FreeRADIUS Beginner's Guide

By Dirk van der Walt

In Detail

The Open Source pioneers have proved during the past few decades that their code and projects can indeed be more solid and popular than commercial alternatives. With data networks always expanding in size and complexity FreeRADIUS is at the forefront of controlling access to and tracking network usage. Although many vendors have tried to produce better products, FreeRADIUS has proved over time why it is the champion RADIUS server. This book will reveal everything you need to know to get started with using FreeRADIUS.

FreeRADIUS has always been a back-room boy. It's not easy to measure the size or number of deployments world-wide but all indications show that it can outnumber any commercial alternatives available. This essential server is part of ISPs, universities, and many corporate networks, helping to control access and measure usage. It is a solid, flexible, and powerful piece of software, but can be a mystery to a newcomer.

FreeRADIUS Beginner's Guide is a friend of newcomers to RADIUS and FreeRADIUS. It covers the most popular Linux distributions of today, CentOS, SUSE, and Ubuntu, and discusses all the important aspects of FreeRADIUS deployment: Installing, configuring and testing; security concerns and limitations; LDAP and Active Directory integration.

It contains plenty of practical exercises that will help you with everything from installation to the more advanced configurations like LDAP and Active Directory integration. It will help you understand authentication, authorization and accounting in FreeRADIUS. It uses many practical step-by-step examples, which are discussed in detail to lead you to a thorough understanding of the FreeRADIUS server as well as the RADIUS protocol. A quiz at the end of each chapter validates your understanding.

Not only can FreeRADIUS be used to monitor and limit the network usage of individual users; but large deployments are possible with realms and fail-over functionality. FreeRADIUS can work alone or be part of a chain where the server is a proxy for other institution's users forwarding requests to their servers. FreeRADIUS features one of the most versatile and comprehensive Extensible Authentication Protocol (EAP) implementations. EAP is an essential requirement to implement enterprise WiFi security. FreeRADIUS Beginner's Guide covers all of these aspects.

A comprehensive guide to deployment and administration of FreeRADIUS on Linux

Approach

This is a fast-paced Beginner's Guide that will take you step by step through the fundamentals of FreeRADIUS and using it in your live projects. It has been structured in a way that will let you get maximum practical information out of it in setting up your own FreeRADIUS server. It will guide you on all the aspects of FreeRADIUS and do much more to get you all the 'A's right.

Who this book is for

If you are an Internet Service Provider (ISPs) or a network manager who needs to track and control network usage, then this is the book for you.

You need to be familiar with Linux and have a solid understanding of TCP/IP. No previous knowledge of RADIUS or FreeRADIUS is required.

• Language: English
• Publisher: Packt Publishing
• Release date: Sep 8, 2011
• ISBN: 9781849514095

Dirk van der Walt

Dirk van der Walt is an Open Source Software Specialist from Pretoria, South Africa. He is a firm believer in the potential of Open Source software. Being a Linux user for almost 10 years it was love at first boot. From then on Dirk has spent his available time sharing his knowledge with others equally passionate about the freedom and affordability Open Source software gives to the community. In 2003 Dirk started coding with Perl as his language of choice and gave his full attention to functional and aesthetic user interface design. He also compiled an on-line Gtk2-Perl study guide to promote the advancement of Perl on the desktop. As Rich Internet Applications (RIA) became more popular, Dirk added the Dojo toolkit and CakePHP to his skills-set to create an AJAX-style front-end to a FreeRADIUS MySQL database. His latest work is YFi Hotspot Manager. Today YFi Hotspot Manager is used in many localities around the globe. With many contributors to the project it proves just how well the Open Source software model can work.

Book preview

Table of Contents

FreeRADIUS

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Time for action – heading

What just happened?

Pop quiz – heading

Have a go hero – heading

Reader feedback

Customer support

Errata

Piracy

Questions

1. Introduction to AAA and RADIUS

Authentication, Authorization, and Accounting

Authentication

Authorization

Accounting

RADIUS

RADIUS protocol (RFC2865)

The data packet

Code

Identifier

Length

Authenticator

Attributes

Conclusion

AVPs

Type

Length

Value

Vendor-Specific Attributes (VSAs)

Proxying and realms

RADIUS server

RADIUS client

RADIUS accounting (RFC2866)

Operation

Packet format

Acct-Status-Type (Type40)

Acct-Input-Octets (Type42)

Acct-Output-Octets (Type43)

Acct-Session-Id (Type44)

Acct-Session-Time (Type46)

Acct-Terminate-Cause (Type49)

Conclusion

RADIUS extensions

Dynamic Authorization extension (RFC5176)

Disconnect-Message (DM)

Change-of-Authorization Message (CoA)

RADIUS support for EAP (RFC3579)

FreeRADIUS

History

Strengths

Weaknesses

The competition

Summary

Pop quiz – RADIUS knowledge

2. Installation

Before you start

Pre-built binary

Time for action – installing FreeRADIUS

What just happened?

Advantages

Extra packages

Available packages

CentOS

SUSE

Ubuntu

Special considerations

Remember the firewall

CentOS

SUSE

Have a go hero – installing from source

Building from source

Advantages of building packages

CentOS

Time for action – building CentOS RPMs

What just happened?

Installing rpm-build

The source RPM package

The package name

Updating an existing installation

SUSE

Time for action – SUSE: from tarball to RPMs

Adding an OpenSUSE repository

What just happened?

zypper or yast -i

Tweaks done by hand

Ubuntu

Time for action – Ubuntu: from tarball to debs

What just happened?

Installing dpkg-dev

Using build-dep

fakeroot

dpkg-buildpackage

Installing the debs

For those preferring the old school

Installed executables

Running as root or not

Dictionary access for client programs

Ensure proper start-up

Summary

Pop quiz – installation

3. Getting Started with FreeRADIUS

A simple setup

Time for action – configuring FreeRADIUS

What just happened?

Configuring FreeRADIUS

Clients

Sections

Client identification

Shared secret

Message-Authenticator

Nastype

Common errors

Users

Files module

PAP module

Users file

Check items

Reply items

Operators

Substitution

DEFAULT user

Login-Time

Simultaneous-Use

Framed-IP-Address

Radtest

Helping yourself

Installed documentation

Man pages

Time for action – discovering available man pages for FreeRADIUS

dpkg systems

rpm systems

radtest revisited

Radclient

What just happened?

Have a go hero – adding more AVPs to the auth request

Configuration file comments

Pop quiz – clients.conf

Online documentation

Online help

Golden rules

Inside radiusd

Configuration files

Important includes

Libraries and dictionaries

FreeRADIUS-specific AVPs

Running as ...

Listen section

Log files

radiusd

Who was logged in and when?

Who is logged in right now?

Summary

4. Authentication

Authentication protocols

PAP

CHAP

MS-CHAP

FreeRADIUS—authorize before authenticate

Time for action – authenticating a user with FreeRADIUS

What just happened?

Access-Request arrives

Authorization

Authorize set Auth-Type

Authorization in action

Authentication

Post-Auth

Finish

Conclusion

Have a go hero – using other authentication protocols

Storing passwords

Hash formats

Time for action – hashing our password

Crypt-Password

MD5-Password

SMD5-Password

SHA-Password

SSHA-Password

NT-Password or LM-Password

What just happened?

Hash formats and authentication protocols

Other authentication methods

One-time passwords

Certificates

Summary

Pop quiz – authentication

5. Sources of Usernames and Passwords

User stores

System users

Time for action – incorporating Linux system users in FreeRADIUS

Preparing rights

SUSE is different

CentOS

Activating system users

What just happened?

Authorize using the unix module

Authenticating using pap

Tips for including system users

MySQL as a user store

Time for action – incorporating a MySQL database in FreeRADIUS

Installing MySQL

Installing FreeRADIUS's MySQL package

Preparing the database

Configuring FreeRADIUS

Connection information

Including the SQL configuration

Virtual server

Testing the MySQL user store

What just happened?

Advantages of SQL over flat files

Other uses for the SQL database

Duplicate users

The database schema

Groups

Have a go hero – exploring group usage

Using SQL Groups

Controlling the use of groups

Profiles

LDAP as a user store

Time for action – connecting FreeRADIUS to LDAP

Installing slapd

Configuring slapd

CentOS

SUSE

Ubuntu

Adding the radiusProfile schema

Populating the LDAP directory

Installing FreeRADIUS's LDAP package

Configuring the ldap module

Testing the LDAP user store

What just happened?

