RADIUS

Before you start learning about Radius, it is important that you understand:

AAA :

Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security.

Authentication, authorization, and accounting services are often provided by a dedicated AAA server, a program that performs these functions. A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).

RADIUS(Remote Authentication Dial-In User Service):

Radius is a protocol for carrying information related to authentication, authorization, and configuration between a Network Access Server (NAS) that desires to authenticate its links and a shared Authentication Server.

What is Network Access Server?


The Network Access Server (NAS) is a service element that clients dial in order to get access to the network.

Basic Architecture for NAS / RADIUS / AAA


Features of Radius:

  1. Client/Server Model
  • NAS works as a client for the Radius server.
  • A Radius server can act as a proxy client to other Radius servers.
  1. Network Security
  • Transactions between a client and a server are authenticated through the use of a shared key. This key is never sent over the network.
  • Password is encrypted before sending it over the network.

How to install FreeRADIUS in Ubuntu server:

Installing FreeRADIUS is the easiest part. It can be done with.


$ sudo apt-get install freeradius

Verify FreeRADIUS version


Verify it was installed by checking the version.


$ freeradius -v


FreeRADIUS should be able to run successfully with all the defaults.


Run a quick config check.


$ sudo freeradius –CX

Review the Configuration Files


The FreeRADIUS files are located in /etc:


$ cd /etc/freeradius
$ sudo nano /etc/freeradius/radiusd.conf


Here is where we tell FreeRADIUS to look for authorized clients (authenticators).


$INCLUDE clients.conf

Add Clients


Open the clients.conf file to add your authenticator(s).
And then add these lines


client 192.168.1.1{
hostname = TP_LINK
secret = password@123
}


Add Users


$ sudo nano /etc/freeradius/users


Add an account to the file:


usertest Cleartext-Password := “Password123”

Test Authentication


Run a quick test to see if FreeRADIUS will accept the newly created username and password. Running this from the server means you will have to use the secret configured for the localhost which is defined in the clients.conf file:


$ radtest usertest Password123 127.0.0.1 0 testing123


Start FreeRadius


$ service freeradius start


Stop FreeRadius


$ service freeradius stop

References :

https://www.tutorialspoint.com/radius/aaa_and_nas.htm

https://searchsecurity.techtarget.com/definition/authentication-authorization-and-accounting

https://whatis.techtarget.com/definition/access

https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu