You are on page 1of 85

Coova Technologies, llc

CoovaRADIUS Server

www.coova.com

October 27, 2010


c Coova Technologies, LLC
Copyright
All rights reserved.

CoovaRADIUS Server
Contents
1 Installing CoovaRAIUS Server
1.1

General Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.1.1

Server Setup Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.1.2

Install License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.1.3

Starting and Stopping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1.1.4

Change Admin Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10

1.2

Installation on Ubuntu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

11

1.3

Installation on MacOS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

12

1.4

Installation on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14

1.5

VMWare & LiveCD (openSUSE) Appliance Setup . . . . . . . . . . . . . . . . . . . . . . .

16

1.6

Using with MySQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18

1.7

Using with BIRT Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

19

2 Administration Web Interfaces

20

2.1

Setup Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20

2.2

Main Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20

2.3

JSON API Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20

3 Embedded Captive Portal

21

3.1

Customizing the Captive Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

21

3.2

An Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

22

3.3

Auto-Login Redirection Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

23

3.4

Adding static content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

23

4 External Captive Portals

24

4.1

Drupal Installation in openSUSE Appliance . . . . . . . . . . . . . . . . . . . . . . . . . .

24

4.2

Installing Drupal Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26

4.3

CoovaRADIUS Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

27

4.4

Example configuration: Members only . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

29

c 2010 Coova Technologies, LLC


Page 1 of 84

CoovaRADIUS Server
4.5

Example configuration: Selling access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

5 Data Model Overview

29
30

5.1

Realms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

30

5.2

Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

31

5.3

Client Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

31

5.3.1

Authorizing Client Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

32

5.3.2

Banning Client Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

32

5.4

Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

32

5.5

Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

32

5.6

Access Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

33

5.7

Access Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

33

5.8

Network User Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

34

5.9

Network Realm Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

34

5.10 Access Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

34

5.11 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

34

5.12 Named Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

34

5.13 X509 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

34

5.14 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

35

6 Testing with JRadiusSimulator

36

6.1

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

36

6.2

Adding RADIUS Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

37

6.3

Running Simulations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

38

6.4

Testing against CoovaRADIUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

39

6.5

Testing EAP-TLS and RadSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

41

6.6

Example Session Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

44

7 Configuring Access Points

49

7.1

CoovaAP 1.x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

49

7.2

CoovaAP 2.x Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

49

c 2010 Coova Technologies, LLC


Page 2 of 84

CoovaRADIUS Server
7.3

Colubris / HP Procurve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

49

7.4

Ubiquiti . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

49

7.5

Open-mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

49

7.6

CoovaChilli . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

49

8 API, GUI, & Web Services

50

8.1

CoovaEWT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

50

8.2

EWT Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

50

8.2.1

Searching Records

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

51

8.2.2

Adding Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

52

8.2.3

Updating Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

52

8.2.4

Deleting Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

52

EWT Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

53

8.3

9 Data Services - API

53

9.1

Naming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

53

9.2

EWT Table Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

53

9.3

Other EWT Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

54

9.3.1

coova-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

54

9.3.2

coova-network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

54

9.4

EWT PHP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

54

9.5

Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

55

10 Google Maps

57

10.1 Configure API Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

57

10.2 Geo Coordinate Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

58

10.3 Administration in Drupal

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

61

10.4 Public Map in Drupal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

63

10.5 Map Info Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

63

11 Licensing

66

11.1 Coova Software License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


c 2010 Coova Technologies, LLC

66

Page 3 of 84

CoovaRADIUS Server
11.2 Third Party Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

75

11.3 Third Party Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

84

c 2010 Coova Technologies, LLC


Page 4 of 84

CoovaRADIUS Server
1

Installing CoovaRAIUS Server

The CoovaRADIUS Server is pure Java and is able to run on any popular operating system. If not listed now,
ask us and we will look into packaging a version for your system. In general, we suggest Ubuntu/Debian or
another popular Linux distribution, which will make installing Apache and Drupal a bit easier.
1.1

General Installation

The CoovaRADIUS Server has been packaged for easy installation onto several different operating systems.
There are some system dependent variations to where files are stored and how the server is started. In general,
you will find the application has a directory containing the Java jar files, a data directory where configuration
files and the embedded Derby database are stored, a launch script or program, and a directory containing
licensing information.

From the License Server, download the distribution for your operating system. Then cut-and-paste the license
key somewhere safe. You will need it during the installation process.

c 2010 Coova Technologies, LLC


Page 5 of 84

CoovaRADIUS Server
1.1.1

Server Setup Web Interface

After installing CoovaRADIUS based on the operating specific instructions for Ubuntu (section 1.2), Mac OS
X (section 1.3), Windows (section 1.4), or VMWare/LiveCD (section 1.5), the setup is the same.
An administrative web interface is available on the localhost port 2080. Use the default administrator
username admin and password admin.
http://localhost:2080/

The first time you start CoovaRADIUS, it may take a few minutes longer as it creates the database. Click the
Refresh button to update the screen.

c 2010 Coova Technologies, LLC


Page 6 of 84

CoovaRADIUS Server
1.1.2

Install License

Click on the License tab and enter in the license you saved from the License Server.

Click on Add License and your changes will be saved. Go back to the Database Setup tab to Stop and
Start the server for the license to take effect.

c 2010 Coova Technologies, LLC


Page 7 of 84

CoovaRADIUS Server
1.1.3

Starting and Stopping

On the main tab in the setup interface, you have the options to Stop the running RADIUS services and to
Shutdown the entire server. When installing a new license key, you want to Stop the RADIUS services. With
the RADIUS service stopped, the database setup form is displayed. With the trial license, the only database
option is the embedded Java Derby database.

Click Start to have the RADIUS services start up. When running, a login form is shown. Use this form to
login to the CoovaRADIUS administrative interface. The default username / password is admin / admin.
After logging into the CoovaRADIUS interface, you can always return to this setup screen simply by reloading
the current page in your browser. This will end the login session and return you to this screen.

c 2010 Coova Technologies, LLC


Page 8 of 84

CoovaRADIUS Server
Once logged in, if you are using a trial license, you will be promoted with a message with a link to where you
can update your license with a purchased license.

To purchased a license, where you can either set your own RADIUS shared secret or have one generated for
you, at:
https://license.coova.net/
The license is valid for the single RADIUS shared secret and on a single production server.

c 2010 Coova Technologies, LLC


Page 9 of 84

CoovaRADIUS Server
1.1.4

Change Admin Password

Be sure to change the admin password. Do this under the Users tab. Select the admin user and click the
Edit button. Edit the user, only changing the password (do not delete this user or give it a Realm).

Click Save when done to commit your changes. Note: You will have to reload your browser at this point
since the password used to access the site has changed.

c 2010 Coova Technologies, LLC


Page 10 of 84

CoovaRADIUS Server
1.2

Installation on Ubuntu

Download the Ubuntu version from the Licensing Server. Save the Debian package to your system and run the
following command:
sudo dpkg -i CoovaRADIUS_1.0.1.deb
The following directories and files are installed by the package:
File or Directory

Description

/etc/init.d/coova-radius
/usr/bin/coova-radius
/usr/bin/radius-simulator
/usr/share/java/com.coova/
/var/lib/coova-radius/
/usr/share/doc/coova-radius/

CoovaRADIUS init script


Script launches CoovaRADIUS and opens admin interface in browser
Script to launch the JRadius Simulator application
Directory where all Java jar files are placed
Directory where CoovaRADIUS puts all data (including Derby database)
Directory where all documentation and licenses

The /usr/bin/coova-radius script can be run from the command line. If the CoovaRADIUS server is not
currently running, and the script is being ran as the user root or coova, then the server is started. When the
server is already running, the coova-radius script will launch the administration program (which is a Firefox
/ XULRunner application).

c 2010 Coova Technologies, LLC


Page 11 of 84

CoovaRADIUS Server
1.3

Installation on MacOS X

Download the Apple download option from the Licensing Server. Unzip the distribution file and it will create a
Coova directory containing two MacOS X applications.

Keep the application together in the same directory. To start the CoovaRADIUS service, launch the
CoovaRADIUS.app program. This will also bring up the localhost administration interface in your browser.

c 2010 Coova Technologies, LLC


Page 12 of 84

CoovaRADIUS Server
To access the files on CoovaRADIUS.app, right click on the application icon and select Show Package
Contents.

The Data/ directory is where CoovaRADIUS will store the embedded Derby database and other files while the
Content directory contains the core applicaiton.

c 2010 Coova Technologies, LLC


Page 13 of 84

CoovaRADIUS Server
1.4

Installation on Windows

Download the Windows version from the Licensing Server. Unzip the distribution file to your Desktop. The
archive will expand into a directory called Coova and will contain the following files and directories:

Keep all the files in the same directory, however you may move the entire parent directory. As show, this
directory contains two applications, a lib/ directory containing the core application, and a data/ directory for
the embedded Derby database and other files.

c 2010 Coova Technologies, LLC


Page 14 of 84

CoovaRADIUS Server

c 2010 Coova Technologies, LLC


Page 15 of 84

CoovaRADIUS Server
1.5

VMWare & LiveCD (openSUSE) Appliance Setup

We offer a variety of pre-built systems based on the openSUSE Linux distribution, which includes a VMWare
and LiveCD version.
The default users root and admin have password changeme. Change the default passwords as soon as
possible.
If you are using setting up Drupal, also see section 4.1.
Change System Passwords
The system is minimally configured and with default passwords in place to get things up and running quickly.
Take a minute now to change some of the default password for security reasons as soon as possible.
$ passwd
(change admin user password)
$ su
(current root password)
# passwd
(change root user password)
# mysqladmin -u root password "my-new-pwd"

c 2010 Coova Technologies, LLC


Page 16 of 84

CoovaRADIUS Server
Change MySQL Passwords
Use the MySQL Administrator application on the desktop to access the running MySQL server using the
password you just defined.

Shown below, under User Administration (top left) you can select User Accounts (botton left) to change
their passwords. Once changed, click on Apply Changes (bottom right).

c 2010 Coova Technologies, LLC


Page 17 of 84

CoovaRADIUS Server
1.6

Using with MySQL

MySQL is supported when used with a commercial license. To use MySQL, you also need to download the
MySQL Java JDBC driver and install the Jar file. Due to the license, we are unable to supply this file with our
distribution.
Download MySQL Connector/J JDBC Driver
Download the driver, place the jar file in the CoovaRADIUS Lib directory and completely restart the server.
On Ubuntu there is also a package that installs the MySQL driver, which allows for the following:
#
#
#
#

sudo apt-get install libmysql-java


mkdir -p /var/lib/coova-radius/lib/
cd /var/lib/coova-radius/lib/
ln -s /usr/share/java/mysql-connector-java.jar .

