FreeRADIUS Beginner's Guide

Stefan Winter stefan.winter at restena.lu
Wed Nov 2 08:15:45 CET 2011


Hi,

> I'm a complete newbie to RADIUS, looking to make use of the features of
> my new "smart" switches and wireless access point to secure my home
> network, so the title certainly sounds right.
>
> Has anyone had a look at this book yet?  If so, what are your thoughts?

I have finally found the time to give it a look, too. Here's my review:


Book Review: FreeRADIUS Beginner's Guide

The book „FreeRADIUS Beginner's Guide – Manage your network resources
with FreeRADIUS“ by Dirk van der Walt has set itself a bold goal: to
transform an ordinary Unix/Linux system administrator from a „Zero“ to a
„Hero“ in the topic of Authentication, Authorisation and Accounting with
FreeRADIUS. The book is in a very modest price range and available in
traditional printed and also an eBook version right here:
http://www.packtpub.com/freeradius-master-authentication-authorization-accessing-your-network-resources/book?tag=rk/freeradiusbg-abr1/0911


>From my own experience, getting in first contact with the RADIUS
protocol in general and FreeRADIUS in particular can be a dreadful
exercise: there are many complex concepts to grasp and huge
configuration files to master; and plenty of opportunity to break things
if you touch the configuration without knowing the do's and don'ts. The
FreeRADIUS software package has ample documentation in the form of man
pages and comments in configuration files. What was sorely missing – up
until now – was documentation that would take an innocent reader by the
hand and show him the wonders of RADIUS without too much confusion.

Dirk's book certainly achieves this goal, and more. It dives straight
into the matter, touches the RADIUS specification only as much as is
needed to understand the software that delivers it. The reader learns
how easy it is to get to the „Hello, world!“ equivalent of RADIUS – the
first successful authentication, an Access-Accept packet. From then on,
the book builds on the milestones achieved by the reader and adds more
and more features and complexity. Near the end of the book, the reader
has all the required knowledge to run his own little hotspot, a
federated „single-sign-on domain“ based on RADIUS or even be part of a
large roaming consortium.

Being heavily involved in RADIUS myself, as the lead R&D engineer for
the „eduroam“ roaming consortium in Europe, and as lecturer on the topic
of Secure Network Admission at the University of Luxembourg, I was
amazed how often I found myself thinking „Right, couldn't have said it
better“ when the author explained some of the particularly hairy
concepts – EAP with outer identity just being one example.

Of course, there are always those few little things everyone likes to do
a bit differently; I'm very much a compile-from-source person and was
slightly disappointed to read that the author rather encourages his
readers to use distribution packages or build their own RPMs/DEBs. Then
again, the target audience is starting from zero, and adding “compile
your own” to the stack of things to learn is probably asked a bit much.
Another question of taste is the client to use for testing the more
complex authentication mechanisms – the book uses a GUI client,
JRadiusSimulator, while I very much prefer „eapol_test“ from the
wpa_supplicant software suite. It can be so nicely scripted and is as
flexible as a Swiss army knife – perfect for Nagios monitoring. In my
humble opinion, it would have deserved a significant mention. Lastly,
there is a nagging little oversight when it comes to the description of
proxying on page 250: Proxying, when done in combination with mutually
authenticating EAP methods and with anonymous outer identities doesn't
expose usernames nor credentials to the roaming partner. The book
doesn't make that aspect overly clear. Then again, peeking at the title,
this topic is way advanced and few people will get to a point in their
RADIUS life where they would need it.

Summarising, I can highly recommend this book as a starter to get into
FreeRADIUS. I'm sure the FreeRADIUS users' mailing list would see much
less traffic on basic operational and conceptual questions if everyone
were to read this book. If you need to get acquainted with FreeRADIUS,
do yourself a favour and grab a copy.


Greetings,

Stefan Winter



More information about the Freeradius-Users mailing list