Scribd Logo
Upload

Welcome to Scribd!

  • 10 - Radius

    Uploaded by

    rida
    5 views28 pages
    RADIUS

    Original Title

    10 - RADIUS

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    RADIUS

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views28 pages

    10 - Radius

    Uploaded by

    rida
    RADIUS

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    RADIUS

    Remote Authentication Dial-In User


    Service

    www.supinfo.com
    Copyright © SUPINFO. All rights reserved
    RADIUS

    Course objectives
    By completing this course, you will:

     Talk about RADIUS. How it


    works? What can you do with it.
     Configure FreeRADIUS. The most
    widely deployed RADIUS server.
     Debug the server. What’s going
    on?
     Use RADIUS to grant access to a
    network. A lab with a router and a
    captive portal.
    RADIUS

    Course topics
    Course’s plan:

     Introduction. What’s RADIUS.


     FreeRADIUS. The world’s most
    popular RADIUS server.
     Running FreeRADIUS. Starting
    and debugging.
    RADIUS

    Introduction

    What’s RADIUS
    Introduction

    What’s RADIUS
    Network protocol that provides.

     Authentication
     Who are you
     Authorization
     Is your subscription
    valid?
     Accounting
     Connection time
     Doesn’t make decisions
     Only provide
    information
    Introduction

    Architecture
    Client/Server model
     Both talk the RADIUS
    protocol (over udp)
     Client
     Lives on the device
    that needs to take a
    decision != user
     Query the server
     Server
     Get queries, send
    answers
     Can chain-up to
    LDAP/Kerberos/...
    Introduction

    RADIUS Protocol
    Authentication & Authorization
     Client
     Request access
     Access-Request
     Server
     Decision/Answer
     Access-Accept
     Attributes
     Access-Reject
     Access-Challenge
     Direct User-server
    Introduction

    RADIUS Protocol
    Accounting
     Dialog between client /
    server
     Accounting-Request
     Accounting-Response
     Client
     Send statuses
     Start
     Interim-Updates
     Stop
     Server
     Records
    Introduction

    A RADIUS Setup
    Wired RADIUS implementation
    Introduction

    Stop-and-think

    Do you have any questions ?


    Introduction

    Stop-and-think
    RADIUS can be used by:

    IEEE 802.1X switch

    Wireless AP

    VPN Server

    Captive portal
    Introduction

    Stop-and-think
    RADIUS can be used by:

    IEEE 802.1X switch

    Wireless AP

    VPN Server

    Captive portal
    RADIUS

    FreeRADIUS

    The world’s most popular RADIUS Server


    FreeRADIUS

    What’s FreeRADIUS
    The most used RADIUS Server
     High quality
     Fast & Reliable
     Scalable
     Feature-rich
     modular
     easily extensible
     Ships with
     Daemon
     Client library
     PAM & Apache module
    FreeRADIUS

    Configuration items
    What you want to configure
     Which clients can talk to
    RADIUS + shared secret
     clients.conf
     client block
     Host/Net
     Which users can connect
     Default authorization DB
     Flat file
     users
    – usernames /
    passwords
    FreeRADIUS

    Stop-and-think

    Do you have any questions ?


    FreeRADIUS

    Stop-and-think
    Your RADIUS server must be configured to:

    ___________
    ___________
    ___________
    FreeRADIUS

    Stop-and-think
    Your RADIUS server must be configured to:

    ___________
    Allow connections from the client

    ___________
    Set shared secret

    ___________
    Authorize user credentials
    RADIUS

    Running FreeRADIUS

    Starting and debugging


    Running FreeRADIUS

    Server binary
    Use the init script for normal operation

    freeradius option

    Argument Definitions

    -s, -f Single process and don’t daemonize. -f don’t fork.

    -x[x] Show debugging information

    -X Debug mode. Same as -sfxx

    Example:
    freeradius -X
    Running FreeRADIUS

    Client debug tool


    Use the init script for normal operation

    radtest user password server 0 secret

    Argument Definitions
    Session credentials. Must be valid for the connection
    user/passwd
    to succeed.

    server The RADIUS server to conect to.

    secret Shared secret between the client where radtest runs and the RADIUS server.

    Example:
    radtest 40793 supinfo localhost 0 supinfo-radius
    Running FreeRADIUS

    Stop-and-think

    Do you have any questions ?


    Running FreeRADIUS

    Stop-and-think
    Secret for 192.168.1.0/24 is foo and secret for
    127.0.0.0/8 is bar. You want to radtest to localhost.
    Which secret will you use?

    ___________
    Running FreeRADIUS

    Stop-and-think
    Secret for 192.168.1.0/24 is foo and secret for
    127.0.0.0/8 is bar. You want to radtest to localhost.
    Which secret will you use?

    ___________
    bar
    RADIUS

    Course summary

    The radtest
    FreeRADIUS
    The RADIUS tool
    configuration
    protocol

    Server and Running RADIUS


    client
    RADIUS

    For more
    If you want to go into these subjects more deeply, …

    Publications Courses
    Cisco CCNA

    Web sites Conferences

    www.supinfo.com RMLL
    www.labo-linux.org FOSDEM
    www.freeradius.org Solution Linux
    Congratulations
    You have successfully completed
    the SUPINFO course module n°10
    RADIUS
    RADIUS

    The end

     Don’t mix up secrets


     Use -X to see what’s going on

    You might also like