After installing the MySQL JDBC Driver, and with the RADIUS service stopped, you can change the database
configuration to use a MySQL server instead of the embedded Derby database. Save your changes and then
start up the RADIUS service after creating the database in your MySQL server.
For the MySQL server setup, create the database and user you wish to use for CoovaRADIUS. The first time
CoovaRADIUS starts up it will create the database tables for you.

c 2010 Coova Technologies, LLC


Page 18 of 84

CoovaRADIUS Server
1.7

Using with BIRT Reporting

Download BIRT 2.5.2 Runtime


On Ubuntu:
cd /var/lib/coova-radius/
unzip /tmp/birt-runtime-2_5_2.zip
cp /usr/share/java/com.coova/mysql-connector*.jar \
/usr/share/java/com.coova/derby*.jar \
birt-runtime*/ReportEngine/plugins/org.eclipse.birt.report.data.oda.jdbc_*/drivers/
mkdir birt-log
chown -R coova birt-*
cat<<EOF >> coova_radius.properties
birt.runtime=/var/lib/coova-radius/birt-runtime-2_5_2/ReportEngine
birt.logdir=/var/lib/coova-radius/birt-log
EOF

c 2010 Coova Technologies, LLC


Page 19 of 84

CoovaRADIUS Server
2
2.1

Administration Web Interfaces


Setup Web Interface

The setup interface is ONLY available on the localhost of the server machine. From this interface, you can
Stop and Start the RADIUS server, Shutdown the entire server, and when Stopped, you can change the main
database settings of the RADIUS server.
http://localhost:2080/ewt/home.html
If you are installing CoovaRADIUS on a remote system, we recommend using SSH to tunnel a path to the
setup interface. Do not worry, you typically do not need to use this interface very often. See the next section
on how to access the administration interface remotely.
ssh -L 2080:localhost:2080 remote-host-name

2.2

Main Web Interface

In addition to the server setup interface, the CoovaRADIUS administrativion interface is available at:
http://hostname:1900/ewt/home.html
or securely at:
https://hostname :1800/ewt/home.html
In both cases, you will promoted for the admin user password.
2.3

JSON API Interface

The JSON API in CoovaRADIUS has these URLs:


http://hostname :1900/ewt/json https://hostname :1800/ewt/json

c 2010 Coova Technologies, LLC


Page 20 of 84

CoovaRADIUS Server
3

Embedded Captive Portal

Note: This feature is still under development! If you are interested in using the embedded captive portal, let us
know your requirements.
The embedded captive portal (in pure Java) provides an easy to use alternative to setting up Drupal. For
many networks, this is all that might be required.
3.1

Customizing the Captive Portal

Customizing the embedded captive portal is done through defining Named Values under the System menu.
Named values are name/value pairs that can be defined based on network, access point, client device, or user.
To define a captive portal website, the named values below should be defined for the network. Leave the
access point, client device, and user all blank. Should you want to give a specific user, for example, a message,
then override some values by duplicating them and setting both the network and user.
Named Values that control the embedded captive portal:
portal.title
portal.top
portal.bottom
portal.box.box-name
portal.css
portal.favicon
portal.page.index
portal.page.page-name
portal.login.after
portal.login.before
portal.login.failure
portal.login.password
portal.login.submit
portal.login.success
portal.login.username
portal.login.welcome
portal.login.usingCode
portal.network.default
portal.free.realm
portal.free.prefix
portal.free.accessPolicy
portal.free.alwaysRenew
portal.free.remoteURL
portal.free.usingCode

c 2010 Coova Technologies, LLC


The page title


The top portion of the page
The bottom portion of the page
A custom box of name box-name
The CSS for the site
The path to the favicon
The index page is the default page
A custom portal page
Message after / below login
Message before / above login box
Message displayed for login failure
Password field label
Submit button label
Message displayed upon successful login
Username field label
Welcome message after login
Replaces the login box when logged in using access code.
Default network (define without a Network)
The realm name to place the access codes under.
The username prefix before the client device MAC address.
The numeric ID of the access policy to use when allocating an access code.
Set to true when the access voucher should always be reset on initial
redirect.
The URL to redirect to, with the login URL appended.
Replaces the login link when logged in using access code.

Page 21 of 84

CoovaRADIUS Server
3.2

An Example

Named Values defined for the Global Network:


Name
portal.favicon
portal.title
portal.top
portal.bottom

portal.page.index
portal.page.support
portal.page.locations
portal.page.account
portal.page.about
portal.login.welcome

portal.css

c 2010 Coova Technologies, LLC


Value
/com/coova/portal/static/favicon.ico
Coova Hotspot
<a href="/"><img border="0"
src="/com/coova/portal/static/coova.png"/></a>
<ul class="links">
<li><a href="/?page=about">about us</a>
<li><a href="/?page=locations">locations</a>
<li><a href="/?page=support">support</a>
</ul>
<div style="font-size: small; color: #666;">
Copyright (c) 2010 Coova Technologies, LLC.
</div>
boxes:intro,login,free
boxes:support
boxes:ewt-portal-map
boxes:ewt-menu-portal-menu
boxes:about
You are now logged in.
<ul>
<li><a href="?page=account">My account</a>
<li><a href="?page=logout">Logout</a>
</ul>
body { background-color: lightgrey; }
.box { width: 80%; border: 1px solid grey; -moz-border-radius:
10px; -webkit-border-radius: 10px; border-radius: 10px; padding:
10px; margin: auto; }
.portal-box-intro, .portal-box-login { width: 50%; float:left; }
.portal-box-free { clear: both; padding: 10px; }
ul.links { text-align: center; margin: 0; padding: 0; }
ul.links li { list-style: none; display: inline-block; padding: 0
10px; }

Page 22 of 84

CoovaRADIUS Server
3.3

Auto-Login Redirection Handler

The embedded portal URI /redirect.jsp provides an easy way to auto-login users based on their Client
Device MAC address. An access policy can optionally be set to limit access.
The following Named Values are avaialble to control this feature:
portal.redirect.style
portal.redirect.realm
portal.redirect.prefix
portal.redirect.accessPolicy
portal.redirect.alwaysRenew
portal.redirect.remoteURL
3.4

Only supports standard currently.


The realm name to place the access codes under.
The username prefix before the client device MAC address.
The numeric ID of the access policy to use when allocating an access code.
Set to true when the access voucher should always be reset on initial
redirect.
The URL to redirect to, with the login URL appended.

Adding static content

In the CoovaRADIUS data directory, /var/lib/coova-radius/ on Linux, do the following:


$ mkdir -p com/coova/portal/static/
$ echo "it works" > com/coova/portal/static/test.html
which is then accessible in the embedded portal with the URI /com/coova/portal/static/test.html. This
can be used for images, HTML, or any other resource file.

c 2010 Coova Technologies, LLC


Page 23 of 84

CoovaRADIUS Server
4

External Captive Portals

CoovaRADIUS has an API based on the JSON format. This API can be used to integrate with a wide variety
of external third party portals. We have provided an integration module to make it easier to integrate with the
Drupal content management system.
4.1

Drupal Installation in openSUSE Appliance

Always install the latest Drupal from drupal.org. At the time of this writing, the version was 6.19.
To install Drupal, execute the following commands:
$ su
(root password)
# cd /srv/www/
# rm -rf htdocs
# wget http://ftp.drupal.org/files/projects/drupal-6.19.tar.gz
# tar xzf drupal-6.19.tar.gz
# mv drupal-6.19 htdocs
# cd htdocs/sites/default
# mkdir files
# chown wwwrun files
# mv default.settings.php settings.php
# gedit settings.php
(edit settings.php)

c 2010 Coova Technologies, LLC


Page 24 of 84

CoovaRADIUS Server
Use the gedit program to edit the main Drupal settings, as shown in the previous example and also below.
$ su
(root password)
# gedit /srv/www/htdocs/sites/default/settings.php
(edit settings.php)

Edit the file, near the middle, changing db url variable with the correct information to access the database.
Use the username drupal, the password used in section 1.5, and the database name drupal.

c 2010 Coova Technologies, LLC


Page 25 of 84

CoovaRADIUS Server
Now, use Firefox to finish the Drupal installation process:
$ firefox http://localhost/install.php

4.2

Installing Drupal Modules

Modules of interest:

The Coova integration modules that come with the distribution.


Ubercart shopping cart.
Token is required by Ubercart.
Always install the latest versions!

Installing Coova Hotspot and EWT Modules


#
#
#
#
#
#

mkdir /srv/www/htdocs/sites/all/modules/
cd /srv/www/htdocs/sites/all/modules/
tar xzf /usr/lib/coova-radius/drupal/hotspot-6.x-1.x-dev.tar.gz
tar xzf /usr/lib/coova-radius/drupal/ewt-6.x-1.x-dev.tar.gz
cd ewt/
tar xzf /usr/lib/coova-radius/drupal/com.coova.ewt.Drupal.tar.gz

c 2010 Coova Technologies, LLC


Page 26 of 84

CoovaRADIUS Server
Installing Ubercart
#
#
#
#
#
#
#

cd /srv/www/htdocs/sites/all/modules/
wget http://ftp.drupal.org/files/projects/token-6.x-1.15.tar.gz
tar xzf token-6.x-1.15.tar.gz
rm token-6.x-1.15.tar.gz
wget http://ftp.drupal.org/files/projects/ubercart-6.x-2.4.tar.gz
tar xzf ubercart-6.x-2.4.tar.gz
rm ubercart-6.x-2.4.tar.gz

4.3

CoovaRADIUS Integration

Enable Drupal modules CoovaEWT and CoovaRADIUS.


Edit CoovaEWT settings under Administer / Site configuration / CoovaEWT (q=admin/settings/ewt):
Enable the API
Change the API password for the admin user, see section 1.1.4
Enabled CoovaEWT GUI and Ajax Proxy as needed by ewt div() inclusion
Edit CoovaRADIUS settings under Administer / Site configuration / CoovaRADIUS
(q=admin/settings/coova radius); requires CoovaEWT settings are already configured:
Select the main mode Auto provision standard users
Enter a random Cookie Encryption Key
Enable Create users able to Own client devices
Select local for Realm ID
Select Global Network for Network ID
Complete the integration by configuring the following in CoovaRADIUS:
Create a User in CoovaRADIUS
Username should be the same as the Drupal admin user name
Realm should be local
Home Network should be Global Network
Foreign User ID should be 1 (Drupal user ID)
Foreign User Realm should be drupal-site (Also used in Drupal config)
Edit the Network named Global Network
Select the newly created User as the Owner

c 2010 Coova Technologies, LLC


Page 27 of 84

CoovaRADIUS Server

c 2010 Coova Technologies, LLC


Page 28 of 84

CoovaRADIUS Server
4.4

Example configuration: Members only

Enable the Hotspot module.


Edit Hotspot settings under Administer / Site configuration / Hotspot (q=admin/settings/coova radius):
Ensure the Hotspot is enabled
Ensure the UAM Secret matches that for Global Network
To allow for users to register at the Hotspot, we need to make it such that the user need not verify their
e-mail address during sign-up. Do this under Administer / User management / User settings
(q=admin/user/settings):
Uncheck Require e-mail verification when a visitor creates an account
4.5

Example configuration: Selling access

c 2010 Coova Technologies, LLC


Page 29 of 84

CoovaRADIUS Server
5

Data Model Overview

The database consists of the following basic objects:


Realms are essentially the grouping of users. You can have the same username in different realms, but you can
never have duplicates usernames within a realm. Realms are also an important concept in terms of routing
of authentication, whereby RADIUS for users of a foreign realm is proxied to a third party RADIUS server.
Users are people associated with a username and password. Users can own objects in the system such as
Access Points and Client Devices.
Client Devices are devices that access the Network, be it a laptop, hand-held, or phone. The device is
known uniquely by its MAC address and can be owned by a User.
Access Points are the Wi-Fi routers, network access server (NAS), or any device acting as the access
controller, as known uniquely by MAC address.
Access Controllers define types of Access Points, or more specifically, the type of access controller being
used.
Networks are used to group together Access Points. A Network is able to be owned by a User and can
optionally be associated with a parent Network.
Access Policies define the limitations put upon an Access Voucher in the system.
Access Vouchers are the backing objects controlling the limitations set on an Access Code, Network
User, or Network Realm.
Access Codes define a username and password for access provisioning based on an access policy.
Access Code Sets are a grouping of Access Codes that were likely generated by the system.
Network User entries define what Users can access what Networks, based on what an Access Policies.
Network Realm entries define what Realm (and all users under it) can access what Networks, based on an
Access Policies.
Attribute Sets define a collection of Attributes of various Attribute Types. They can be associated with
Users, Client Devices, and Access Policies.
5.1

Realms

A Realm provides a username name-space similar to that of a domain name in an e-mail address. Realms
can represent groups of credentials (usernames and passwords) stored locally in the system or remotely in
RADIUS servers elsewhere. See section ?? for more information on RADIUS Realm based routing.
Realms in RADIUS have significance as they provides a means of routing authentication through proxy
servers to the appropriate home RADIUS server. There are two main ways to define a realm in a username.
There is the Prefix format realm/usernamed and the Postfix format username@realm. The username with
one or more realms is then used as the username for login purposes.
Recommendation: If possible, organize your users in a specific realm and leave the default realm
c 2010 Coova Technologies, LLC

Page 30 of 84

CoovaRADIUS Server
for Administrative-User (device login) purposes. With a captive portal, you can easily add a realm
to a users username if needed.
5.2

Users

A User is an account that represents a real person and a unique Username within a Realm. The user can
have an optional Email address and must have a Password.
Note: Passwords in the system are stored in plain-text. This is because some RADIUS
authentication protocols require that the RADIUS server know the plain text password.
Recommendation: When creating users via the API where you have your own user database, you
dont have to set the RADIUS users password to be that of the original users. When using a
captive portal, you can always user an alternate password (unknown to the user) for RADIUS
provisioning purposes. This will further help protect your user passwords.
User options include:
Can own client devices - If the user is able to own client devices. If true, devices not otherwise
owned will be automatically owned upon successful authentication.
Can own access points - If the user is able to own access points. If true, access points not
otherwise owned will be automatically owned upon successful authentication when not using a
public shared secret.
Administrative User - If true, the user can only be used with Administrative-User Service-Type
request (device, not user, authentication).
MAC Authentication - If true, then devices owned by the user can optionally be allowed to
authenticate by MAC address.
EAP Only - If true, only EAP authentication protocols are allowed for this user.
EAP TLS Only - If true, only EAP-TLS (TLS, TTLS, PEAP) authentication protocols are allowed
for this user.
Anonymous AP Ok - If true, then the account can be used at access points using a public
shared secret.
Attribute Set - RADIUS attributes to send in an Access-Accept for this user.
5.3

Client Devices

A Client Device is a device, such as a laptop computer, that accesses a Network. It is uniquely identified by
its Station Id (RADIUS Calling-Station-Id), which is the Ethernet MAC address of the devices network
interface. It can have a user Owner, which gets automatically assigned when a user logs in using the device
and has the Can own client devices user option set.
Client device options include:
MAC Authentication - If true, and if the user owning this device has the MAC Authentication
user option set to true, the device will be automatically authenticated (with supported access
controllers and configurations).
Attribute Set - RADIUS attributes to send in an Access-Accept for this device.
c 2010 Coova Technologies, LLC

Page 31 of 84

CoovaRADIUS Server
5.3.1

Authorizing Client Devices

Individual Client Devices can be authorized (using MAC authentication) for Networks or Access Points by
being added to the whitelist table.
5.3.2

Banning Client Devices

Individual Client Devices can be banned from Networks or Access Points by being added to the backlist
table.
5.4

Networks

A Network is a grouping of access points. It has a unique Name in the system and can have a user Owner.
It may also have a Parent Network defined so that access permissions can be granted for multiple levels of
networks.
Network options include:
Default Realm - The Realm to use for authentications requests in the network where a specific
realm is otherwise not specified.
Attribute Set - RADIUS attributes to send in an Access-Accept for all session in the network.
UAM Secret - The CoovaChilli uamsecret to use for a network (CoovaChilli only).
5.5

Access Points

An Access Point is uniquely identified by the Station Id (RADIUS Called-Station-Id), which is most
often the MAC address. It can optionally have a Name, be grouped into a Network, and have a user Owner.
The system will automatically assign a user as the owner when a user logs into the access point, configured
with the users specific RADIUS shared secret, and the user has option Can own access points set to true.
The system will also automatically attempt to figure out the Controller Type.
Access point options include:
Location - Informational purposes only.
Description - Informational purposes only.
MAC Address - MAC address, often the same as Station Id.
NAS IP Address - IP address of the access point, automatically set from RADIUS.
NAS Identifier - A RADIUS identifier, automatically set from RADIUS.
Anonymous MAC Auth - When true, and used in conjunction with the MAC authentication
feature of CoovaChilli, session at the access point are initially in splash mode where most network
resources are available (E-mail, etc), but port 80, the standard HTTP port, is redirected to a splash
page.
Reversed Accounting - When true, the meaning of Input and Output and how they are
associated with Download and Upload are reversed. See section ?? for more information on
RADIUS Accounting.

c 2010 Coova Technologies, LLC


Page 32 of 84

CoovaRADIUS Server
Bandwidth Graphing (RRD) - When true, the Administrative-User session statistics are used
to produce an RRD graph of overall network throughput (requires Monitoring to be true).
Monitoring - When set to true, the access point will be monitored by the system. User the
Administrative-User session of the device, on-line status information is maintained.
Attribute Set - RADIUS attributes to send in an Access-Accept for all session from this access
point.
5.6

Access Policies

An Access Policy defines the limitations being put on sessions for time, data, and/or bandwidth.
A policy consists of:
Access Time and Access Time Units - Together these define the amount of access time granted.
Access Window and Access Window Units - Together these define the time frame in which the
Access Time can be consumed.
Expiry Time and Expiry Time Units - Together these define the validity duration, after which
the voucher is unusable.
Download Data and Download Data Units - Together these define the max data downloaded.
Upload Data and Upload Data Units - Together these define the max data uploaded.
Total Data and Total Data Units - Together these define the max data uploaded and
downloaded combined.
Max Download Rate - Max bandwidth down in bits per second.
Max Upload Rate - Max bandwidth up in bits per second.
Max Concurrency - Max number of simultaneous sessions.
Max Logins - Maximum number of logins.
Auto Renew - True if the voucher automatically renews after the access window time.
The Access Voucher provides the backing object for the Access Policy and can be associated
with an Access Code, Network User, or Network Realm.
Note: When making changes to an Access Policy that has already been in use, some state
information kept in the Access Voucher may be inconsistant with the new settings. Therefore, it
is adviced to either create a new Access Policy (keep the old one in place) or to Reset all Access
Vouchers associated with the policy.
Using the Auto Renew option, schemes like 1 hour access, every day can be implemented with an Access
Time of one hour, Access Window of one day, and Auto Renew set to true. With Auto Renew set to
false, then you have 1 hour of access total to be used within 24 hours.
5.7

Access Codes

An Access Code defines a username and password within a Realm. Access codes can have an associated
Access Policy and a user Owner. Additionally, access codes can be limited to a Network.

c 2010 Coova Technologies, LLC


Page 33 of 84

CoovaRADIUS Server
5.8

Network User Access

An entry in the Network User table enables a User to have access to a Network based on an optional
Access Policy.
5.9

Network Realm Access

An entry in the Network Realm table enables a Realm, and all user under it, to have access to a Network
based on an optional Access Policy. (not yet fully implemented).
5.10

Access Controllers

An Access Controller defines that features an access point has. Generally, it defines the access point make,
but not necessarily as CoovaChilli can run on a variety of hardware. The RADIUS platform potentially requires
special support for access controller not otherwise listed in this table.
Default Reversed Accounting - When set to true, access points discovers to be of this controller
type will be created with the Reversed Accounting option also set to true.
5.11

Attributes

Attributes define RADIUS Attributes that can be grouped together into Attributes Sets and used by the
RADIUS server when authenticating Users, Access Codes, or Client Devices.
With many possible RADIUS attributes possible, when adding Attributes to an Attribute Set, a select box
lists the defined Attributes Types. Add more Attributes Types if the RADIUS attribute you wish to use is
not currently available.
5.12

Named Values

Named Values provide a convenient way to manage a hierarchical structure of named values that can be
defined on a Network, Access Point, User, or Client Device basis.
When named values are derived, more specific values (i.e. ones matching more of the criteria of Network,
Access Point and so on) override more general values.
This table is used in the embedded captive portal and the dashbaord features.
5.13

X509 Management

When CoovaRADIUS starts, it will always ensure it has a default Certificate Authority (CA), if not it will create
one. Using the CA certificate, X509 Certificates can be generated for users or for general (non-user) use.
There are a few certificates create per default and are used by the system. These include ewt-server, the
certificate running the EWT interface (port 1800); dashboard-server, the certificate running the Dashboard
interface (port 2444); radsec-server, the certificate running the RadSec interface (port 2083); and
eap-server, the certificate for the EAP-TLS based authentication methods.
For details on X509 management features, see section ??.

c 2010 Coova Technologies, LLC


Page 34 of 84

CoovaRADIUS Server
5.14

Configuration

Name
Description
com.coova.dal.version
Used to track the database schema version, do not change.
com.coova.DefaultRealm
System default realm.
com.coova.default.AcctInterimInterval Default system wide accounting interim interval.
com.coova.default.IdleTimeout
Default system wide idle timeout.
com.coova.default.ReportType
com.coova.feature.AdvancedPolicies
com.coova.feature.ApRoaming
Set to true to enable subscriber roaming between access
points in same network.
com.coova.feature.GenerateReports
com.coova.feature.Payments
com.coova.feature.FullAdministration
com.coova.feature.FullInformation
com.coova.feature.Reports
com.coova.menu.DisablePayments
com.coova.menu.NetworkSettings
com.coova.menu.NetworkPreferences
com.coova.menu.UserDevices
com.coova.menu.UserAccessCodeStatus

c 2010 Coova Technologies, LLC


Page 35 of 84

CoovaRADIUS Server
6

Testing with JRadiusSimulator

The JRadiusSimulator is an open-source RADIUS simulation and testing tool based on the JRadius framework.
It is very flexible, and easy to use for simple RADIUS AAA simulations. It allows you to hand craft RADIUS
requests and to see the responses. Select from one of several authentication protocols, UDP or RadSec
transport methods, and simulate your NAS by adding standard and Vendor Specific RADIUS attributes.
To start the simulator, use the radius-simulator command on Unix or double click on the
RadiusSimulator program icon that came with the Windows or Mac distributions.
6.1

Basic Configuration

Configure the RADIUS Server to be your CoovaRADIUS server hostname or IP address. Set the Shared
Secret appropriately. Since we are using a trial license, it is shown set to testing123. Select Generate a
Unique Acct-Session-Id so that each request looks unique, as in typical real-life usage.
Click the Attributes tab to begin adding RADIUS attributes from the JRadius dictionary.

c 2010 Coova Technologies, LLC


Page 36 of 84

CoovaRADIUS Server
6.2

Adding RADIUS Attributes

Add RADIUS attributes to the various RADIUS request types and states. Begin by clicking Add Attribute to
bring up a listing of all available RADIUS attributes in the JRadius dictionary.

Recommended attributes to add:


User-Name
User-Password

NAS-Identifier
NAS-Port-Type
Acct-Session-Id
Service-Type
NAS-IP-Address
Called-Station-Id
Calling-Station-Id
Acct-Session-Time
Acct-Input-Packets
Acct-Output-Packets
Acct-Input-Octets
Acct-Output-Octets

Username and password placeholder (password replaced depending on authentication protocol). The username is in all
packets while the password is only added to Access Request
and/or Tunneled Requests.
The name of the NAS (access point).
NAS port type, select from a list.
A unique session ID generated by simulator.
The service type, select from a list.
The IP address of the access point.
The MAC address of the access point.
The MAC address of the client device.
Some simple accounting data to add to accounting Update/Interim and Stop.

Warning! Be sure to save your configuration by selecting Save in the File menu of the main window.

c 2010 Coova Technologies, LLC


Page 37 of 84

CoovaRADIUS Server
6.3

Running Simulations

To run a simulation, click the Start button on the RADIUS tab.

Adjust the Simulation Type to test either only authentication or authentication followed by accounting. The
attributes you have defined are added to packets depending on type (Access-Request or
Accounting-Request) and accounting state (Acct-Status-Type) of either Start, Interim/Update, or Stop.
If you have selected to Log RADIUS to Log tab, then you will find the output of your RADIUS simulation
after clicking on the Log tab.
Use the simulator to also test your system under load by adjusting the Requester Threads and Requests
per Thread parameters. Its recommended, however, that you turn off the logging as it will slow you down.

c 2010 Coova Technologies, LLC


Page 38 of 84

CoovaRADIUS Server
6.4

Testing against CoovaRADIUS

In order to use the simulator with your CoovaRADIUS server, there are a few configurations required in order
to get an Access-Accept for your tests.
Access Point in a Network
If you have already tried a simulation and it has failed, the first thing to check is that the MAC address used in
the Called-Station-Id is that of a valid access point in CoovaRADIUS and that the Access Point is part of
a Network.

Shown is the Access Point with MAC address 00-00-00-00-00-00 automatically added to the system by our
first (failed) authentication attempt. The record has since been edited and placed into the Global Network.

c 2010 Coova Technologies, LLC


Page 39 of 84

CoovaRADIUS Server
Test User exists and has Access
The User defined in the User-Name attribute must exist in the system and must have access to the Network
associated with Access Point.

Shown is the User with username test and password test created to be used in our simulation. The user was
created with Realm local, which is also the Default Realm of the Global Network. Access was also added
for the test user in the Global Network.

c 2010 Coova Technologies, LLC


Page 40 of 84

CoovaRADIUS Server
6.5

Testing EAP-TLS and RadSec

Note: A non-trial license is required to use the EAP and RadSec features of CoovaRADIUS.
In order to use RadSec as your Transport or to use the EAP-TLS authentication protocol, you must have a
Client Certificate to use for authentication. In JRadiusSimulator, you configure this on the Keys tab.

Shown we have the simulator configured with a client certificate and private key (both in PEM format) in file
/tmp/key.pem and the trusted root CA certificate in PEM format in file /tmp/ca.pem.
Click Trust All Server Certificates and leave the File fields blank to be able to use EAP-TTLS or PEAP
without the client certificate configured.

c 2010 Coova Technologies, LLC


Page 41 of 84

CoovaRADIUS Server
To use with CoovaRADIUS, go to the Access / X509 tab to manage X509 certificates.

Shown is the certificate the test User after clicking New User Certificate button and generating the new
certificate.
To use this certificate with our simulation, we cut-and-paste the Certificate in PEM format to the
/tmp/key.pem file, which is what we used in JRadiusSimulator. Additionally, click on the Export tab in the
middle of the page, after selecting the test user certificate in the table, and cut-and-paste the Exported
Private Key into the same file.
Then click on the Show Certificate Authorities button to see the certificate of the signing CA (as shown
above). Cut-and-paste the Certificate in PEM format to the /tmp/ca.pem file, as used in our simulation.

c 2010 Coova Technologies, LLC


Page 42 of 84

CoovaRADIUS Server
Change the Authentication Protocol to run simulations with different authentication methods. Using
EAP-TLS requires a client certificate that matches the user, while others, like EAP-TTLS and PEAP, tunnel an
inner authentication and the client certificate is not required.

To run a RadSec simulation, select RadSec as the Transport method, configure the Shared Secret to be
radsec (required for all RadSec tunnels), and set the ports to 2083, as shown.

c 2010 Coova Technologies, LLC


Page 43 of 84

CoovaRADIUS Server
6.6

Example Session Log

Access Request (PEAP)


Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
State = [Binary Data (length=46)]
EAP-Message += [Binary Data (length=6)]
Message-Authenticator := [Binary Data (length=16)]
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessChallenge
Attributes:
EAP-Message = [Binary Data (length=6)]
State = [Binary Data (length=46)]
Message-Authenticator = [Binary Data (length=16)]
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
State = [Binary Data (length=46)]
EAP-Message += [Binary Data (length=72)]
Message-Authenticator := [Binary Data (length=16)]
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessChallenge
Attributes:
EAP-Message = [Binary Data (length=253)]
EAP-Message = [Binary Data (length=253)]
EAP-Message = [Binary Data (length=253)]
EAP-Message = [Binary Data (length=253)]
EAP-Message = [Binary Data (length=22)]
State = [Binary Data (length=46)]
Message-Authenticator = [Binary Data (length=16)]

c 2010 Coova Technologies, LLC


Page 44 of 84

CoovaRADIUS Server
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
State = [Binary Data (length=46)]
EAP-Message += [Binary Data (length=6)]
Message-Authenticator := [Binary Data (length=16)]
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessChallenge
Attributes:
EAP-Message = [Binary Data (length=253)]
EAP-Message = [Binary Data (length=105)]
State = [Binary Data (length=46)]
Message-Authenticator = [Binary Data (length=16)]
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
State = [Binary Data (length=46)]
EAP-Message += [Binary Data (length=236)]
Message-Authenticator := [Binary Data (length=16)]
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessChallenge
Attributes:
EAP-Message = [Binary Data (length=65)]
State = [Binary Data (length=46)]
Message-Authenticator = [Binary Data (length=16)]
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
c 2010 Coova Technologies, LLC

Page 45 of 84

CoovaRADIUS Server
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
State = [Binary Data (length=46)]
EAP-Message += [Binary Data (length=6)]
Message-Authenticator := [Binary Data (length=16)]
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessChallenge
Attributes:
EAP-Message = [Binary Data (length=59)]
State = [Binary Data (length=46)]
Message-Authenticator = [Binary Data (length=16)]
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
State = [Binary Data (length=46)]
EAP-Message += [Binary Data (length=80)]
Message-Authenticator := [Binary Data (length=16)]
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessChallenge
Attributes:
EAP-Message = [Binary Data (length=59)]
State = [Binary Data (length=46)]
Message-Authenticator = [Binary Data (length=16)]
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
State = [Binary Data (length=46)]
EAP-Message += [Binary Data (length=144)]
Message-Authenticator := [Binary Data (length=16)]
Received RADIUS Packet:
c 2010 Coova Technologies, LLC