Binding as a user

Advanced use of LDAP

Have a go hero – explore advanced use of LDAP

Ldap-Group and User-Profile AVP

Reading passwords from LDAP

Active Directory as a user store

Time for action – connecting FreeRADIUS to Active Directory

Installing Samba

Configuring Samba

Joining the domain

CentOS

SUSE

Ubuntu

FreeRADIUS and ntlm_auth

PAP Authentication

MS-CHAP Authentication

Summary

Linux system users

SQL database

LDAP directory

Active Directory

Pop quiz – user stores

6. Accounting

Requirements for this chapter

Basic accounting

Time for action – simulate accounting from an NAS

Files for simulation

Starting a session

Ending a session

Orphan sessions

What just happened?

Independence of accounting

NAS: important AVPs

Acct-Status-Type

Acct-Session-Id

AVPs indicating usage

NAS: included AVPs

FreeRADIUS: pre-accounting section

Realms

Setting Acct-Type

FreeRADIUS: accounting section

Minimising orphan sessions

radwho

radzap

Limiting a user's simultaneous sessions

Time for action – limiting a user's simultaneous sessions

What just happened?

Session section

Problems with orphan sessions

checkrad

Limiting the usage of a user

30 minutes per day in total

How FreeRADIUS can help

Time for action – limiting a user's usage

Activating a daily counter

Terminating the session at a specified time

What just happened?

rlm_counter

Have a go hero – using a single database for various counters

Using rlm_sqlcounter

Resetting the counter

SQL module instance

Special variables inside the query

Empty account records

Counters that reset daily

Counting octets

Housekeeping of accounting data

Web-based tools

Summary

Pop quiz – accounting

7. Authorization

Implementing restrictions

Authorization in FreeRADIUS

Introduction to unlang

Using conditional statements

Time for action – using the if statement in unlang

Obtaining a return code using the if statement

Authorizing a user using the if statement

What just happened?

Module return codes

Keywords in unlang

Have a go hero – other tests using conditional statements

Checking if an attribute exists

Using logical expressions to authenticate a user

Attributes and variables

Attribute lists

Time for action – referencing attributes

Attributes in the if statement

What just happened?

Referencing attributes in a condition

Comparison operators

Attribute manipulation

Variables

Time for action – SQL statements as variables

What just happened?

Time for action – setting default values for variables

What just happened?

Time for action – using command substitution

What just happened?

Time for action – using regular expressions

What just happened?

Practical unlang

Limiting data usage

Time for action – using unlang to create a data counter

Defining custom attributes

32-bit limitation

Using the perl module

reset_time.pl

check_usage.pl

Installing the perl module on CentOS

Updating the dictionary files

The recommended way of updating dictionaries

Preparing the users file

Preparing the SQL database

Adding unlang code to the virtual server

The SUSE and Ubuntu bug

Pre-loading Perl library

Testing the data counter

Clean-up

Summary

Pop quiz – authorization

8. Virtual Servers

Why use virtual servers?

Defining and enabling virtual servers

Time for action – creating two virtual servers

What just happened?

Available sub-sections

Enabling and disabling virtual servers

Using enabled virtual servers

Time for action – using a virtual server

What just happened?

Including a virtual server

Handling Post-Auth-Type correctly

Taking care of Type attributes

Virtual server for happy hour

Time for action – incorporating the Hotspot Happy Hour policy

Enabling the Happy Hour virtual server

Adding the virtual server to a client

What just happened?

Defining clients in SQL

Consolidating an existing setup using a virtual server

Time for action – creating a virtual server for the Computer Science faculty

Consolidation implementation

A named files section

A virtual server for the Computer Science faculty

Incorporating the new virtual server

What just happened?

What about users stored in SQL?

When IP addresses and ports clash

Local listen and client sections

IPv6

Listen section → type directive

Pre-defined virtual servers

Summary

Pop quiz – virtual servers

9. Modules

Installed, available, and missing modules

Time for action – discovering available modules

Locating installed modules

What just happened?

Naming convention

Adding alternative paths

Available modules

Missing modules

Including and configuring a module

Time for action – incorporating expiration and linelog modules

What just happened?

Configuring a module

Using modules

Sections that can contain modules

Using one module with different configurations

Have a go hero – creating multiple instances of a module

What just happened?

Order of modules and return codes

Time for action – investigating the order of modules

Access-Request

Return codes

Some interesting modules

Summary

Pop quiz – modules

10. EAP

EAP basics

EAP components

Authenticator

Supplicant

Backend authentication server

EAP conversation

EAPOL-Start

EAPOL-Packet

Practical EAP

Time for action – testing EAP on FreeRADIUS with JRadius Simulator

Preparing FreeRADIUS

Configuring JRadius Simulator

What just happened?

