FreeRADIUS Beginner's Guide
I'm a complete newbie to RADIUS, looking to make use of the features of my new "smart" switches and wireless access point to secure my home network, so the title certainly sounds right. Has anyone had a look at this book yet? If so, what are your thoughts? Thanks! -- ======================================================================== Ian Pilcher arequipeno@gmail.com "If you're going to shift my paradigm ... at least buy me dinner first." ========================================================================
sorry I found it... On 9/27/2011 10:19 PM, Marinko Tarlac wrote:
book ?
Can you give me the link please
On 9/27/2011 9:46 PM, Ian Pilcher wrote:
Has anyone had a look at this book yet?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I found it...
its available direct from PACKT publishing or usual places (amazon) have put some quick links here : http://goo.gl/DTdgN alan
On 27 Sep 2011, at 22:44, Alan Buxey wrote:
Hi,
I found it...
its available direct from PACKT publishing or usual places (amazon) have put some quick links here : http://goo.gl/DTdgN
I've flicked through it... I wouldn't bother buying a paper copy, maybe an ebook if you wanted to check it out. -Arran Arran Cudbard-Bell a.cudbardb@freeradius.org Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
Ian Pilcher <arequipeno@gmail.com> wrote:
I'm a complete newbie to RADIUS, looking to make use of the features of my new "smart" switches and wireless access point to secure my home network, so the title certainly sounds right.
Has anyone had a look at this book yet? If so, what are your thoughts?
I am currently reviewing it and hopefully in the next few days will put up my thoughts on it: http://www.digriz.org.uk/review-book-freeradius-beginners-guide The author (Dirk van der Walt) lurks on this mailing list. The content is generally rather good, and aside from a few typos, the book is let only on some relatively *minor* points: * use of vendor specifics (Mikrotik/Coova focus), this is probably is related to the authors day-job :) * unfortunately short EAP section, ignoring session resumption and why particular EAP methods meet particular needs * EAP tests done with JRadius and not eapol_test * rlm_filter coverage is a bit short (less than one page) * debugging/diagnosis is covered *far* too late in the book and then generally not at all. Missing are hints on how to make your life easier as a sysadmin (liberal use of screen+tee, rlm_detail and it would not have gone amiss a network monitoring probe thing) All trivially fixed in a revision two if such a thing comes about. Arguably though, and no doubt quite rightly, my points above probably would be better addressed by a FreeRADIUS *reference* book rather than a beginners guide...so I probably am being mean :) The price is reasonable, and if you are a complete newbie, it will get you on your feet. The book definitely does what it says on the tin and I would give it a 7 out of 10... Cheers -- Alexander Clouter .amongst says: Dibble's First Law of Sociology: Some do, some don't.
Alexander Clouter <alex@digriz.org.uk> wrote:
The content is generally rather good, and aside from a few typos, the book is let only on some relatively *minor* points:
[snipped]
* unfortunately short EAP section, ignoring session resumption and why particular EAP methods meet particular needs * EAP tests done with JRadius and not eapol_test
Okay, I only had gotten to page 200 of 300, a smidgin before the EAP section. The details regarding the particulars of the EAP methods are covered (although session resumption unfortunately is not) and a footnote exists for eapol_test...but I do think a configuration example for eapol_test is far better (especially as it is just wpasupplicant along with all it's documentation; trivial to then use the same config in wpasupplicant). One thing that is a shame is the EAP/(T)TLS/PEAP bits make no mention of certificate *subject* validation...only CA pinning which is a shame. One without the other is generally pointless, you might as well not bother at all :(
The price is reasonable, and if you are a complete newbie, it will get you on your feet. The book definitely does what it says on the tin and I would give it a 7 out of 10...
I'll bump it up to an 8, as the proxying section is rather nice and clear... :) Cheers -- Alexander Clouter .sigmonster says: buzzword, n: The fly in the ointment of computer literacy.
Hi,
I'm a complete newbie to RADIUS, looking to make use of the features of my new "smart" switches and wireless access point to secure my home network, so the title certainly sounds right.
Has anyone had a look at this book yet? If so, what are your thoughts?
I have finally found the time to give it a look, too. Here's my review: Book Review: FreeRADIUS Beginner's Guide The book „FreeRADIUS Beginner's Guide – Manage your network resources with FreeRADIUS“ by Dirk van der Walt has set itself a bold goal: to transform an ordinary Unix/Linux system administrator from a „Zero“ to a „Hero“ in the topic of Authentication, Authorisation and Accounting with FreeRADIUS. The book is in a very modest price range and available in traditional printed and also an eBook version right here: http://www.packtpub.com/freeradius-master-authentication-authorization-acces...
From my own experience, getting in first contact with the RADIUS protocol in general and FreeRADIUS in particular can be a dreadful exercise: there are many complex concepts to grasp and huge configuration files to master; and plenty of opportunity to break things if you touch the configuration without knowing the do's and don'ts. The FreeRADIUS software package has ample documentation in the form of man pages and comments in configuration files. What was sorely missing – up until now – was documentation that would take an innocent reader by the hand and show him the wonders of RADIUS without too much confusion.