Page 46 of 84

CoovaRADIUS Server
---------------------------------------------------------Class: class net.jradius.packet.AccessChallenge
Attributes:
EAP-Message = [Binary Data (length=43)]
State = [Binary Data (length=46)]
Message-Authenticator = [Binary Data (length=16)]
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
State = [Binary Data (length=46)]
EAP-Message += [Binary Data (length=96)]
Message-Authenticator := [Binary Data (length=16)]
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccessAccept
Attributes:
MS-MPPE-Recv-Key = [Binary Data (length=50)]
MS-MPPE-Send-Key = [Binary Data (length=50)]
EAP-Message = [Binary Data (length=4)]
Acct-Interim-Interval = 300
User-Name = test
Chargeable-User-Identity = test@local
Class = [Binary Data (length=46)]
Message-Authenticator = [Binary Data (length=16)]
Accounting
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccountingRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Status-Type := Start
Class = [Binary Data (length=46)]
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccountingResponse
c 2010 Coova Technologies, LLC

Page 47 of 84

CoovaRADIUS Server
Attributes:
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccountingRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Time := 120
Acct-Input-Packets := 10
Acct-Output-Packets := 20
Acct-Input-Octets := 100
Acct-Output-Octets := 200
Acct-Status-Type := Alive
Class = [Binary Data (length=46)]
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccountingResponse
Attributes:
Sending RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccountingRequest
Attributes:
NAS-Identifier := simulator
NAS-Port-Type := Wireless-802.11
User-Name := test
Service-Type := Login-User
NAS-IP-Address := 127.0.0.1
Called-Station-Id := 00-00-00-00-00-00
Calling-Station-Id := 11-11-11-11-11-11
Acct-Session-Time := 120
Acct-Input-Packets := 10
Acct-Output-Packets := 20
Acct-Input-Octets := 100
Acct-Output-Octets := 200
Acct-Status-Type := Stop
Class = [Binary Data (length=46)]
Acct-Session-Id := JRadius-1d816f91b414e43683f9e7406c52451f
Received RADIUS Packet:
---------------------------------------------------------Class: class net.jradius.packet.AccountingResponse
Attributes:

c 2010 Coova Technologies, LLC


Page 48 of 84

CoovaRADIUS Server
7

Configuring Access Points

CoovaRADIUS can be used with a wide range of Access Points and Access Controllers. If it supports RADIUS,
chances are very likely itll work with CoovaRADIUS. There are some RADIUS requirements, but generally
vendors do things in similar ways.
Contact us if your access point or access controller is not listed and you require assistance setting up.
7.1

CoovaAP 1.x
http://www.coova.org/CoovaAP

CoovaAP provides a easy to use interface for configuring CoovaChilli on broadcom based routers.
7.2

CoovaAP 2.x Dashboard

Currently configured directly in the Named Values table found in under the System tab, the following
attributes, resolved on a per access point or network basis (traversing the list of parent networks) are of
interest:
cap.uci.hotspot.chilli.radsecret RADIUS secret for CoovaChilli.
...

Contact us for more information on firmware support options with centralized Dashboard configuration.
7.3

Colubris / HP Procurve

7.4

Ubiquiti

Contact us for more information on firmware support options.


7.5

Open-mesh

Contact us for more information on firmware support options.


7.6

CoovaChilli

Contact us for more information on CoovaChilli support options.

c 2010 Coova Technologies, LLC


Page 49 of 84

CoovaRADIUS Server
8

API, GUI, & Web Services

With CoovaRADIUS installed and running, access:


https://localhost:1800/ewt/home.html
8.1

CoovaEWT

The web based administrative interface is a static HTML and Javascript application that uses Ajax calls back
to the server, using the JSON data format.
The Ajax/API calls are mostly done through a single URL, with query string parameters possibly added. Here
is the EWT API when running on the localhost:
https://localhost:1800/ewt/json
The web administrative interface uses the URL to retrieve the GUI screens as well as the data for tables and
settings. As such, the GUI of the administrative interface is customizable by editing XML files in the server.
Additionally, the data services exposed through the EWT URL serve as a pure API into the system.
Query string parameters for the EWT URL:
Parameter
res
s
table
8.2

Description
Main resource type, for API use it is most often service.
The service name to perform, set to table for EWT Tables Services.
When s=table, this value defines what table service to perform.

EWT Tables

With s=table and table set, the following are valid:


Parameter
start
max
sort
desc
update
new
delete

Description
Sets the offset into result set, for paging.
Maximum number of results in the result set.
Table field to sort on.
Set to true or false for a descending or ascending, respectively, sort order.
When set to true, the POST data record is updated in the database table.
When set to true, the POST data record is added to the database table.
When set to true, the POST data record is deleted from the database table.

c 2010 Coova Technologies, LLC


Page 50 of 84

CoovaRADIUS Server
8.2.1

Searching Records

When searching, meaning that the new, update, and delete options are not being used, the following query
string parameters can be used to set search criteria. The field name is the table field name in Java bean
format.
Parameter
fieldIsNull
fieldIsNotNull
fieldLike
fieldEqualTo
fieldNotEqualTo
fieldGreaterThan
fieldGreaterThanOrEqualTo
fieldLessThan
fieldLessThanOrEqualTo
fieldIn
fieldNotIn
fieldBetween
fieldNotBetween

SQL Query
field is null
field is not null
field like value (string valued fields only)
field = value
field <> value
field > value
field >= value
field < value
field <= value
field in ( value, value, ... )
field not in ( value, value, ... )
field between value, value
field not between value, value

Examples
Some example requests. The first showing a select on the Users table limiting results to 5. The following two
queries are placing criteria on the realm field to search for users within certain Realms.
GET /ewt/json?res=service&s=table&table=radUser&start=0&max=5&sort=id&desc=true
GET /ewt/json?res=service&s=table&table=radUser&realmEqualTo=1
GET /ewt/json?res=service&s=table&table=radUser&realmIn=1,2
In all cases, when returning a return set, the JSON format is as follows. The entire response is wrapped in a
service object which contains the total number of rows selected by the query in count and the rows
themselves (up to max of them) in a JSON array. The JSON array of table row objects is named based on the
table. In this example, that is the radUser table.
{ "service": [
{ "count": 100,
"radUser" : [
{ "uid": 1,
"userName": "test",
"email": "test@domain.com",
"realmId": 1,
c 2010 Coova Technologies, LLC

Page 51 of 84

CoovaRADIUS Server
"realmId_display": "coova.org (1)",
"password": "test",
"userDefault": false,
"ownsClientDevices": true,
"ownsAccessPoints": false,
"timeZone": "",
"administrativeUser" : false,
"macauthAllowed": false,
"anonApOk": false,
"eapOnly": false,
"eapTlsOnly": false,
"userNetworkOnly": false,
"createdDate": "Thu Oct 16 18:03:07 CEST 2008",
"disabled": false
},
...
]
}
]}
8.2.2

Adding Records

With the parameter new=true set, the POST data is taken to create a new record in the database table.
POST /ewt/json?res=service&s=table&new=true&table=radRealm
{ "realm": "test", "ownerId": 1 }
8.2.3

Updating Records

With the parameter update=true set, the POST data is taken to update a record in the database table.
POST /ewt/json?res=service&s=table&update=true&table=radRealm
{ "uid": 1, "realm": "test", "ownerId": 1, ... }
8.2.4

Deleting Records

With the parameter delete=true set, the POST data is taken to delete a record in the database table based
on the unique id uid.
POST /ewt/json?res=service&s=table&delete=true&table=radRealm
{ "uid": 1, ... }
c 2010 Coova Technologies, LLC

Page 52 of 84

CoovaRADIUS Server
8.3
9

EWT Permissions
Data Services - API

The platform can be accessed remotely programmatically using the Application Programming Interface (API).
API URL: /ewt/json
9.1

Naming

Within the API, the names of tables and columns of tables are in standard Java been format. Meaning,
everywhere there is a in a name, be it a table or column name, the underscore is removed and the
following letter is capitalized. For example, the column name realm id is known as realmId. For the table
data services, the table names are similarly renamed, though in the singular tense.
9.2

EWT Table Services


Service Name
radAccessCodeSet
radAccessCode
radAccessPoint
radAccessPolicy
radAccessVoucher
radActiveSessions
radAttributeSet
radAttributeType
radAttribute
radClientDevice
radConfig

Database Table
rad access code sets
rad access codes
rad access points
rad access policies
rad access vouchers
rad sessions
rad attribute sets
rad attribute types
rad attributes
rad client devices
rad configs

radControllerType
radDeviceVendor
radLog

rad controller types


rad device vendors
rad logs

radMacBlacklist
radMacWhitelist
radNamedValue
radNetRealm
radNetUser
radNetwork
radPaymentProfile
radPayment
radRealmRoute
radRealm
radReportType

rad
rad
rad
rad
rad
rad
rad
rad
rad
rad
rad

c 2010 Coova Technologies, LLC


mac blacklist
mac whitelist
named values
net realms
net users
networks
payment profiles
payments
realm routes
realms
report types

Notes
Access code sets, see section 5.7.
Access codes, see section 5.7.
Access points, see section 5.5.
Access policies, see section 5.6.
Access vouchers, see section 5.6.
Select for only active session.
Attribute sets, see section 5.11.
Attribute types, see section 5.11.
Attributes, see section 5.11.
Client devices, see section 5.3.
General server configurations, see section
5.14.
Access controller types.
IEEE registered device vendors.
RADIUS logs, when enabled on per Access
Point basis.
Banned devices, see section 5.3.2.
Authorized devices, see section 5.3.1.
Named values, see section 5.12.
Network realms, see section 5.9.
Network users, see section 5.8.
Networks, see section 5.4.
Payment profiles table.
Payments table.
Realm routes table.
Realms, see section 5.1.
Report types.
Page 53 of 84

CoovaRADIUS Server
radReport
radSession
radUser
radWalledGarden
radX509Certificate
radX509CA
9.3

reports
sessions
users
walled garden
x509 certs
x509 certs

Reports.
RADIUS sessions, see section ??.
Users, see section 5.2.
Walled garden, see section ??.
X509 certificates and private keys.
Selects for Certificate Authorities only.

