Before you start learning about Radius, it is important that you understand:
Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security.
Authentication, authorization, and accounting services are often provided by a dedicated AAA server, a program that performs these functions. A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).
RADIUS(Remote Authentication Dial-In User Service):
Radius is a protocol for carrying information related to authentication, authorization, and configuration between a Network Access Server (NAS) that desires to authenticate its links and a shared Authentication Server.
What is Network Access Server?
The Network Access Server (NAS) is a service element that clients dial in order to get access to the network.
Features of Radius:
- Client/Server Model
- NAS works as a client for the Radius server.
- A Radius server can act as a proxy client to other Radius servers.
- Network Security
- Transactions between a client and a server are authenticated through the use of a shared key. This key is never sent over the network.
- Password is encrypted before sending it over the network.
How to install FreeRADIUS in Ubuntu server:
Installing FreeRADIUS is the easiest part. It can be done with.
$ sudo apt-get install freeradius
Verify FreeRADIUS version
Verify it was installed by checking the version.
$ freeradius -v
FreeRADIUS should be able to run successfully with all the defaults.
Run a quick config check.
$ sudo freeradius –CX
Review the Configuration Files
The FreeRADIUS files are located in /etc:
$ cd /etc/freeradius
$ sudo nano /etc/freeradius/radiusd.conf
Here is where we tell FreeRADIUS to look for authorized clients (authenticators).
Open the clients.conf file to add your authenticator(s).
And then add these lines
hostname = TP_LINK
secret = password@123
$ sudo nano /etc/freeradius/users
Add an account to the file:
usertest Cleartext-Password := “Password123”
Run a quick test to see if FreeRADIUS will accept the newly created username and password. Running this from the server means you will have to use the secret configured for the localhost which is defined in the clients.conf file:
$ radtest usertest Password123 127.0.0.1 0 testing123
$ service freeradius start
$ service freeradius stop