Don’t let Wi-Fi be the weakest link in security. Securing user credentials via Wi-Fi shouldn’t be taken lightly. In my Wi-Fi lab I use FreeRADIUS for authenticating Wi-Fi users with 802.1X.
FreeRADIUS is an open source RADIUS server used by many organizations. It performs AAA functions, supporting many authentication protocols and is widely popular because it is modular and scalable.
In 802.1X, and in my lab, FreeRADIUS will play the role of the authentication server. FreeRADIUS can be the proxy to another authentication server such as Active Directory.
Without going into too much detail, 802.1X has three components:
- Supplicant (mobile device)
- Authenticator (AP)
- Authentication Server (FreeRADIUS)
The supplicant will request to join an SSID, the authenticator will request an identity from the mobile device, the authenticator forwards the identity to the authentication server which will reply back with a success or deny.
This guide will get you up and running quickly with FreeRADIUS on Ubuntu server using EAP-TTLS.
My FreeRADIUS deployment was done on Ubuntu 16.04.1 LTS which I have running as a VM on my Intel NUC.
1. Install FreeRADIUS
Installing FreeRADIUS is the easiest part of this guide. It can be done with apt-get. Installing FreeRADIUS will also install dependencies and additional packages required for operation.
$ sudo apt-get install freeradius
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
freeradius-common freeradius-utils libdbi-perl libfreeradius2 libltdl7 libpython2.7 libpython2.7-minimal libpython2.7-stdlib ssl-cert
freeradius-ldap freeradius-postgresql freeradius-mysql freeradius-krb5 libclone-perl libmldbm-perl libnet-daemon-perl libsql-statement-perl
The following NEW packages will be installed:
freeradius freeradius-common freeradius-utils libdbi-perl libfreeradius2 libltdl7 libpython2.7 libpython2.7-minimal libpython2.7-stdlib ssl-cert
0 upgraded, 10 newly installed, 0 to remove and 5 not upgraded.
Need to get 4,966 kB of archives.
After this operation, 21.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y