Other EWT Services

9.3.1

coova-users

9.3.2

coova-network

9.4

rad
rad
rad
rad
rad
rad

EWT PHP Client

PHP API
For PHP website integration, the same JSON formatted services used for the web interface are accessible
through the CoovaRADIUSClient class, contained in file CoovaRADIUSClient.php. The class is an extension of
EWTClient, found in EWTClient.php. The EWTClient uses the PHP internal JSON parsing routings and curl
(libcurl) for the HTTP(S) client.
The EWTClient tries to abstract as much of the underlying JSON formatting for the API. The
CoovaRADIUSClient class is to do higher level functions.
For example, this function which uses EWTClient to add a user:
function createUser($data) {
$ewt = $this->ewtClient();
$res = $ewt->doAction(coova-users, create, $data);
$ewt->close();
return $res;
}
Here is an example use:
require_once EWTClient.php;
require_once CoovaRADIUSClient.php;
$url = https://localhost:1800/ewt/json;
$ewt = new CoovaRADIUSClient($url, admin, admin);
function customNewUser($ewt, $username, $password) {
$data = array(
realmId
=> 1, // pre-configured realm
networkId => 1, // pre-configured network
c 2010 Coova Technologies, LLC

Page 54 of 84

CoovaRADIUS Server
userName
password
netUser

=> $username,
=> $password,
=> array( networkId => 1 )

);
return $ewt->createUser($data);
}
Which will not only create the user in the Users table, but create a Network User entry for the network with Id
1 (pre-defined in the database, in this case the Global Network). This will allow the user to actually access
the network.
JSON data is converted into PHP arrays, as the output of this example demonstrates:
// Access code example
var_dump($ewt->provisionAccessCode(array(
accessPolicyId => 1)));
Which results in:
array(4) {
["uid"] => int(14)
["username"] => string(8) "joLvRTET"
["accessPolicyId"]=> int(1)
["password"]=> string(8) "4njYg6uN"
}
9.5

Examples

$ curl --cacert ca.pem --key key.pem --cert cert.pem -k \


"https://ewt-server:1800/ewt/json?res=service&s=table&table=radAccessPoint&macAddressLike=00-1
{"service":[
{"radAccessPoint":
[{"uid":1,
"location":"My_HotSpot",
"ownerId":2,
"calledStationId":"00-12-CF-80-68-71",
"networkId":1,
"vendorId_display":"Accton Technology Corp (3953)",
"macAddress":"00-12-CF-80-68-71",
"vendorId":3953,
"attributeSetId_display":"",
"networkId_display":"Global Network (1)",
"reversedAccounting":true,
c 2010 Coova Technologies, LLC

Page 55 of 84

CoovaRADIUS Server
"ownerId_display":"c9w (2)",
"name":"nas01",
"controllerTypeId_display":"CoovaChilli (2)",
"nasIpAddress":"10.99.100.1",
"wanIpAddress":"62.163.177.27",
"nasIdentifier":"nas01",
"createdDate":"2010-06-23 08:17:44 UTC",
"controllerTypeId":2}],
"count":1}]
}

c 2010 Coova Technologies, LLC


Page 56 of 84

CoovaRADIUS Server
10

Google Maps

CoovaRADIUS supports the use of Google Maps to aid in the geo positioning of networks and access points.
10.1

Configure API Key

For Google Maps to work, you need to sign-up for a Google API Key which has to match the URL of the
website showing the maps. CoovaRADIUS user interfaces, maps included, can be embedded into a variety of
sites. In order to have Google Maps work, CoovaRADIUS must know the API key to use.

With no API key configured, Google Maps will not be available and the above will be shown.

c 2010 Coova Technologies, LLC


Page 57 of 84

CoovaRADIUS Server
To acquire a Google Maps API key, visit:
http://code.google.com/apis/maps/signup.html
Enter the hostname of the CoovaRADIUS interface to generate a key for it. In our example we are using
https://localhost:1800/, and we generated a key for that URL. Once generated, enter the API key into
the CoovaRADIUS configuration under the System menu and the Named Values sub-menu.

Create a new Named Value Configuration entry, setting everything to none except the Name and Value
fields. For the Name, enter:
com.google.api.key.siteKey
Where siteKey is either: the HTTP Host the interface is being viewed at (e.g.
com.google.api.key.localhost:1800 or the Drupal Realm if the maps are being injected into a Drupal
site (e.g. com.google.api.key.drupal-site).
If your CoovaRADIUS administration interface is available using multiple URLs, then repeat the API key
generation and configuration process for each hostname that will be used.
10.2

Geo Coordinate Administration

For each network you wish to use maps with, start out by positioning the center of the network.
CoovaRADIUS will use the network center as the default position when showing maps of access points.

c 2010 Coova Technologies, LLC


Page 58 of 84

CoovaRADIUS Server

To jump to a location, enter in the address of the location in the search field and click find. Move the marker
to the exact location and you will see the coordinates get automatically filled in to the form. Once the position
is correct, be sure to click Save.

c 2010 Coova Technologies, LLC


Page 59 of 84

CoovaRADIUS Server
Once the network center is set, go and adjust the location of each access point. In a similar fashion, move the
marker to the exact location of the access point, click Save when done.

c 2010 Coova Technologies, LLC


Page 60 of 84

CoovaRADIUS Server
10.3

Administration in Drupal

Maps can also be used in the embedded Drupal user interfaces.

Set the center of the network and default zoom level, as shown above.

c 2010 Coova Technologies, LLC


Page 61 of 84

CoovaRADIUS Server
Adjust the position of each access point, click on Save when done.

c 2010 Coova Technologies, LLC


Page 62 of 84

CoovaRADIUS Server
10.4

Public Map in Drupal

Exposing a public map to the public can be done easily by embedding the CoovaRADIUS interface directly
into a Drupal web page.

The above map is generated using the folloing Drupal page content, using PHP code as the Input format:
<?php
echo ewt_div(drupal-my-network-map, , "{ }");
?>
10.5

Map Info Window

The contents of the map info popup window can be changed on a network or access point basis. The default
content shows the network name and access point name.

c 2010 Coova Technologies, LLC


Page 63 of 84

CoovaRADIUS Server

To change it, add an entry in the Named Values configuration with the key name com.coova.map.APInfo. If
there is an entry with that key name associated with the specific network and access point, then the value is
c 2010 Coova Technologies, LLC

Page 64 of 84

CoovaRADIUS Server
used for the popup window content. Add an entry just associated with a network (leaving the access point on
none) and the value will be used for all access points that otherwise dont have a specific entry.

c 2010 Coova Technologies, LLC


Page 65 of 84

CoovaRADIUS Server
11
11.1

Licensing
Coova Software License

Coova Technologies, LLC


SOFTWARE LICENSE AGREEMENT
NOTE: THIS AGREEMENT WILL ONLY APPLY TO THE EXTENT THAT NO
BINDING AGREEMENT, WRITTEN OR ELECTRONIC, (THE "OTHER AGREEMENT") IS
ALREADY IN PLACE BETWEEN CUSTOMER (DEFINED BELOW) AND COOVA
TECHNOLOGIES, LLC. PERTAINING TO THE SOFTWARE PRODUCT TO WHICH THIS
AGREEMENT APPLIES. TO THE EXTENT THAT ANY OTHER AGREEMENT IS IN
EFFECT, THEN SUCH OTHER AGREEMENT WILL GOVERN CUSTOMERS DOWNLOAD AND
USE OF THE SOLUTION AND RECEIPT OF PROFESSIONAL SERVICES AND THIS
AGREEMENT WILL NOT APPLY EVEN IF YOU ARE REQUIRED TO CLICK THE BOX
AFFIRMING YOUR CONSENT TO THE TERMS OF THIS AGREEMENT.
BY COMPLETING THE ONLINE REGISTRATION FORM AND CLICKING THE "I
AGREE" BUTTON, YOU SUBMIT TO COOVA TECHNOLOGIES, LLC., A CALIFORNIA
LIMITED LIABILITY COMPANY ("WE" OR "COOVA"), AN OFFER TO OBTAIN THE
RIGHT TO USE THE SOLUTION AND RECEIVE ROFESSIONAL SERVICES (AS DEFINED
BELOW) UNDER THE PROVISIONS OF THIS LICENSE AND PROFESSIONAL SERVICES
AGREEMENT (THE "AGREEMENT").
BY CLICKING THE "I AGREE" BUTTON, YOU HEREBY AGREE THAT YOU HAVE
THE REQUISITE AUTHORITY, POWER AND RIGHT TO FULLY BIND THE PERSON
AND/OR ENTITIE(S) (COLLECTIVELY, THE "CUSTOMER") WISHING TO USE THE
SOLUTION LISTED ON THE ORDER CONFIRMATION PAGE, PRICING SCHEDULE,
QUOTE AND/OR INVOICE (EACH AN "PURCHASE ORDER") WHICH COOVA PROVIDES
TO CUSTOMER IN CONNECTION WITH THE PURCHASE OF LICENSES TO THE
SOLUTION AND RECEIPT OF PROFESSIONAL SERVICES DESCRIBED BELOW. THE
TERMS OF EACH ORDERING DOCUMENT WILL SET FORTH THE SPECIFIC TERMS OF
THE ORDER BUT ALL APPLICABLE TERMS AND CONDITIONS BELOW SHALL
APPLY.
IF YOU DO NOT HAVE THE AUTHORITY TO BIND THE CUSTOMER OR YOU OR THE
CUSTOMER DO NOT AGREE TO ANY OF THE TERMS BELOW, COOVA IS UNWILLING TO
PROVIDE THE SOLUTION OR PROFESSIONAL SERVICES TO THE CUSTOMER, AND YOU
SHOULD NOT CLICK TO ACCEPT THE TERMS OF THIS AGREEMENT AND YOU SHOULD
DISCONTINUE THE ORDER, DOWNLOAD AND/OR INSTALLATION PROCESS AND NOT
REQUEST ANY PROFESSIONAL SERVICES OR SUPPORT.
1.0 Ordering
The Purchase Order will specify the Coova standard software product
offering ("Base Software"), any Modules or Feature Upgrades (each as
defined below) that Customer is licensing, the number of production
c 2010 Coova Technologies, LLC

