FreeRADIUS Beginner's Guide

FreeRADIUS Beginner's Guide

Overview of this book

The Open Source pioneers have proved during the past few decades that their code and projects can indeed be more solid and popular than commercial alternatives. With data networks always expanding in size and complexity FreeRADIUS is at the forefront of controlling access to and tracking network usage. Although many vendors have tried to produce better products, FreeRADIUS has proved over time why it is the champion RADIUS server. This book will reveal everything you need to know to get started with using FreeRADIUS. FreeRADIUS has always been a back-room boy. It's not easy to measure the size or number of deployments world-wide but all indications show that it can outnumber any commercial alternatives available. This essential server is part of ISPs, universities, and many corporate networks, helping to control access and measure usage. It is a solid, flexible, and powerful piece of software, but can be a mystery to a newcomer. FreeRADIUS Beginner's Guide is a friend of newcomers to RADIUS and FreeRADIUS. It covers the most popular Linux distributions of today, CentOS, SUSE, and Ubuntu, and discusses all the important aspects of FreeRADIUS deployment: Installing, configuring and testing; security concerns and limitations; LDAP and Active Directory integration. It contains plenty of practical exercises that will help you with everything from installation to the more advanced configurations like LDAP and Active Directory integration. It will help you understand authentication, authorization and accounting in FreeRADIUS. It uses many practical step-by-step examples, which are discussed in detail to lead you to a thorough understanding of the FreeRADIUS server as well as the RADIUS protocol. A quiz at the end of each chapter validates your understanding.Not only can FreeRADIUS be used to monitor and limit the network usage of individual users; but large deployments are possible with realms and fail-over functionality. FreeRADIUS can work alone or be part of a chain where the server is a proxy for other institution's users forwarding requests to their servers. FreeRADIUS features one of the most versatile and comprehensive Extensible Authentication Protocol (EAP) implementations. EAP is an essential requirement to implement enterprise WiFi security. FreeRADIUS Beginner's Guide covers all of these aspects.

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Time for action – heading

Reader feedback

Customer support

Free Chapter

1. Introduction to AAA and RADIUS

Authentication, Authorization, and Accounting

RADIUS

FreeRADIUS

Summary

2. Installation

Before you start

Pre-built binary

Time for action – installing FreeRADIUS

Building from source

Time for action – building CentOS RPMs

Time for action – SUSE: from tarball to RPMs

What just happened?

Ubuntu

Time for action – Ubuntu: from tarball to debs

Installed executables

Running as root or not

Dictionary access for client programs

Ensure proper start-up

Summary

3. Getting Started with FreeRADIUS

A simple setup

Time for action – configuring FreeRADIUS

Helping yourself

Time for action – discovering available man pages for FreeRADIUS

What just happened?

Have a go hero – adding more AVPs to the auth request

Pop quiz – clients.conf

Summary

4. Authentication

Authentication protocols

FreeRADIUS—authorize before authenticate

Time for action – authenticating a user with FreeRADIUS

Storing passwords

Time for action – hashing our password

Other authentication methods

Summary

5. Sources of Usernames and Passwords

User stores

System users

Time for action – incorporating Linux system users in FreeRADIUS

MySQL as a user store

Time for action – incorporating a MySQL database in FreeRADIUS

LDAP as a user store

Time for action – connecting FreeRADIUS to LDAP

Active Directory as a user store

Time for action – connecting FreeRADIUS to Active Directory

Summary

6. Accounting

Requirements for this chapter

Basic accounting

Time for action – simulate accounting from an NAS

Limiting a user's simultaneous sessions

Time for action – limiting a user's simultaneous sessions

Limiting the usage of a user

Time for action – limiting a user's usage

Housekeeping of accounting data

Summary

7. Authorization

Implementing restrictions

Authorization in FreeRADIUS

Introduction to unlang

Time for action – using the if statement in unlang

Time for action – referencing attributes

Time for action – SQL statements as variables

Time for action – setting default values for variables

Time for action – using command substitution

Time for action – using regular expressions

Practical unlang

Time for action – using unlang to create a data counter

Summary

8. Virtual Servers

Why use virtual servers?

Defining and enabling virtual servers

Time for action – creating two virtual servers

Using enabled virtual servers

Time for action – using a virtual server

Virtual server for happy hour

Time for action – incorporating the Hotspot Happy Hour policy

Consolidating an existing setup using a virtual server

Time for action – creating a virtual server for the Computer Science faculty

Pre-defined virtual servers

Summary

9. Modules

Installed, available, and missing modules

Time for action – discovering available modules

Including and configuring a module

Time for action – incorporating expiration and linelog modules

Using one module with different configurations

Order of modules and return codes

Time for action – investigating the order of modules

Some interesting modules

Summary

10. EAP

EAP basics

Practical EAP

Time for action – testing EAP on FreeRADIUS with JRadius Simulator

EAP in production

Time for action – creating a RADIUS PKI for you organization

Time for action – testing authentication on the inner-tunnel virtual server

Time for action – disabling unused EAP methods

Summary

11. Dictionaries

Why do we need dictionaries?

How to include dictionaries

Time for action – including new dictionaries

How FreeRADIUS includes dictionary files

Time for action – updating the MikroTik dictionary

Format of dictionary files

Summary

12. Roaming and Proxying

Roaming—an overview

Realms

Time for action – investigating the default realms in FreeRADIUS

Time for action – activating the NULL realm

Time for action – defining the realm

Time for action – rejecting requests without a realm

Proxying

Time for action – configuring proxying between two organizations

Have a go hero – testing proxying of EAP authentication

Time for action – filtering reply attributes returned by a home server

Time for action – using the preferred way for status checking

Time for action – simulating proxied accounting

Summary

13. Troubleshooting

Basic principles

FreeRADIUS does not start up

FreeRADIUS is slow

Time for action – performing baseline speed testing

FreeRADIUS dies

Client-related problems

Time for action – using the control-socket and raddebug for troubleshooting

Authenticating users

Problems with proxying

Online resources

Using the mailing list

Summary

A. Pop Quiz Answers

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

What this book covers

The book can be divided into three sections:

Introduction and installation (

Chapter 1 to Chapter 3)
AAA functions of FreeRADIUS (Chapter 4 to Chapter 7)
Advanced topics (Chapter 8 to Chapter 13)

Let's see what each chapter deals with:

Chapter 1, Introduction to AAA and RADIUS, introduces FreeRADIUS and the RADIUS protocol. It highlights some key RADIUS concepts, which help the user avoid common misunderstandings.

Chapter 2, Installation, describes how to build and install FreeRADIUS from source on popular Linux distributions. It also covers installing the FreeRADIUS packages included with popular Linux distributions. Ubuntu, SUSE, and CentOS will be used to ensure a wide coverage.

Chapter 3, Getting Started with FreeRADIUS, gives a brief introduction on the various components of FreeRADIUS. It also discusses the process of handling a basic authentication request.

Chapter 4, Authentication, teaches authentication methods and how they work. Extensible Authentication Protocol (EAP) is covered later in a dedicated chapter.

Chapter 5, Sources of Usernames and Passwords, covers various places where username/password combinations can be stored. It shows which modules are involved and how to configure FreeRADIUS to utilize these stores.

Chapter 6, Accounting, discusses the need for accounting and the options available to record accounting data. It also discusses implementing a policy that includes limiting sessions and/or time and/or data.

Chapter 7, Authorization, discusses various aspects of authorization including the use of unlang.

Chapter 8, Virtual Servers, discusses various aspects of virtual servers and where they can potentially be used.

Chapter 9, Modules, discusses the various modules used by FreeRADIUS and how to configure multiple instances of a certain module.

Chapter 10, EAP, a dedicated chapter on EAP, is a one stop for EAP (802.11x and WiFi).

Chapter 11, Dictionaries, introduces dictionaries, which are used to map the names seen and used by an administrator, to the numbers used by the RADIUS protocol.

Chapter 12, Roaming and Proxying, deals with the RADIUS protocol, which allows the proxying of authorization and accounting requests. This makes roaming possible. This chapter covers various aspects of proxying in FreeRADIUS.

Chapter 13, Troubleshooting, works through many common problems, giving examples of what to look for, and how to fix the issue.

FreeRADIUS Beginner's Guide

FreeRADIUS Beginner's Guide

Overview of this book

Related Content you might be interested in

Current Title:

FreeRADIUS Beginner's Guide