Professional Documents
Culture Documents
www.supinfo.com
Copyright © SUPINFO. All rights reserved
RADIUS
Course objectives
By completing this course, you will:
Course topics
Course’s plan:
Introduction
What’s RADIUS
Introduction
What’s RADIUS
Network protocol that provides.
Authentication
Who are you
Authorization
Is your subscription
valid?
Accounting
Connection time
Doesn’t make decisions
Only provide
information
Introduction
Architecture
Client/Server model
Both talk the RADIUS
protocol (over udp)
Client
Lives on the device
that needs to take a
decision != user
Query the server
Server
Get queries, send
answers
Can chain-up to
LDAP/Kerberos/...
Introduction
RADIUS Protocol
Authentication & Authorization
Client
Request access
Access-Request
Server
Decision/Answer
Access-Accept
Attributes
Access-Reject
Access-Challenge
Direct User-server
Introduction
RADIUS Protocol
Accounting
Dialog between client /
server
Accounting-Request
Accounting-Response
Client
Send statuses
Start
Interim-Updates
Stop
Server
Records
Introduction
A RADIUS Setup
Wired RADIUS implementation
Introduction
Stop-and-think
Stop-and-think
RADIUS can be used by:
Wireless AP
VPN Server
Captive portal
Introduction
Stop-and-think
RADIUS can be used by:
Wireless AP
VPN Server
Captive portal
RADIUS
FreeRADIUS
What’s FreeRADIUS
The most used RADIUS Server
High quality
Fast & Reliable
Scalable
Feature-rich
modular
easily extensible
Ships with
Daemon
Client library
PAM & Apache module
FreeRADIUS
Configuration items
What you want to configure
Which clients can talk to
RADIUS + shared secret
clients.conf
client block
Host/Net
Which users can connect
Default authorization DB
Flat file
users
– usernames /
passwords
FreeRADIUS
Stop-and-think
Stop-and-think
Your RADIUS server must be configured to:
___________
___________
___________
FreeRADIUS
Stop-and-think
Your RADIUS server must be configured to:
___________
Allow connections from the client
___________
Set shared secret
___________
Authorize user credentials
RADIUS
Running FreeRADIUS
Server binary
Use the init script for normal operation
freeradius option
Argument Definitions
Example:
freeradius -X
Running FreeRADIUS
Argument Definitions
Session credentials. Must be valid for the connection
user/passwd
to succeed.
secret Shared secret between the client where radtest runs and the RADIUS server.
Example:
radtest 40793 supinfo localhost 0 supinfo-radius
Running FreeRADIUS
Stop-and-think
Stop-and-think
Secret for 192.168.1.0/24 is foo and secret for
127.0.0.0/8 is bar. You want to radtest to localhost.
Which secret will you use?
___________
Running FreeRADIUS
Stop-and-think
Secret for 192.168.1.0/24 is foo and secret for
127.0.0.0/8 is bar. You want to radtest to localhost.
Which secret will you use?
___________
bar
RADIUS
Course summary
The radtest
FreeRADIUS
The RADIUS tool
configuration
protocol
For more
If you want to go into these subjects more deeply, …
Publications Courses
Cisco CCNA
www.supinfo.com RMLL
www.labo-linux.org FOSDEM
www.freeradius.org Solution Linux
Congratulations
You have successfully completed
the SUPINFO course module n°10
RADIUS
RADIUS
The end