While playing around with SoftEther, one of the authentication options was Radius.
So let's setup a radius server:
# install server
$ apt-get install freeradius -y
# create a user
$ echo 'test Cleartext-Password := "test"' >> /etc/freeradius/users
# no need to add clients, localhost is allowed by default
$ touch /etc/freeradius/clients.conf
# apply the configuration
$ /etc/init.d/freeradius restart
# test a successful login
$ radtest test test localhost 0 testing123
Sending Access-Request of id 138 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "test"
NAS-IP-Address = 10.20.30.40
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=138, length=20
# test an invalid login
$ radtest badtest badtest localhost 0 testing123
Sending Access-Request of id 137 to 127.0.0.1 port 1812
User-Name = "badtest"
User-Password = "badtest"
NAS-IP-Address = 10.20.30.40
NAS-Port = 0
Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=137, length=20
# you can also sniff the traffic to see the requests & replies
$ tcpdump -ni lo port 1812
20:44:44.831310 IP 127.0.0.1.54774 > 127.0.0.1.1812: RADIUS, Access Request (1), id: 0xf4 length: 74
20:44:44.831468 IP 127.0.0.1.1812 > 127.0.0.1.54774: RADIUS, Access Accept (2), id: 0xf4 length: 20
PS: If you really want to use this in a production / enterprise environment, then you should add the mysql support apt-get install freeradius-mysql.