Low-cost RADIUS servers for Wi-Fi security

By , Network World |  Mobile & Wireless, wifi, wireless security

There isn't any published hardware requirement for FreeRADIUS, but generally any commodity PC can serve up to a few hundred thousand users. It can run on a variety of platforms in many different operating systems, including Linux (CentOS, Debian, Mandriva, Red Hat, SUSE, Ubuntu), Solaris and FreeBSD. Many OSs have FreeRADIUS binaries in their package repositories, making the installation simple, but they might not be updated with the latest release. In these cases you can build the packages yourself with the FreeRADIUS source code but this can be a challenge, especially for those less experienced with Unix/Linux.

Authentication protocols supported by FreeRADIUS include: PEAP, TTLS, EAP-FAST, EAP-TLS, LEAP, PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP-MS-CHAPv2, EAP-MD5, EAP-GTC, EAP-OTP, EAP-AKA, EAP-GPSK, EAP-PAX, EAP-SAKE, EAP-PSK, EAP-SIM, SecurID and Digest.

FreeRADIUS supports the following databases and data sources: included flat files, Linux accounts (/etc/passwd files), Active Directory and other LDAP directories, SQL and other ODBC compliant data sources, remote RADIUS servers, external shell, Python, Perl scripts, Redis, DBM files, Ruby and Java..

We tested FreeRADIUS in Ubuntu 12.04 LTS on a VMware virtual machine. We installed it via the Ubuntu package, which was FreeRADIUS v2.1.10 instead of the most current v2.2.12. The installation was very simple and only took a few minutes, but can be a very different matter if you must compile from the source code yourself.

Next we followed the documentation on the FreeRADIUS wiki to configure the server, which didn't completely match with our default Ubuntu installation but did put us in the right direction. For instance, it points you to /etc/raddb/ for the configuration files, but ours in Ubuntu was at /etc/freeradius/. The documentation isn't really wrong; file locations differ between the varieties of Unix/Linux distributions. We also noticed some of the documentation is outdated and could use some better organization.

After completing the basic configuration and testing, the wiki wasn't very clear on what to do next to get PEAP authentication working. But we did find help on another site, which is maintained by a FreeRADIUS developer and offers seemingly more up-to-date documentation.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness