FreeRADIUS Beginner's Guide

Photo of the front cover

The FreeRADIUS Beginner's Guide by Dirk van der Walt (published by Packt Publishing) is targeted at system administrators familiar with the basics of maintaining a Linux system but know very little about RADIUS including the subject matter FreeRADIUS.

Executive summary: the book does a good job of introducing FreeRADIUS to the user and the basics of the RADIUS protocol. The examples are generally biased towards hotspot administration whilst 802.1X/infrastructure-logins/VoIP is on the most part overlooked. Diagnostics and the understanding of why things are either malfunctioning or simply just plain broken is missing so do not expect to go beyond 'familiar with RADIUS' whilst wielding this book.

As a starting comment, it cannot be overlooked that the typography makes the book hard to read on the eyes. The white on black titles, use of bold as a tool for emphasis (rather than a softer italic), figure shadows, and the use of decoration on every abstract that each section begins with in addition to a similar decoration of the warnings, notes and tips simply clutters the page with distractions.

Onto the content...

The book starts off from a clean non-assuming slate beginning describing the problem RADIUS solves, its implementation, operation and goes on to introduce some of the features and functionality available to services backed by RADIUS. The level of detail here is about right and follows into the installation of FreeRADIUS on a number of common Linux distributions. These sections are good, but I do feel there was a missed opportunity to cover the use of git (instead of tarballs, the git v2.1.x tree is argubly more stable than the tarball and easier to update/cherry-pick) plus folding the instructions to include CentOS and Ubuntu to include their parents, Redhat and Debian. With a little more work this section could have been a far more straight forward "installing on an RPM platform and on a DEB platform".

The book covers a good number of practical use examples, the majority though are just variations of the wireless hotspot web portal. However, compared to what is seen on the FreeRADIUS mailing list this is what a good portion of the userbase try to do; so for newcomers into the hotspot administration scene you will probably find this book valuable. Additionally well covered in this respect is how to store user credentials in a number of backend sources, whether a textfile, LDAP or SQL database or even Active Directory, it is all there. Unfortunately meanwhile the other huge users of RADIUS such as 802.1X is in comparison only lightly touched upon (session resumption is ignored and an unwise suggestion to perform authorisation in the inner-tunnel made) whilst VoIP, MAC-auth and switch login management (ie. use RADIUS to handle authentications into the console management of your infrastructure) are completely overlooked.

Proxying of RADIUS requests is is well covered. The examples are clear, and due to the nature of RADIUS, quite neutral so that the examples should be easy to apply to other situations. Alas though, only half a page of the whole book handles 'junk' requests, using rlm_attr_filter, but with no real examples it would be easy for the reader to ignore this crucial tidbit of knowledge and how to apply it.

It is the under-acknowledgement of 'junk' requests that is generally missing from this book. As an administrator you will not only be faced with junk from other RADIUS servers, but even the $20,000 NAS's of this world you just bought and now are stuck with having to make work. The examples exist in a rather idealistic bubble involving well behaving NAS's (including a focus on vendor specific shortcuts, such as those found by Mikrotik/Coova Chilli, when the same task could be done in a vendor neutral manner), backend database servers and as of such will get you up and running quickly; but only if your situation matches one of the given examples.

The moment you hit some rough spots, as a beginner, you are likely to find yourself racing over to the mailing list rather than reaching for the book. What would have not gone amiss is dwelling on, even for the whole second half of the book, diagnostics (understanding the output of 'radiusd -X'), detailed logging (ie. with tcpdump, tee and rlm_detail), monitoring (eapol_test, radtest with Nagios), graceful failure handling, etc etc.

This is though a book for beginners and for the absolute beginner, especially one tasked with maintaining wireless hotspots, this book will be helpful to get you going. Unfortunately what is important to a beginner are hints on where to find information, how use this information and if necessary to ask for help, crucial information on how to ask smart questions is absent; especially when thinking of asking on the seemingly hostile freeradius-users mailing list.