Dirk's book certainly achieves this goal, and more. It dives straight into the matter, touches the RADIUS specification only as much as is needed to understand the software that delivers it. The reader learns how easy it is to get to the „Hello, world!“ equivalent of RADIUS – the first successful authentication, an Access-Accept packet. From then on, the book builds on the milestones achieved by the reader and adds more and more features and complexity. Near the end of the book, the reader has all the required knowledge to run his own little hotspot, a federated „single-sign-on domain“ based on RADIUS or even be part of a large roaming consortium. Being heavily involved in RADIUS myself, as the lead R&D engineer for the „eduroam“ roaming consortium in Europe, and as lecturer on the topic of Secure Network Admission at the University of Luxembourg, I was amazed how often I found myself thinking „Right, couldn't have said it better“ when the author explained some of the particularly hairy concepts – EAP with outer identity just being one example. Of course, there are always those few little things everyone likes to do a bit differently; I'm very much a compile-from-source person and was slightly disappointed to read that the author rather encourages his readers to use distribution packages or build their own RPMs/DEBs. Then again, the target audience is starting from zero, and adding “compile your own” to the stack of things to learn is probably asked a bit much. Another question of taste is the client to use for testing the more complex authentication mechanisms – the book uses a GUI client, JRadiusSimulator, while I very much prefer „eapol_test“ from the wpa_supplicant software suite. It can be so nicely scripted and is as flexible as a Swiss army knife – perfect for Nagios monitoring. In my humble opinion, it would have deserved a significant mention. Lastly, there is a nagging little oversight when it comes to the description of proxying on page 250: Proxying, when done in combination with mutually authenticating EAP methods and with anonymous outer identities doesn't expose usernames nor credentials to the roaming partner. The book doesn't make that aspect overly clear. Then again, peeking at the title, this topic is way advanced and few people will get to a point in their RADIUS life where they would need it. Summarising, I can highly recommend this book as a starter to get into FreeRADIUS. I'm sure the FreeRADIUS users' mailing list would see much less traffic on basic operational and conceptual questions if everyone were to read this book. If you need to get acquainted with FreeRADIUS, do yourself a favour and grab a copy. Greetings, Stefan Winter
Hi,
I have finally found the time to give it a look, too. Here's my review:
you beat me :-) here is my review of the publication (summary - we've got a good FreeRADIUS book for beginners and those wanting to get familiar with FreeRADIUS) Book review: FreeRADIUS Beginner's Guide There are quite a few RADIUS books on the market so when I saw a new one entitled "FreeRADIUS Beginner's Guide – Manage your network resources with FreeRADIUS" By Dirk van der Walt, I did ponder about what audience it was aimed at. However, as the UK support for eduroam and the contact point for UK higher/further education RADIUS proxying I thought it best that I read it to see what it offered. So I downloaded the ebook from the Packt publishing page: http://www.packtpub.com/freeradius-master-authentication-authorization-acces... etwork-resources/book?tag=rk/freeradiusbg-abr1/0911 (Printed copies are also available for a reasonable price). Within a couple of hours of starting to read the book I was impressed with the material offered. The author starts off with a brief introduction and then its straight into FreeRADIUS itself. Installing the server by distribution package is covered and how to compile from source...however this mainly focuses on how to install by source package rather than from the main download site - I personally prefer getting the source direct. The author has clearly spent a lot of time using FreeRADIUS for specific tasks - there is quite a lot of Microtik and hotspot accounting material present in the book but that does detract from the overall content. Some functions of FreeRADIUS are not covered in depth with some modules given the light look or ignored, however the book does deliver in its promise of getting a FreeRADIUS newbie to a reasonable knowledge level before the end page. The book is targeted to the current version of FreeRADIUS (version 2) which is refreshing and it also covers and demystifies the built in configuration language 'unlang' - which is also a great starting point. I feel that this book is ideal for any RADIUS administrator who wants to operate FreeRADIUS (experience of the Linux operating system on which you'd run FreeRADIUS is taken for granted) and if an administrator read this book then it would give them a strong grounding in the subject and avoid a lot of beginner errors. Anyone who has read this book is also far less likely to ask trivial questions on the official FreeRADIUS users mailing list. There are a few typos and minor errors in the text - Packt publishing have a good errata system so these errors should be removed from the next edition of the book - but none of them are critical. The author covers useful testing methods - JRADIUSSimulator , which is a useful tool but FreeRADIUS comes with a suite of testing tools and there are alternatives that are well known by people in the sector, such as eapol_test. The small bits of code used in the book are also downloadable from the Packt publishing page for the book which is very useful for the beginner who may not have any scripting ability - nothing worse than everything failing due to a typo when following a tutorial, especially if you are dealing with new concepts. The book mentions eduroam, an international federated authentication system using RADIUS proxying but doesn't go into great detail - but the foundations and grounding for how it operates are well covered within the pages so the final requirements for a site shouldn't be daunting (a bit of 'unlang', some work in the proxy configuration and doing some attribute and dictionary work). Since reading this book I have recommended it to several people in the sector and to a couple of sites that I have done RADIUS consultancy work for. Anyone who uses FreeRADIUS but has never been happy with current books on offer or how the server works should buy a copy of this book. The only thing missing? An 'advanced users' companion book :-) alan
participants (6)
-
Alan Buxey -
Alexander Clouter -
Arran Cudbard-Bell -
Ian Pilcher -
Marinko Tarlac -
Stefan Winter