The benefits of a RADIUS server are many. In addition to speed, you receive heightened security with user access monitoring, reporting and tracking functions and personalized restrictions. Setting it up costs less than $60 and this white paper walks you through each of the steps, settings, configurations and the equipment you will need.
I work often with a variety of networking devices from different manufacturers. In many cases the equipment is simply being evaluated, configured for demonstration purposes, or incorporated into a lab for classroom use. RADIUS is supported by a lot of these gadgets but I have never found a handy-dandy inexpensive and easy to use RADIUS server. Well, let's build one.
RADIUS is an acronym for Remote Authentication Dial-In User Services. It is an AAA tool intended to be useful in instances where the user would like to centralize management of authentication, authorization, and accounting functions (hence the AAA). Authentication, or proving that users are who they claim to be, is the primary reason that most people are driven to want a RADIUS server. But the authorization (limiting what a user is allowed to do once they have been authenticated) and accounting (logging and billing functions) will be of interest to some people, too.
Where I most often like to demonstrate the use of RADIUS is in the configuration of Ethernet switches and IEEE 802.11 access points. For switches, RADIUS is most often used in conjunction with IEEE 802.1x port-based network access controls, which can in turn be used to control the identity of users who are allowed access to specific ports. For access points the same mechanism is actually in play, but it is used to limit who can associate with the wireless network. You might have bumped into this feature if you ever clicked on the "enterprise" settings for WPA or WPA2 while configuring your AP.
Raspberry Pi is a handy platform to building a simple RADIUS server. I chose the Raspberry Pi 2, which has a multicore ARM processor and 1GB of RAM. For the OS I decided on Raspbian, which is basically Debian Linux for the Pi. A case and heatsinks creates a nice package about the size of a pack of cigarettes. To build and configure the server you will also require a display that supports HDMI and a USB keyboard and mouse initially. Once the appliance is built you will no longer need the latter items as you can manage it via the network.
The cost is minimal. The Raspberry Pi 2 costs $35 and the case and heatsinks add less than $15. You do need a class 10 micro SD card with at least 16GB, so add another $10. For less than $60 you can have a RADIUS server. My advice though would be to spend a little more and get a 32GB SD card-the 16GB option does not leave as much room for growth and experimentation. That bumps the total to about $75. By the way, if you have an older Raspberry Pi Model B or B+ laying around, it will work. The minimum SD card size is 8GB.
There are quite a few steps involved in getting things up and running as you will see in the details later in this paper. But the big picture is not all that tough to understand. Here are the major tasks:
- Acquire and build your Raspberry Pi and assemble it with mouse, keyboard, display, and Internet connection. All of the connections are standard off-the-shelf cables.
- Download Raspbian and install it on the SD card. Boot it up and go through the initial OS installation and customization.
- Install and configure Apache, MySQL, and PHP, turning this into a LAMP server.
- Install and configure FreeRADIUS and the daloRADIUS GUI.
- Test, tune, experiment, and enjoy.
Let's get started.
Building the hardware platform
As a starting point I suggest that you visit raspberrypi.org. There are links there to various distributors. I bought my Raspberry Pi 2 Model B from MCM Electronics. I purchased the case and heatsinks from Amazon. Be careful. Make sure your case is for the Raspberry Pi 2-not its predecessors. The class 10 micro SD card came from Walmart. I already had the other things laying around my house. For the display I used a small 1080p TV. The mouse and keyboard have to be USB devices. Note that the Pi is powered by a USB connection; so that requires a separate power supply.