Configuring the eap module

The user store

EAP on the client

EAP in production

Public Key Infrastructure in brief

Creating a PKI

Time for action – creating a RADIUS PKI for you organization

What just happened?

Why use a PKI?

Adding a CA to the client

Configuring the inner-tunnel virtual server

Time for action – testing authentication on the inner-tunnel virtual server

What just happened?

The difference between inner and outer identities

Have a go hero – using JRadius Simulator to test with two identities

What just happened?

Naming conventions for the outer identity

Disabling unused EAP methods

Time for action – disabling unused EAP methods

What just happened?

Message-Authenticator

Summary

Pop quiz – EAP

11. Dictionaries

Why do we need dictionaries?

Parsing requests

Generating responses

How to include dictionaries

Time for action – including new dictionaries

What just happened?

How FreeRADIUS includes dictionary files

Including your own dictionary files

Including dictionary files already installed

Adding private attributes

Updating an existing dictionary

Time for action – updating the MikroTik dictionary

What just happened?

Finding the latest supported attributes

Location of updated dictionary files

Order of inclusions

Attribute names

Upgrading FreeRADIUS

Format of dictionary files

Notes inside the comments

Vendor definitions

Attributes and values

Name field

Number field

Type field

Optional vendor field

Value definitions

Accessing dictionary files

Summary

Pop quiz – dictionaries

12. Roaming and Proxying

Roaming—an overview

Agreement between an ISP and a Telco

Agreement between two organizations

Realms

Time for action – investigating the default realms in FreeRADIUS

What just happened?

Suffix module

NULL realm

Enabling an instance of the realm module

Defining the NULL realm

Time for action – activating the NULL realm

What just happened?

Stripped-User-Name and realm

LOCAL realm

Actions for a realm

Defining a proper realm

Time for action – defining the realm

What just happened?

Rejecting usernames without a realm

Time for action – rejecting requests without a realm

What just happened?

DEFAULT realm

In closing

Proxying

Time for action – configuring proxying between two organizations

What just happened?

Proxying authentication requests

home_server

home_server_pool

Flow chart of an authentication proxy request

Suffix setting control: Proxy-To-Realm

Pre-proxy section

Post-proxy section

EAP and dynamic VLANs

Have a go hero – testing proxying of EAP authentication

Removing and replacing reply attributes

Time for action – filtering reply attributes returned by a home server

What just happened?

Status of the home servers

Time for action – using the preferred way for status checking

Proxying accounting requests

Time for action – simulating proxied accounting

What just happened?

Flow of an accounting proxy request

Updating accounting records after a server outage

Have a go hero – implementing robust-proxy-accounting functionality

Summary

Pop quiz – roaming and proxying

13. Troubleshooting

Basic principles

FreeRADIUS does not start up

Who's using my port?

Checking the configuration

Finding a missing module or library

Fixing a broken external component

FreeRADIUS refuses to start

FreeRADIUS runs despite the display of an error message

FreeRADIUS only reports a problem when answering a request

Using the startup script

FreeRADIUS is slow

Time for action – performing baseline speed testing

What just happened?

Tuning the performance of FreeRADIUS

Main server

LDAP Module

SQL Module

Redundancy and load-balancing

Things beyond our control

FreeRADIUS dies

Client-related problems

Testing UDP connectivity to a RADIUS server

The control-socket virtual server

Time for action – using the control-socket and raddebug for troubleshooting

CentOS

SUSE

Ubuntu

Using raddebug

What just happened?

Remember the log output

Spotting a mismatched shared secret

Options for raddebug

Raddebug auto termination

If there's no output from raddebug

Authenticating users

Editing the users file

Using raddebug

When passwords change

Password length

EAP problems

The CA certificate

Identify where a problem is located

Problems with proxying

Online resources

Using the mailing list

Summary

Pop quiz – troubleshooting

A. Pop Quiz Answers

Chapter 1

Pop quiz – RADIUS knowledge

Chapter 2

Pop quiz – installation

Chapter 3

Pop quiz – clients.conf

Chapter 4

Pop quiz – authentication

Chapter 5

Pop quiz – user stores

Chapter 6

Pop quiz – accounting

Chapter 7

Pop quiz – authorization

Chapter 8

Pop quiz – virtual servers

Chapter 9

Pop quiz – modules

Chapter 10

Pop quiz – EAP

Chapter 11

Pop quiz – dictionaries

Chapter 12

Pop quiz – roaming and proxying

Chapter 13

Pop quiz – troubleshooting

Index

FreeRADIUS

Beginner's Guide

---

FreeRADIUS

Beginner's Guide

Copyright © 2011 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: September 2011