Page 66 of 84

CoovaRADIUS Server
server instances, the number of RADIUS shared secrets and the shared
secrets themselves, any consulting, configuration, customization or
other professional services ("Professional Services") and all other
necessary information. The Base Software and any Modules and/or
Feature Upgrades acquired by Customer pursuant to an Purchase Order
are collectively referred to as the "Solution". All Purchase Orders
are incorporated herein by reference. Following Coovas acceptance
of each Order Document and Customers payment of any initial fees
(as described in Section 12.0 below) due under such Purchase Order,
Coova will make the Solution available to Customer for download
using a password protected account on Coovas website or an
pre-authorized URL to an Amazon S3 storage location. Coova may make
available to Customer certain optional functionality or services
which may be provided as either an update or upgrade to the Base
Software ("Feature Upgrade") or a separate stand-alone module
("Module"). Certain Feature Upgrades and Modules may require that
the Customer agree to certain restrictions provided by Coova in
advance which are in addition to the terms and conditions of this
Agreement. Any additional or separate pricing associated with
Feature Upgrades or Modules will be as set forth on the Purchase
Order or otherwise agreed to by the parties in writing.
2.0 Solution, License Grants and Restrictions
2.1 License Grants
Subject to the terms of this Agreement and during the applicable
license term, Coova grants to Customer a limited, worldwide,
non-exclusive, non-transferable license, without sublicense
rights, to (a) unless otherwise expressly set forth within the
Purchase Order, to install a single instance of the Solution in
one (1) production environment and permit in accordance with the
authorized license implementation set forth on the Purchase Order
(as further described in Section 2.3 below), (b) if permitted by
Coova in its sole discretion, install and use the portions of the
Solution made available in source code format for internal testing
purposes and to create modifications ("Customer Modification") to
the Solution solely for purposes of developing bug fixes,
customizations, or additional features pertaining to the Solution
(and no other product or service), and (c) use and make a
reasonable number of copies of any descriptions, instructions, or
other documentation made available in connection with the
Solution, if any ("Documentation"). Certain Modules are provided
on a hosted basis and, in such instances, Customer will not
install the Module but rather will access the Module via the
functionality of the Base Solution. Coova takes no responsibility
for and neither makes nor gives any guarantees, conditions or
c 2010 Coova Technologies, LLC

Page 67 of 84

CoovaRADIUS Server
warranties with respect to any Customer Modifications or the
Solutions interoperability with such Customer Modifications.
Customer grants to Coova and its licensees a perpetual,
irrevocable, worldwide, royalty-free, sublicenseable license under
Customers intellectual property rights to use and otherwise
exploit all Customer Modifications. The term of each license to
the Solution purchased by Customer will commence on the date that
Customer first receives access to the Solution and will continue
for the period set forth on the Purchase Order. Upon expiration,
the license term will automatically renew for successive terms of
one (1) year each at the then current fees unless either party
provides written notice of non-renewal at least thirty (30) days
prior to the end of the then current term. The license term for
subsequently purchased licenses will be pro-rated so that all
pre-existing and newly acquired licenses are coterminous.
2.2 License Restrictions
Except as otherwise expressly permitted under this Agreement,
Customer agrees not to: (a) reverse engineer or otherwise attempt
to discover the source code of or trade secrets embodied in the
Solution or any portion thereof; (b) distribute, transfer, grant
sublicenses to, or otherwise make available the Solution or
Customer Modifications (or any portion thereof) to third parties,
including, but not limited to, making such Solution or Customer
Modifications available (i) through resellers or other
distributors, or (ii) as an application service provider, service
bureau, or rental source; (c) embed or incorporate in any manner
the Solution or Customer Modifications (or any element thereof)
into other applications of Customer or third parties; (d) create
modifications to or derivative works of the Solution; (e)
reproduce the Solution except that Customer may make up to two
archival copies of the Solution solely for backup purposes; (f)
attempt or permit any third party to attempt to modify, alter, or
circumvent the license control and protection mechanisms within
the Solution; (g) use or transmit the Solution in violation of any
applicable law, rule or regulation, including any export/import
laws, (h) in any way access, use, or copy any portion of the
Solution code (including the logic and/or architecture thereof and
any trade secrets included therein) to directly or indirectly
develop, promote, distribute, sell or support any product or
service that is competitive with the Solution or (i) remove,
obscure or alter any copyright notices or any name, trademark,
service mark, hyperlink or other designation of Coova displayed on
any display screen within the Solution (Coova Marks).
Customer shall not permit any third party to perform any of the
foregoing actions and shall be responsible for all damages and
c 2010 Coova Technologies, LLC

Page 68 of 84

CoovaRADIUS Server
liabilities incurred as a result of such actions. The Solution is
a "commercial item," as that term is defined at 48 C.F.R. 2.101
(OCT 1995), and more specifically is "commercial computer
software" and "commercial computer software documentation,d" as
such terms are used in 48 C.F.R. 12.212 (SEPT 1995). Consistent
with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4
(JUNE 1995), the Solution is provided to U.S. Government End Users
(i) only as a commercial end item and (ii) with only those rights
as are granted to all other end users pursuant to the terms and
conditions herein.
2.3 License Implementation Types
Except with respect to the Modules, which shall be licensed
pursuant to the specific terms related to such Module set forth on
the relevant Purchase Order, such Purchase Order will designate
which of the following Solution license implementation types the
Customer will receive: (a) Single Network: Customer may use the
solution for a single network, using a single RADIUS shared
secret, and on a single production server; and (b) Service
Provider License: Under this licensing scheme, Customer may use
solution with unlimited RADIUS shared secrets on the number of
production servers as specified in the Purchase Order.
2.4 Bankruptcy
All licenses granted pursuant to this Agreement are, for purposes
of Section 365(n) of the U.S. Bankruptcy Code, deemed to be
licenses of rights to "intellectual property" as defined under
Section 101 of the U.S. Bankruptcy Code. In any bankruptcy or
insolvency proceeding involving Coova, Customer, as licensee of
such rights, will retain and fully exercise all of its rights and
elections under the U.S. Bankruptcy Code, which will apply
notwithstanding conflict of law principles.
3.0 Support and Maintenance
Solution support and maintenance services ("Support Services") may
be ordered at the "Standard" or "Premium" level. Pricing for such
Support Services will be set forth on the Purchase Order; provided,
however, that Standard Support Services shall be provided in
connection with each subscription license for no additional cost.
The terms of Standard and Premium Support Services can be found on
Coovas website along with additional support-related terms which
are incorporated herein by reference.
4.0 Professional Services
c 2010 Coova Technologies, LLC

Page 69 of 84

CoovaRADIUS Server

If indicated in an Order Form, Coova will perform Professional


Services. The particulars of each Professional Services engagement
will be as set forth in one or more statements of work (each an
"SOW") entered into by the parties. Customer will provide all
assistance reasonably requested by Coova in connection with the
Professional Services. Coova will retain all right, title and
interest in and to all deliverables (including any and all
intellectual, property rights therein) provided under each SOW
("Deliverables") except to the extent that they contain any
information that Customer can document is its proprietary and
confidential information. Customers rights to the Deliverables
shall be the same as Customers rights to the Solution.
5.0 Publicity
During the Term of this Agreement, Customer hereby agrees that Coova
shall have the right, but not the obligation, to include Customers
name and logo as a customer who uses the Solution on the Coova
website and in other materials promoting the Solution.
6.0 Proprietary Rights
As between the parties, Coova will retain all ownership rights in
and to the Coova Marks, the Solution (including any optional
functionality), the Documentation, Deliverables, all updates and
upgrades provided as part of Support Services and other derivative
works of the Solution and/or Documentation that are provided by
Coova, and all intellectual property rights incorporated into or
related to the foregoing. Customer acknowledges that the goodwill
associated with the Coova Marks belongs exclusively to Coova and,
upon request, Customer will modify or cease its use of any Coova
Marks. All rights not expressly licensed by Coova under this
Agreement are reserved.
7.0 Warranties and Disclaimer
7.1 Warranties
Each of the parties represents and warrants that it has all
necessary corporate power and authority to enter into and perform
its obligations under this Agreement. To Coovas knowledge, the
use by Customer of the Solution (exclusive of any third party or
open source materials included therein) when and as provided under
this Agreement does not misappropriate or infringe any
U.S. copyrights or U.S. trade secrets of any third party.

c 2010 Coova Technologies, LLC


Page 70 of 84

CoovaRADIUS Server
7.2 Disclaimer
The express warranties in Section 7.1 are the exclusive warranties
offered by Coova and all other conditions and warranties,
including, without limitation, any conditions or warranties of
fitness for a particular purpose, non-infringement, accuracy,
quiet enjoyment, title, merchantability and those that arise from
any course of dealing or course of performance are hereby
disclaimed. Coova does not warrant that Customers use the
Solution will be uninterrupted or error-free, that errors will be
corrected or that it will be free of viruses or other harmful
components. The Solution (including all components thereof), the
Support Services, the Professional Services and all Deliverables
are provided "as is" and without warranty of any kind.
8.0 Indemnification
Each party will indemnify, defend, and hold the other harmless from
and against any and all liabilities, damages, losses, claims, costs,
and expenses (including attorneys fees) arising out of or resulting
from any violation of such parties representations and warranties
set forth in Section 7.1 above. In the event of any third party
action, suit, proceeding or investigation for which indemnification
is sought (the "Proceeding"), the other party shall promptly notify
the indemnifying party, provided that any failure to so notify the
indemnifying party will not relieve the indemnifying party from any
liability or obligation which it may have to any indemnified person
except to the extent of any material prejudice to the indemnifying
party resulting from such failure. If any such Proceeding is
brought against an indemnified person, the indemnifying party will
be entitled to assume and control the defense thereof. Each
indemnified person will be obligated to cooperate reasonably with
the indemnifying party, at the expense of the indemnifying party, in
connection with such defense and the compromise or settlement of any
such Proceeding. The foregoing indemnification shall not apply to
the extent that any action by the indemnified party gives rise to or
otherwise enhances any such claim.
9.0 Limitations on Liability
To the extent permitted by law, in no event shall Coova be liable to
Customer, users or to any third party in connection with this
Agreement, including the Solution, Support Services and intellectual
property provided hereunder, whether under theory of contract, tort
or otherwise, for (A) any indirect, incidental, punitive,
consequential, or special damages (including any damage to business
reputation, lost profits or lost data), whether foreseeable or not
c 2010 Coova Technologies, LLC

