Organization

I have tried to structure this book as effectively as possible, mixing theory with practice where appropriate, so you, the reader, have a firm background with which to apply both the practical advice and procedures in this book and others you may develop on your own.

Chapter 1 takes a few steps backward and looks at the architectural model on which the RADIUS protocol is based, provides an introduction to RADIUS's characteristics and limitations, and offers a brief discussion of its history.

Chapter 2 details the individual characteristics of the RADIUS protocol, including an overview of its standard packet formats and the structure of the properties it passes to various servers, as well as a discussion of how vendors extend the functionality of the protocol through the use of their own defined attributes. There is also commentary on the various authentication protocols that can be used in conjunction with RADIUS, as well as a brief introduction to the hints file.

Chapter 3 is a reference section for all of the globally defined RADIUS attributes as specified in the appropriate RFC documents. An "at a glance" chart details each attribute's primary properties with a short discussion of its purpose. Any special behaviors that an administrator might encounter during its use are covered in this discussion.

Chapter 4 is presented as a combination of the stylistic elements of Chapter 2 and Chapter 3 and covers the properties, behaviors, and attributes of the accounting portion of the RADIUS protocol. It discusses standard accounting packets, proxy functionality, and the standard accounting attributes as specified by the RFCs.

Chapter 5 is the first hands-on chapter in the book. It discusses obtaining, installing, configuring, and using FreeRADIUS, an open source RADIUS server that was created in part by several developers of the Debian Linux distribution.

Chapter 6 continues the practical guidance and covers the more intimate and intricate configuration options that FreeRADIUS provides. In addition, extending FreeRADIUS's functionality is covered, by having it authenticate against a MySQL database, use the pluggable authentication module (PAM) in its transactions, and interact with Cisco networking gear. Simultaneous use, also known as multilinking in the ISP business, is also covered.

Chapter 7 discusses other programs to augment FreeRADIUS, including an Apache module that will allow the web server to authenticate against the RADIUS user database, a powerful email and directory server that will consolidate user information and reduce administrative headaches , and a utility for parsing and analyzing RADIUS log files.

Chapter 8 is a commentary on some of the security problems the protocol has and how to work around them. Unfortunately, the protocol used to secure networks has some vulnerabilities of its own, and this chapter offers insight into what the vulnerabilities are, how they were introduced, and what an administrator can do to eliminate the potential threat they represent.

Chapter 9 includes information that's not present in the original RFC documents for the protocol. Among these new details are information on tunnel support, Apple networking support, interim accounting updates, using Extensible Authentication Protocol (EAP), and a listinglike that of Chapter 3of the new attributes added by the RADIUS Extensions RFC.

Chapter 10 concludes the book by offering design guidelines and practical suggestions for planning a RADIUS server deployment in your organization. Topics include services, availability, system baselining, and proactive/reactive system management.

Appendix A is a list of all of the RADIUS attributes covered within the book, a few of their key properties, and cross-references by page number.