FreeRADIUS Beginner's Guide

Manage your network resources with FreeRADIUS.

FreeRADIUS Beginner's Guide

Beginner's Guide
Dirk van der Walt

Manage your network resources with FreeRADIUS.
$10.00
$44.99
RRP $26.99
RRP $44.99
eBook
Print + eBook
$12.99 p/month

Get Access

Get Unlimited Access to every Packt eBook and Video course

Enjoy full and instant access to over 3000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

+ Collection
Free Sample

Book Details

ISBN 139781849514088
Paperback344 pages

About This Book

  • Step-by-Step instructions for all the main Linux distributions: CentOS, SUSE, and Ubuntu
  • Know the FreeRADIUS components and understand how they interact
  • Integrate FreeRADIUS into an existing environment or blend it into a larger infrastructure
  • Control and track the usage of network resources by using the most popular RADIUS server today

Who This Book Is For

If you are an Internet Service Provider (ISPs) or a network manager who needs to track and control network usage, then this is the book for you.

You need to be familiar with Linux and have a solid understanding of TCP/IP. No previous knowledge of RADIUS or FreeRADIUS is required.

Table of Contents

Chapter 1: Introduction to AAA and RADIUS
Authentication, Authorization, and Accounting
RADIUS
FreeRADIUS
Summary
Chapter 2: Installation
Before you start
Pre-built binary
Time for action – installing FreeRADIUS
Building from source
Time for action – building CentOS RPMs
Time for action – SUSE: from tarball to RPMs
Ubuntu
Time for action – Ubuntu: from tarball to debs
Installed executables
Running as root or not
Dictionary access for client programs
Ensure proper start-up
Summary
Chapter 3: Getting Started with FreeRADIUS
A simple setup
Time for action – configuring FreeRADIUS
Helping yourself
Time for action – discovering available man pages for FreeRADIUS
Have a go hero – adding more AVPs to the auth request
Pop quiz – clients.conf
Online documentation
Online help
Golden rules
Inside radiusd
Summary
Chapter 4: Authentication
Authentication protocols
FreeRADIUS—authorize before authenticate
Time for action – authenticating a user with FreeRADIUS
Storing passwords
Time for action – hashing our password
Other authentication methods
Summary
Chapter 5: Sources of Usernames and Passwords
User stores
System users
Time for action – incorporating Linux system users in FreeRADIUS
MySQL as a user store
Time for action – incorporating a MySQL database in FreeRADIUS
LDAP as a user store
Time for action – connecting FreeRADIUS to LDAP
Active Directory as a user store
Time for action – connecting FreeRADIUS to Active Directory
Summary
Chapter 6: Accounting
Requirements for this chapter
Basic accounting
Time for action – simulate accounting from an NAS
Limiting a user's simultaneous sessions
Time for action – limiting a user's simultaneous sessions
Limiting the usage of a user
Time for action – limiting a user's usage
Housekeeping of accounting data
Summary
Chapter 7: Authorization
Implementing restrictions
Authorization in FreeRADIUS
Introduction to unlang
Time for action – using the if statement in unlang
Time for action – referencing attributes
Time for action – SQL statements as variables
Time for action – setting default values for variables
Time for action – using command substitution
Time for action – using regular expressions
Practical unlang
Time for action – using unlang to create a data counter
Summary
Chapter 8: Virtual Servers
Why use virtual servers?
Defining and enabling virtual servers
Time for action – creating two virtual servers
Using enabled virtual servers
Time for action – using a virtual server
Virtual server for happy hour
Time for action – incorporating the Hotspot Happy Hour policy
Consolidating an existing setup using a virtual server
Time for action – creating a virtual server for the Computer Science faculty
Pre-defined virtual servers
Summary
Chapter 9: Modules
Installed, available, and missing modules
Time for action – discovering available modules
Including and configuring a module
Time for action – incorporating expiration and linelog modules
Using one module with different configurations
Order of modules and return codes
Time for action – investigating the order of modules
Some interesting modules
Summary
Chapter 10: EAP
EAP basics
Practical EAP
Time for action – testing EAP on FreeRADIUS with JRadius Simulator
EAP in production
Time for action – creating a RADIUS PKI for you organization
Time for action – testing authentication on the inner-tunnel virtual server
Time for action – disabling unused EAP methods
Summary
Chapter 11: Dictionaries
Why do we need dictionaries?
How to include dictionaries
Time for action – including new dictionaries
How FreeRADIUS includes dictionary files
Time for action – updating the MikroTik dictionary
Format of dictionary files
Summary
Chapter 12: Roaming and Proxying
Roaming—an overview
Realms
Time for action – investigating the default realms in FreeRADIUS
Time for action – activating the NULL realm
Time for action – defining the realm
Time for action – rejecting requests without a realm
Proxying
Time for action – configuring proxying between two organizations
Have a go hero – testing proxying of EAP authentication
Time for action – filtering reply attributes returned by a home server
Time for action – using the preferred way for status checking
Time for action – simulating proxied accounting
Summary
Chapter 13: Troubleshooting
Basic principles
FreeRADIUS does not start up
FreeRADIUS is slow
Time for action – performing baseline speed testing
FreeRADIUS dies
Client-related problems
Time for action – using the control-socket and raddebug for troubleshooting
Authenticating users
Problems with proxying
Online resources
Using the mailing list
Summary

What You Will Learn

  • Get a solid foundation on the RADIUS protocol and how it works
  • Build the latest FreeRADIUS packages for your Linux distribution using the distribution's package management system
  • Integrate FreeRADIUS into an existing environment by making use of alternative user stores
  • Utilize the powerful unlang language included with FreeRADIUS to control the flow of authorization
  • Manage, track, and limit network usage
  • Discover the available FreeRADIUS help resources and use them to your advantage
  • Implementing EAP especially for enterprise WiFi security
  • Use FreeRADIUS to forward requests to other RADIUS servers (Proxying)
  • Answer requests for other RADIUS servers using FreeRADIUS

In Detail

The Open Source pioneers have proved during the past few decades that their code and projects can indeed be more solid and popular than commercial alternatives. With data networks always expanding in size and complexity FreeRADIUS is at the forefront of controlling access to and tracking network usage. Although many vendors have tried to produce better products, FreeRADIUS has proved over time why it is the champion RADIUS server. This book will reveal everything you need to know to get started with using FreeRADIUS.

FreeRADIUS has always been a back-room boy. It's not easy to measure the size or number of deployments world-wide but all indications show that it can outnumber any commercial alternatives available. This essential server is part of ISPs, universities, and many corporate networks, helping to control access and measure usage. It is a solid, flexible, and powerful piece of software, but can be a mystery to a newcomer.

FreeRADIUS Beginner's Guide is a friend of newcomers to RADIUS and FreeRADIUS. It covers the most popular Linux distributions of today, CentOS, SUSE, and Ubuntu, and discusses all the important aspects of FreeRADIUS deployment: Installing, configuring and testing; security concerns and limitations; LDAP and Active Directory integration.

It contains plenty of practical exercises that will help you with everything from installation to the more advanced configurations like LDAP and Active Directory integration. It will help you understand authentication, authorization and accounting in FreeRADIUS. It uses many practical step-by-step examples, which are discussed in detail to lead you to a thorough understanding of the FreeRADIUS server as well as the RADIUS protocol. A quiz at the end of each chapter validates your understanding.

Not only can FreeRADIUS be used to monitor and limit the network usage of individual users; but large deployments are possible with realms and fail-over functionality. FreeRADIUS can work alone or be part of a chain where the server is a proxy for other institution's users forwarding requests to their servers. FreeRADIUS features one of the most versatile and comprehensive Extensible Authentication Protocol (EAP) implementations. EAP is an essential requirement to implement enterprise WiFi security. FreeRADIUS Beginner's Guide covers all of these aspects.