Page 71 of 84

CoovaRADIUS Server
and whether Coova is advised of the possibility of such damages or
(b) any amounts in excess of the total of the Fees actually paid and
the fees payable to Coova by Customer under this Agreement during
the one (1) year period prior to the date that such liability first
arises.</p>
10.0 Confidentiality
The Solution and all trade secret information incorporated therein
or derived, directly or indirectly, therefrom are confidential
information of Coova. Customer shall keep in confidence and trust
and not disclose or disseminate, or permit any employee, agent or
other party working under Customers direction to disclose or
disseminate, the substance of any such confidential information of
Coova.&nbsp; The commitments in this Agreement will not impose any
obligations on Customer with respect to any portion of the received
information which, as evidenced by independent documentation: (a) is
now generally known or available or which hereafter, through no act
or failure to act on Customers part, becomes generally known or
available; or (b) is rightfully known to Customer at the time of
receiving such information. Customer acknowledges that monetary
damages may not be a sufficient remedy for unauthorized disclosure
or use of Coovas confidential information and that Coova may seek,
without waiving any other rights or remedies, such injunctive or
equitable relief as may be deemed proper by a court of competent
jurisdiction.
11.0 Term, Termination and Effect
This Agreement shall continue in effect until terminated as set
forth herein. The applicable license term for each license
purchased will be as set forth in the applicable Purchase Order.<i>
</i>This Agreement may be terminated by either party if the other
party materially breaches this Agreement and does not cure the
breach within thirty (30) days after receiving written notice
thereof from the non-breaching party (except that such cure period
shall be five (5) days for breaches of Sections 2 or 12).
Additionally, a particular Purchase Order may be terminated by Coova
in the event that Customer fails to pay applicable fees when due.
Upon any termination of this Agreement, without prejudice to any
other rights or remedies which the parties may have, (a) all rights
licensed and obligations required hereunder shall immediately cease;
provided that Sections 2.2, 6.0, 8.0 though 11.0 and 14.0 shall
survive termination, (b) Customer will promptly delete and destroy
all instances of the Solution in its possession or control (if any),
and (c) Customer shall pay to Coova any outstanding fees that have
accrued prior to the date of termination.
c 2010 Coova Technologies, LLC

Page 72 of 84

CoovaRADIUS Server

12.0 Fees and Payment


Subject to the terms and conditions below, all fees for the Solution
licenses, Professional Services and/or Support Services will be set
forth on the applicable Purchase Order. Unless otherwise agreed to
in writing by the parties, Customer will pay all undisputed fees
owed within thirty (30) days after Coovas issuance of an invoice
pertaining thereto. Payments will be sent to the address included
on the invoice. All amounts payable shall be in the currency of the
United States and specifically exclude (and Customer is responsible
for) any and all applicable sales, use and other taxes, (other than
taxes based on Coovas income). Each party is responsible for its
own expenses under this Agreement.
13.0 Audit
Not more than once each year, Coova will have the right to perform
an audit to verify that Customer is using the Solution in compliance
with this Agreement. That audit will be performed during normal
business hours upon not less than fifteen (15) days prior written
notice to Customer. That audit will be conducted at Coovas sole
cost and expense and will be subject to reasonable security and
access restrictions. Customer will be permitted to have Customer
personnel present during the audit. If an audit conducted under
this Section discloses that Customer has underpaid by more than five
percent (5%) any license Fees payable under this Agreement during
the period covered by the audit, Customer will pay Coova the amount
of that underpayment and, in addition, will reimburse Coovas
reasonable and actual costs for that audit.
14.0 Miscellaneous
The parties are independent contractors with respect to each other,
and nothing in this Agreement shall be construed as creating an
employer-employee relationship, a partnership, agency relationship
or a joint venture between the parties.&nbsp; Each party will be
excused from any delay or failure in performance hereunder, other
than the payment of money, caused by reason of any occurrence or
contingency beyond its reasonable control, including but not limited
to acts of God, earthquake, labor disputes and strikes, riots, war
and governmental requirements. The obligations and rights of the
party so excused will be extended on a day-to-day basis for the
period of time equal to that of the underlying cause of the delay.
This Agreement controls the actions of all party representatives,
officers, agents, employees and associated individuals.&nbsp; The
terms of this Agreement shall be binding on the parties, and all
c 2010 Coova Technologies, LLC

Page 73 of 84

CoovaRADIUS Server
successors to the foregoing. Customer will not assign, transfer or
delegate its rights or obligations under this Agreement (in whole or
in part) without Coovas prior written consent. Any attempted
assignment, transfer or delegation in violation of the foregoing
shall be null and void. All modifications to or waivers of any
terms of this Agreement must be in a writing that is signed by the
parties hereto and expressly references this Agreement.&nbsp; This
Agreement shall be governed by the laws of the State of Oregon,
without regard to Oregon conflict of laws rules. The exclusive
venue and jurisdiction for any and all disputes, claims and
controversies arising from or relating to this Agreement shall be
the state or federal courts located in Multnomah County, Oregon.
Each party waives any objection (on the grounds of lack of
jurisdiction, forum non conveniens or otherwise) to the exercise of
such jurisdiction over it by any such courts. The United Nations
Convention on Contracts for the International Sale of Goods will not
apply to the interpretation or enforcement of this Agreement. In
the event that any provision of this Agreement conflicts with
governing law or if any provision is held to be null, void or
otherwise ineffective or invalid by a court of competent
jurisdiction, (a) such provision shall be deemed to be restated to
reflect as nearly as possible the original intentions of the parties
in accordance with applicable law, and (b) the remaining terms,
provisions, covenants and restrictions of this Agreement shall
remain in full force and effect. No waiver of any breach of any
provision of this Agreement shall constitute a waiver of any prior,
concurrent or subsequent breach of the same or any other provisions
hereof, and no waiver shall be effective unless made in writing and
signed by an authorized representative of the waiving party. This
Agreement includes any applicable Purchase Orders. Collectively the
foregoing constitutes the entire agreement between the parties with
respect to the subject matter hereof and supersedes all prior and
contemporaneous agreements or communications, including, without
limitation, any quotations or proposals submitted by Coova. The
terms on any purchase order or similar document submitted by
Customer to Coova will have no effect and are hereby rejected.All
notices, consents and approvals under this Agreement must be
delivered in writing by courier, by facsimile, or by certified or
registered mail, (postage prepaid and return receipt requested) to
the other party at its main corporate headquarters and sent to the
attention of such partys Chief Executive Officer.

c 2010 Coova Technologies, LLC


Page 74 of 84

CoovaRADIUS Server
11.2

Third Party Licenses

Apache License 2.0

Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
c 2010 Coova Technologies, LLC

Page 75 of 84

CoovaRADIUS Server
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
c 2010 Coova Technologies, LLC

Page 76 of 84

CoovaRADIUS Server
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form
that You distribute, all copyright,
attribution notices from the Source
excluding those notices that do not
the Derivative Works; and

of any Derivative Works


patent, trademark, and
form of the Work,
pertain to any part of

(d) If the Work includes a "NOTICE" text file as part of its


distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
c 2010 Coova Technologies, LLC

Page 77 of 84

CoovaRADIUS Server

6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Dont include
the brackets!) The text should be enclosed in the appropriate
c 2010 Coova Technologies, LLC

Page 78 of 84

CoovaRADIUS Server
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
BSD License
The BSD License
The following is a BSD license template. To generate your own
license, change the values of OWNER, ORGANIZATION and YEAR from
their original values as given here, and substitute your
own. Also, you may optionally omit clause 3 and still be OSD
conformant.
Note: On January 9th, 2008 the OSI Board approved the "Simplified
BSD License" variant used by FreeBSD and others, which omits the
final "no-endorsement" clause and is thus roughly equivalent to
the MIT License.
Historical Note: The original license used on BSD Unix had four
clauses. The advertising clause (the third of four clauses)
required you to acknowledge use of U.C. Berkeley code in your
advertising of any product using that code. It was officially
rescinded by the Director of the Office of Technology Licensing of
the University of California on July 22nd, 1999. He states that
clause 3 is "hereby deleted in its entirety." The four clause
license has not been approved by OSI. The license below does not
contain the advertising clause.
This prelude is not part of the license.
<OWNER> = Regents of the University of California
c 2010 Coova Technologies, LLC

Page 79 of 84

CoovaRADIUS Server
<ORGANIZATION> = University of California, Berkeley
<YEAR> = 1998
In the original BSD license, both occurrences of the phrase "COPYRIGHT
HOLDERS AND CONTRIBUTORS" in the disclaimer read "REGENTS AND
CONTRIBUTORS".
Here is the license template:
Copyright (c) <YEAR>, <OWNER>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
* Neither the name of the <ORGANIZATION> nor the names of its
contributors may be used to endorse or promote products derived
from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS


"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
MIT License
The MIT License
Copyright (c) <year> <copyright holders>

c 2010 Coova Technologies, LLC


Page 80 of 84

CoovaRADIUS Server
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
HSQLDB License
COPYRIGHTS AND LICENSES (based on BSD License)
For work developed by the HSQL Development Group:
Copyright (c) 2001-2010, The HSQL Development Group All rights
reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
Neither the name of the HSQL Development Group nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL HSQL
DEVELOPMENT GROUP, HSQLDB.ORG, OR CONTRIBUTORS BE LIABLE FOR ANY
c 2010 Coova Technologies, LLC

Page 81 of 84

CoovaRADIUS Server
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

For work originally developed by the Hypersonic SQL Group:


Copyright (c) 1995-2000 by the Hypersonic SQL Group.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
Neither the name of the Hypersonic SQL Group nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE HYPERSONIC
SQL GROUP, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
This software consists of voluntary contributions made by many
individuals on behalf of the Hypersonic SQL Group.

c 2010 Coova Technologies, LLC


Page 82 of 84

CoovaRADIUS Server
SLF4J License
Copyright (c) 2004-2008 QOS.ch All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions: The above copyright notice and this
permission notice shall be included in all copies or substantial
portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

c 2010 Coova Technologies, LLC


Page 83 of 84

CoovaRADIUS Server
11.3

Third Party Notices

c 2010 Coova Technologies, LLC


Page 84 of 84