Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
FreeRADIUS Beginner's Guide
FreeRADIUS Beginner's Guide

FreeRADIUS Beginner's Guide: Master authentication, authorization, and accessing your network resources using FreeRADIUS

eBook
S$12.99 S$52.99
Paperback
S$66.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

FreeRADIUS Beginner's Guide

Authentication, Authorization, and Accounting

Users gain access to data networks and network resources through various devices. This happens through a wide range of hardware. Ethernet switches

, Wi-Fi access points, and VPN servers all offer network access.

When these devices are used to control access to a network, for example a Wi-Fi access point with WPA2 Enterprise security implemented or an Ethernet switch with 802.1x (EAP) port-based authentication enabled, they are referred to as a Network Access Server (NAS).

All these devices need to exercise some form of control to ensure proper security and usage. This requirement is commonly described as Authentication, Authorization, and Accounting (AAA). AAA is also sometimes referred to as the Triple A Framework. AAA is a high-level architecture model, which can be used for specific implementations.

AAA is specified through various RFCs. Generic AAA Architecture is specified in RFC 2903. There are also RFCs that cover different AAA aspects.

RADIUS is an acronym for Remote Access Dial In User Service. RADIUS was part of an AAA solution delivered by Livingston Enterprises to Merit Network in 1991. Merit Network is a non-profit Internet provider, which required a creative way to manage dial-in access to various Points-Of-Presence (POPs) across it's network.

The solution supplied by Livingston Enterprises had a central user store used for authentication. This could be used by numerous RAS (dial-in) servers. Authorization and accounting could also be done whereby AAA was satisfied. Another key aspect of the Livingston solution included proxying to allow scaling.

The RADIUS protocol was then subsequently published in 1997 as RFCs, some changes applied, and today we have RFC2865, which covers the RADIUS protocol, and RFC2866, which covers RADIUS accounting. There are also additional RFCs which cover enhancements on certain RADIUS aspects. Having RFCs to work from allows any person or vendor to implement the RADIUS protocol on their equipment or software. This resulted in widespread adoption of the RADIUS protocol to handle AAA on TCP/IP networks. You will find the word RADIUS is used loosely to either mean the RADIUS protocol or the entire RADIUS client/server system. The meaning should be clear from the context in which it is used.

Supporting the RADIUS protocol and standards became the de facto requirement for NAS vendors. RADIUS is used in a wide variety of places, from cellular network providers having millions of users to a small WISP start-up providing the local neighborhood with Internet connectivity to enterprise networks that implement Network Access Control (NAC) using 802.1x to ring fence their network. RADIUS is found in all these places and more!

ISPs and network administrators should be familiar with RADIUS since it is used by various devices that control access to TCP/IP networks. Here are a couple of examples:

The next section will summarize the RADIUS protocol as specified in RFC2865.

This section explores the RADIUS protocol on a technical level as published in RFC2865. RADIUS accounting is excluded. This is published as RFC2866 and explored in its own section.

The RADIUS protocol is a client/server protocol, which makes use of UDP to communicate. Using UDP instead of TCP indicates that communication is not strict on state. A typical flow of data between the client and server consists of a single request from the client followed by a single reply from the server. This makes RADIUS a very lightweight protocol and helps with its efficiency across slow network links.

Before successful communication between the client and server can be established, each has to define a shared secret. This is used to authenticate clients.

RADIUS protocol (RFC2865)

RADIUS packets have a specified format defined in the RFC. Two key components inside a RADIUS packet are:

Let's investigate the composition of a RADIUS datagram.

Knowing the format of a RADIUS packet will greatly assist in understanding the RADIUS protocol. Let us look more closely at the RADIUS packet. We will look at a simple authentication request. A client sends an Access-Request packet to the server. The server answers with an Access-Accept packet to indicate success.

The RADIUS packets shown here are only the payload of a UDP packet. A discussion of the UDP and IP protocols is beyond the scope of this book.

The following screenshot shows the Access-Request packet send from the RADIUS client:

The data packet

The following screenshot shows the RADIUS server responding to this request with an Access-Accept packet:

The data packet

Let's discuss the packets.

AVPs are the workhorse of the RADIUS protocol. AVPs can be categorized as either check or reply attributes. Check attributes are sent from the client to the server. Reply attributes are sent from the server to the client.

Attributes serve as carriers of information between the client and server. They are used by the client to supply information about itself as well as the user connecting through it. They are also used when the server responds to the client. The client can then use this response to control the user's connection based on the AVPs received in the server's response.

The following sections will describe the format of an AVP.

The first octet of the AVP is the type field. The numeric value of this octet is associated with an attribute name so that we humans can also understand. Assignment of these attribute names to numbers is controlled by IANA (http://www.iana.org/). The attribute names are usually descriptive enough to deduce their function, for example User-Name(1), User-Password(2), or NAS-IP-Address(4).

RADIUS also allows extending the protocol; attribute Type 26 (called Vendor-Specific) allows for this. The value of the Vendor-Specific attribute can in turn contain Vendor Specific Attributes (VSAs) which are managed by a vendor.

This section explores the accounting functionality of the RADIUS protocol. Accounting is a means of tracking usage of resources and typically used for billing.

After the initial RFCs defining RADIUS in general and RADIUS accounting, various extensions were proposed to expand RADIUS usage or improve some weaknesses.

There is also an improved RADIUS protocol called Diameter (A word play—twice as good as RADIUS). The uptake of Diameter has been very slow though, and RADIUS still remains the de facto standard for the foreseeable future. A major reason for this is probably the fact that the many enhancements that Diameter was supposed to bring are already covered by the various RADIUS extensions. There is, for instance, the RadSec protocol that transports RADIUS over TCP and TLS. This makes RADIUS scale better in roaming environments.

Although there are more, we will only look at two important extensions likely to be used.

FreeRADIUS is an open source project supplying a very feature-rich implementation of the RADIUS protocol with its various enhancements (http://www.freeradius.org). When people refer to FreeRADIUS, they usually talk about the server software. This is the main component of the software suite included in a FreeRADIUS download.

FreeRADIUS has many strengths, which contributed to its popularity. Let us look at some of them:

This chapter is the introduction and foundation on which we will build that. As a rehash on important points discussed, be sure to know the following facts:

Name

Stands for

Short description

AAA

Authentication, Authorization, and Accounting

The three components required for proper control of access and usage.

NAS

Network Access Server

A device controlling access to the network for example, a VPN server. Acts as the RADIUS client.

AVP

Attribute Value Pair

A three-field component inside a RADIUS packet used to contain a specified field and its data.

VSA

Vendor-Specific Attributes

An extension of the AVP managed by a specific vendor.

This chapter was a FreeRADIUS starter. The main course begins with the next chapter where we'll be installing FreeRADIUS and starting to use it.

Left arrow icon Right arrow icon

Key benefits

  • Step-by-Step instructions for all the main Linux distributions: CentOS, SUSE, and Ubuntu
  • Know the FreeRADIUS components and understand how they interact
  • Integrate FreeRADIUS into an existing environment or blend it into a larger infrastructure
  • Control and track the usage of network resources by using the most popular RADIUS server today

Description

The Open Source pioneers have proved during the past few decades that their code and projects can indeed be more solid and popular than commercial alternatives. With data networks always expanding in size and complexity FreeRADIUS is at the forefront of controlling access to and tracking network usage. Although many vendors have tried to produce better products, FreeRADIUS has proved over time why it is the champion RADIUS server. This book will reveal everything you need to know to get started with using FreeRADIUS. FreeRADIUS has always been a back-room boy. It's not easy to measure the size or number of deployments world-wide but all indications show that it can outnumber any commercial alternatives available. This essential server is part of ISPs, universities, and many corporate networks, helping to control access and measure usage. It is a solid, flexible, and powerful piece of software, but can be a mystery to a newcomer. FreeRADIUS Beginner's Guide is a friend of newcomers to RADIUS and FreeRADIUS. It covers the most popular Linux distributions of today, CentOS, SUSE, and Ubuntu, and discusses all the important aspects of FreeRADIUS deployment: Installing, configuring and testing; security concerns and limitations; LDAP and Active Directory integration. It contains plenty of practical exercises that will help you with everything from installation to the more advanced configurations like LDAP and Active Directory integration. It will help you understand authentication, authorization and accounting in FreeRADIUS. It uses many practical step-by-step examples, which are discussed in detail to lead you to a thorough understanding of the FreeRADIUS server as well as the RADIUS protocol. A quiz at the end of each chapter validates your understanding.Not only can FreeRADIUS be used to monitor and limit the network usage of individual users; but large deployments are possible with realms and fail-over functionality. FreeRADIUS can work alone or be part of a chain where the server is a proxy for other institution's users forwarding requests to their servers. FreeRADIUS features one of the most versatile and comprehensive Extensible Authentication Protocol (EAP) implementations. EAP is an essential requirement to implement enterprise WiFi security. FreeRADIUS Beginner's Guide covers all of these aspects.

Who is this book for?

If you are an Internet Service Provider (ISPs) or a network manager who needs to track and control network usage, then this is the book for you. You need to be familiar with Linux and have a solid understanding of TCP/IP. No previous knowledge of RADIUS or FreeRADIUS is required.

What you will learn

  • Get a solid foundation on the RADIUS protocol and how it works
  • Build the latest FreeRADIUS packages for your Linux distribution using the distribution s package management system
  • Integrate FreeRADIUS into an existing environment by making use of alternative user stores
  • Utilize the powerful unlang language included with FreeRADIUS to control the flow of authorization
  • Manage, track, and limit network usage
  • Discover the available FreeRADIUS help resources and use them to your advantage
  • Implementing EAP especially for enterprise WiFi security
  • Use FreeRADIUS to forward requests to other RADIUS servers (Proxying)
  • Answer requests for other RADIUS servers using FreeRADIUS

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Sep 08, 2011
Length: 344 pages
Edition : 1st
Language : English
ISBN-13 : 9781849514088
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Sep 08, 2011
Length: 344 pages
Edition : 1st
Language : English
ISBN-13 : 9781849514088
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just S$6 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total S$ 230.97
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
S$88.99
FreeRADIUS Beginner's Guide
S$66.99
OpenVPN 2 Cookbook
S$74.99
Total S$ 230.97 Stars icon
Banner background image

Table of Contents

15 Chapters
1. Introduction to AAA and RADIUS Chevron down icon Chevron up icon
2. Installation Chevron down icon Chevron up icon
3. Getting Started with FreeRADIUS Chevron down icon Chevron up icon
4. Authentication Chevron down icon Chevron up icon
5. Sources of Usernames and Passwords Chevron down icon Chevron up icon
6. Accounting Chevron down icon Chevron up icon
7. Authorization Chevron down icon Chevron up icon
8. Virtual Servers Chevron down icon Chevron up icon
9. Modules Chevron down icon Chevron up icon
10. EAP Chevron down icon Chevron up icon
11. Dictionaries Chevron down icon Chevron up icon
12. Roaming and Proxying Chevron down icon Chevron up icon
13. Troubleshooting Chevron down icon Chevron up icon
A. Pop Quiz Answers Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.4
(10 Ratings)
5 star 50%
4 star 40%
3 star 10%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Diego Oct 15, 2012
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book covers how to configure the freeradius server in a really easy way, in the ubuntu authentification there are some little changes that must be done for it to work but nothing a regular ubuntu user can't solve.
Amazon Verified review Amazon
Jessica Campbell Nov 12, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great general overview of the Ins and Outs of FreeRADIUS - this book has been very helpful in my FreeRADIUS setup
Amazon Verified review Amazon
ArtFan Mar 11, 2016
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Although this book deals with Freeradius-2.x, the vast majority of it is also applicable to 3.0 and even for those pieces that have changed you will be able to figure it out with the knowledge you get from the book. Which means that if you need to learn how to administer recent versions, this book works. It explains how the radius protocol works, how freeradius implements it, and the various pieces and moving parts, what they do, how to make use of them. It explains this in a practical manner, as a tutorial with exercises, that starts from the ground and builds piece-by-piece so that you acquire a solid understanding. The author explains things in clear, effective language. You learn without being distracted by unnecessary jargon or irrelevant topics. The reason I got the book was because I needed such a tutorial and was unable to find something similar online. And I'm glad I did, it gave me what I needed.
Amazon Verified review Amazon
Stefan Winter Nov 03, 2011
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The book "'FreeRADIUS Beginner's Guide -' Manage your network resources with FreeRADIUS"' by Dirk van der Walt has set itself a bold goal: to transform an ordinary Unix/Linux system administrator from a 'Zero' to a 'Hero' in the topic of Authentication, Authorisation and Accounting with FreeRADIUS. The book is in a very modest price range and available in traditional printed and also an eBook version.From my own experience, getting in first contact with the RADIUS protocol in general and FreeRADIUS in particular can be a dreadful exercise: there are many complex concepts to grasp and huge configuration files to master; and plenty of opportunity to break things if you touch the configuration without knowing the do's and don'ts. The FreeRADIUS software package has ample documentation in the form of man pages and comments in configuration files. What was sorely missing ' up until now ' was documentation that would take an innocent reader by the hand and show him the wonders of RADIUS without too much confusion.Dirk's book certainly achieves this goal, and more. It dives straight into the matter, touches the RADIUS specification only as much as is needed to understand the software that delivers it. The reader learns how easy it is to get to the 'Hello, world!' equivalent of RADIUS ' the first successful authentication, an Access-Accept packet. From then on, the book builds on the milestones achieved by the reader and adds more and more features and complexity. Near the end of the book, the reader has all the required knowledge to run his own little hotspot, a federated 'single-sign-on domain' based on RADIUS or even be part of a large roaming consortium.Being heavily involved in RADIUS myself, as the lead R&D engineer for the 'eduroam' roaming consortium in Europe, and as lecturer on the topic of Secure Network Admission at the University of Luxembourg, I was amazed how often I found myself thinking 'Right, couldn't have said it better' when the author explained some of the particularly hairy concepts ' EAP with outer identity just being one example.Of course, there are always those few little things everyone likes to do a bit differently; I'm very much a compile-from-source person and was slightly disappointed to read that the author rather encourages his readers to use distribution packages or build their own RPMs/DEBs. Then again, the target audience is starting from zero, and adding "'compile your own"' to the stack of things to learn is probably asked a bit much. Another question of taste is the client to use for testing the more complex authentication mechanisms ' the book uses a GUI client, JRadiusSimulator, while I very much prefer 'eapol_test' from the wpa_supplicant software suite. It can be so nicely scripted and is as flexible as a Swiss army knife ' perfect for Nagios monitoring. In my humble opinion, it would have deserved a significant mention. Lastly, there is a nagging little oversight when it comes to the description of proxying on page 250: Proxying, when done in combination with mutually authenticating EAP methods and with anonymous outer identities doesn't expose usernames nor credentials to the roaming partner. The book doesn't make that aspect overly clear. Then again, peeking at the title, this topic is way advanced and few people will get to a point in their RADIUS life where they would need it.Summarising, I can highly recommend this book as a starter to get into FreeRADIUS. I'm sure the FreeRADIUS users' mailing list would see much less traffic on basic operational and conceptual questions if everyone were to read this book. If you need to get acquainted with FreeRADIUS, do yourself a favour and grab a copy.
Amazon Verified review Amazon
Daniel Jun 05, 2013
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is a great book for starting off with Free Radius with very little understanding of how it functions to begin with.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.