Authors

Table of Contents

Chapter 1: Introduction to AAA and RADIUS
Authentication, Authorization, and Accounting
RADIUS
FreeRADIUS
Summary
Chapter 2: Installation
Before you start
Pre-built binary
Time for action – installing FreeRADIUS
Building from source
Time for action – building CentOS RPMs
Time for action – SUSE: from tarball to RPMs
Ubuntu
Time for action – Ubuntu: from tarball to debs
Installed executables
Running as root or not
Dictionary access for client programs
Ensure proper start-up
Summary
Chapter 3: Getting Started with FreeRADIUS
A simple setup
Time for action – configuring FreeRADIUS
Helping yourself
Time for action – discovering available man pages for FreeRADIUS
Have a go hero – adding more AVPs to the auth request
Pop quiz – clients.conf
Online documentation
Online help
Golden rules
Inside radiusd
Summary
Chapter 4: Authentication
Authentication protocols
FreeRADIUS—authorize before authenticate
Time for action – authenticating a user with FreeRADIUS
Storing passwords
Time for action – hashing our password
Other authentication methods
Summary
Chapter 5: Sources of Usernames and Passwords
User stores
System users
Time for action – incorporating Linux system users in FreeRADIUS
MySQL as a user store
Time for action – incorporating a MySQL database in FreeRADIUS
LDAP as a user store
Time for action – connecting FreeRADIUS to LDAP
Active Directory as a user store
Time for action – connecting FreeRADIUS to Active Directory
Summary
Chapter 6: Accounting
Requirements for this chapter
Basic accounting
Time for action – simulate accounting from an NAS
Limiting a user's simultaneous sessions
Time for action – limiting a user's simultaneous sessions
Limiting the usage of a user
Time for action – limiting a user's usage
Housekeeping of accounting data
Summary
Chapter 7: Authorization
Implementing restrictions
Authorization in FreeRADIUS
Introduction to unlang
Time for action – using the if statement in unlang
Time for action – referencing attributes
Time for action – SQL statements as variables
Time for action – setting default values for variables
Time for action – using command substitution
Time for action – using regular expressions
Practical unlang
Time for action – using unlang to create a data counter
Summary
Chapter 8: Virtual Servers
Why use virtual servers?
Defining and enabling virtual servers
Time for action – creating two virtual servers
Using enabled virtual servers
Time for action – using a virtual server
Virtual server for happy hour
Time for action – incorporating the Hotspot Happy Hour policy
Consolidating an existing setup using a virtual server
Time for action – creating a virtual server for the Computer Science faculty
Pre-defined virtual servers
Summary
Chapter 9: Modules
Installed, available, and missing modules
Time for action – discovering available modules
Including and configuring a module
Time for action – incorporating expiration and linelog modules
Using one module with different configurations
Order of modules and return codes
Time for action – investigating the order of modules
Some interesting modules
Summary
Chapter 10: EAP
EAP basics
Practical EAP
Time for action – testing EAP on FreeRADIUS with JRadius Simulator
EAP in production
Time for action – creating a RADIUS PKI for you organization
Time for action – testing authentication on the inner-tunnel virtual server
Time for action – disabling unused EAP methods
Summary
Chapter 11: Dictionaries
Why do we need dictionaries?
How to include dictionaries
Time for action – including new dictionaries
How FreeRADIUS includes dictionary files
Time for action – updating the MikroTik dictionary
Format of dictionary files
Summary
Chapter 12: Roaming and Proxying
Roaming—an overview
Realms
Time for action – investigating the default realms in FreeRADIUS
Time for action – activating the NULL realm
Time for action – defining the realm
Time for action – rejecting requests without a realm
Proxying
Time for action – configuring proxying between two organizations
Have a go hero – testing proxying of EAP authentication
Time for action – filtering reply attributes returned by a home server
Time for action – using the preferred way for status checking
Time for action – simulating proxied accounting
Summary
Chapter 13: Troubleshooting
Basic principles
FreeRADIUS does not start up
FreeRADIUS is slow
Time for action – performing baseline speed testing
FreeRADIUS dies
Client-related problems
Time for action – using the control-socket and raddebug for troubleshooting
Authenticating users
Problems with proxying
Online resources
Using the mailing list
Summary

Book Details

ISBN 139781849514088
Paperback344 pages
Read More

Recommended for You

Building Telephony Systems with OpenSER
$ 10.00