Production Reference: 1260811

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-849514-08-8

www.packtpub.com

Cover Image by Asher Wishkerman (<a.wishkerman@mpic.de>)

Credits

Author

Dirk van der Walt

Reviewers

Ante Gulam

Atif Razzaq

Acquisition Editor

Chaitanya Apte

Development Editors

Kartikey Pandey

Alina Lewis

Technical Editor

Vanjeet D'souza

Copy Editor

Neha Shetty

Project Coordinator

Srimoyee Ghoshal

Proofreader

Chris Smith

Indexers

Hemangini Bari

Tejal Daruwale

Graphics

Nilesh Mohite

Production Coordinator

Adline Swetha Jesuthas

Cover Work

Adline Swetha Jesuthas

About the Author

Dirk van der Walt is an open source software specialist from Pretoria, South Africa. He is a firm believer in the potential of open source software. Being a Linux user for almost ten years, it was love at first boot. From then on Dirk spent his available time sharing his knowledge with others equally passionate about the freedom and affordability open source software gives to the community.

In 2003, Dirk started coding with Perl as his language of choice and gave his full attention to functional and aesthetic user interface design. He also compiled an online Gtk2-Perl study guide to promote the advancement of Perl on the desktop.

As Rich Internet Applications (RIA) became more popular, Dirk added the Dojo toolkit and CakePHP to his skills set to create an AJAX-style front-end to a FreeRADIUS MySQL database. His latest work is YFi Hotspot Manager. Today YFi Hotspot Manager is used in many localities around the globe. With many contributors to the project it proves just how well the open source software model can work.

I'd like to thank the Lord Jesus for life and light, my wife Petra and daughter Daniélle for all their support and understanding, my brother Karel for his interest and help. I would also like to thank the people involved with the FreeRADIUS project, from the coders to the commenters. Lastly I'd like to thank Packt Publishing for supporting Open Source software the way they do.

About the Reviewers

Ante Gulam is a 26-year-old software and system engineer with more than seven years of working experience in various segments of the IT industry. He has worked as a consultant and system engineer on POSIX-compliant systems (Linux, BSD, SCO, and others), and lately has focused mainly on security, design, and administration of Microsoft-based enterprise solutions. Ante is currently working as a system engineer and software developer, primarily on MS platforms (.NET) in Ri-ing d.o.o., a medium-sized software development company.

Being involved in security for several years Ante gained experience in the development of various security tools based on many different technologies and has written articles and co-edited Phearless Security Ezine actively for the last four years. Presently, he is working on large networking projects and enterprise environments; adopting them for standards like PCI-DSS enables him to stay in touch with security on the enterprise level.

I would like to thank my family, my friends, and my girlfriend for the their patience. Also all the guys from the gn00bz team for all the hours full of fun and knowledge while playing CTF for the past couple of years.

Atif Razzaq holds an MSc degree from Strathclyde University, Glasgow, UK in Communication, Control, and Digital Signal Processing, and a BSc degree in Computer Science from NUCES, Pakistan. After his MSc degree, he started his career as a software engineer in the area of Mobile Application Development in J2ME in Tricastmedia, Glasgow, UK. During this period he also published an article at Java.net titled Getting Started with BlackBerry J2ME Development.

He is currently working as the Development Manager at Terminus Technologies who specializes in telecom billing software development. His responsibilities include the development of the billing system and its integration with other applications both proprietary and open source (Asterisk, FreeSwitch, FreeRADIUS, and others). Prior to joining Terminus Technologies, he worked on telecom billing at Comcerto, Bahrain. He has been working on telecom billing and VoIP/SIP Telephony for about three years.

In his free time, he writes his own blog on different ICT topics available at http://atif-razzaq.blogspot.com. He can be contacted at .

It has been a great experience working on this project. I'd like to thank the whole team working on this project: the author and all members from Packt Publishing. I'd like to thank my family for giving up their share of time which I gave to this project. Finally, I'd thank the Great Lord for everything and then my parents who taught me and made me what I am.

www.PacktPub.com

Support files, eBooks, discount offers, and more

You might want to visit www.PacktPub.com for support files and downloads related to your book.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

http://PacktLib.PacktPub.com

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read, and search across Packt's entire library of books. 

Why Subscribe?

Fully searchable across every book published by Packt

Copy and paste, print and bookmark content

On demand and accessible via web browser

Free Access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.

Preface

FreeRADIUS Beginner's Guide contains plenty of practical exercises that will help you with everything from basic installation to the more advanced configurations like LDAP and Active Directory integration. This book will help you understand authentication, authorization, and accounting in FreeRADIUS using the most popular Linux distributions of today. Larger deployments with realms and fail-over configuration are also covered along with tips. A quiz at the end of each chapter validates your understanding.

What this book covers

The book can be divided into three sections:

Introduction and installation (Chapter 1 to Chapter 3)

AAA functions of FreeRADIUS (Chapter 4 to Chapter 7)

Advanced topics (Chapter 8 to Chapter 13)

Let's see what each chapter deals with:

Chapter 1, Introduction to AAA and RADIUS, introduces FreeRADIUS and the RADIUS protocol. It highlights some key RADIUS concepts, which help the user avoid common misunderstandings.

Chapter 2, Installation, describes how to build and install FreeRADIUS from source on popular Linux distributions. It also covers installing the FreeRADIUS packages included with popular Linux distributions. Ubuntu, SUSE, and CentOS will be used to ensure a wide coverage.

Chapter 3, Getting Started with FreeRADIUS, gives a brief introduction on the various components of FreeRADIUS. It also discusses the process of handling a basic authentication request.

Chapter 4, Authentication, teaches authentication methods and how they work. Extensible Authentication Protocol (EAP) is covered later in a dedicated chapter.

Chapter 5, Sources of Usernames and Passwords, covers various places where username/password combinations can be stored. It shows which modules are involved and how to configure FreeRADIUS to utilize these stores.

Chapter 6, Accounting, discusses the need for accounting and the options available to record accounting data. It also discusses implementing a policy that includes limiting sessions and/or time and/or data.

Chapter 7, Authorization, discusses various aspects of authorization including the use of unlang.

Chapter 8, Virtual Servers, discusses various aspects of virtual servers and where they can potentially be used.

Chapter 9, Modules, discusses the various modules used by FreeRADIUS and how to configure multiple instances of a certain module.

Chapter 10, EAP, a dedicated chapter on EAP, is a one stop for EAP (802.11x and WiFi).

Chapter 11, Dictionaries, introduces dictionaries, which are used to map the names seen and used by an administrator, to the numbers used by the RADIUS protocol.

Chapter 12, Roaming and Proxying, deals with the RADIUS protocol, which allows the proxying of authorization and accounting requests. This makes roaming possible. This chapter covers various aspects of proxying in FreeRADIUS.

Chapter 13, Troubleshooting, works through many common problems, giving examples of what to look for, and how to fix the issue.

What you need for this book

You need to be familiar with Linux and have a solid understanding of TCP/IP. No previous knowledge of RADIUS or FreeRADIUS is required.

To get the most out of the practical exercises you will need a clean install of Ubuntu, SUSE or CentOS

Who this book is for

If you are an Internet Service Provider (ISPs) or a network manager who needs to track and control network usage, then this is the book for you.

Conventions

In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.

Time for action – heading

Action 1

Action 2

Action 3

Instructions often need some extra explanation so that they make sense, so they are followed with:

What just happened?

This heading explains the working of tasks or instructions that you have just completed.

You will also find some other learning aids in the book, including:

Pop quiz – heading

These are short multiple choice questions intended to help you test your own understanding.

Have a go hero – heading

These set practical challenges and give you ideas for experimenting with what you have learned.

Code words in text are shown as follows: The rlm_sqlcounter module allows defining various counters (time or data based) to keep track of a user's usage.

A block of code is set as follows:

if(control:Auth-Type == 'PAP'){

    update reply {

      Reply-Message := '/bin/echo We are using %{control:Auth-Type}'

    }

}

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

if(control:Auth-Type == 'PAP'){

    update reply {

      Reply-Message := '/bin/echo We are using %{control:Auth-Type}'

 

    }

}

Any command-line input or output is written as follows:

INSERT INTO radcheck (username, attribute, op, value) VALUES ('bob', 'Cleartext-Password', ':=', 'passbob');

New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: clicking the Next button moves you to the next screen.

Note

Warnings or important notes appear in a box like this.

Tip

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.

To send us general feedback, simply send an e-mail to <feedback@packtpub.com>, and mention the book title via the subject of your message.

If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or e-mail .

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Note

Downloading the example code for this book

You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.

Piracy

Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at <copyright@packtpub.com> with a link to the suspected pirated