and then choose the attribute that was looked for. Then clicking the Add Attribute button opened up the attribute configuration box which upon being added it also loaded up default options for that attribute which were already present in the database such as the Operator (Op) and the target table (Target).

Image: Managing User Attributes – The attribute configuration box opened

At this point the attribute was chosen and the attribute configuration box opened up.

Next is required to enter the attribute's value in the text field and tweak if required the Op or Target options. If Op and Target loaded up automatically with options then this is most commonly the best option for this attribute. If you are otherwise certain that a different configuration for them is required feel free to change, though defaults for these are in most cases exactly what you need.

You may have noticed the existence of another select box in this image showing "Select… " text.

This is the select box for the possible existing helpers. Meaning, some attributes have default pre-defined values, such as the Auth-Type attribute. It's values can be either Accept, Reject or a few other options. That is, unlike an attribute like Framed-IP-Address which it's value can be any valid IP address there is and obviously no helper function for that will exist.

To summarize, the process of adding an attribute (or more) for a user requires to locate the attribute and then click the Add Attribute button. This doesn't yet sets up the attribute but only opens up the attribute configuration box to setup the attribute's value and it's other parameters (Op and Target).

It is possible to further add attributes which are required in this page or rather to remove them.

After finishing with the attributes setup, if this was your final step you can click the Apply button on the 4

daloRADIUS User Guide Page 33/243

The image below shows an example of adding up 2 attributes to configure for the user as well as the use of the Info button which opens up the attribute's description and type to provide you with more

information for configuring the attribute.

Image: Managing User Attributes – The attribute configuration box showing attribute information

1