Network access control on wired networks with IEEE 802.1X
The last step for the administrator is to set the RADIUS server to production mode: enable the init script using service freeradius start, and type chkconfig freeradius on to set up the server to use the same start procedure when rebooted.
The components for device-based authentication of terminal devices exist in many environments. It is up to the administrator to combine those components.
For some people, Network Access Control includes additional aspects, such as technical validation of version status or up-to-date virus signatures, in line with a security policy. NAC offers a number of customization options: Besides LDAP or SQL database integration, more complex environments might want to deploy a PKI with the use of Tiny CA , for example. Smartcards such as the Aladdin E-Token protect private user certificates.
IPv6 is supported with FreeRADIUS Version 2 or later; however, some 802.1X-capable switches might not comply. If you are experimenting with IKEv2, check out the project's experimental.conf.
An identically named SourceForge project is also researching IKEv2 . Thanks to the Hostapd project , administrators can soon look forward to a new implementation of EAP in FreeRADIUS known as EAP2.
- IEEE 802.1x-2004: http://www.ieee802.org/1/pages/802.1x-2004.html
- RFC 5216, "EAP-TLS Authentication Protocol": http://tools.ietf.org/rfc/rfc5216.txt
- Cisco 802.1x Guide: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/dot1x.html
- FreeRADIUS Wiki on Cisco IOS commands: http://wiki.freeradius.org/Cisco
- FreeRADIUS Project: http://freeradius.org
- FreeRADIUS at GitHub: http://github.com/Antti/freeradius-server/tree/master
- OpenSEA: http://openseaalliance.org
- Open1X project: http://open1x.sf.net
- WPA supplicant: http://hostap.epitest.fi/wpa_supplicant/
- Tiny CA: http://tinyca.sm-zone.net
- EAP-IKEv2 project on Sourceforge: http://eap-ikev2.sf.net
- EAP modes supported by FreeRADIUS: http://freeradius.org/features/eap.html
Read full article as PDF:
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open-source groupware solution.
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.
Donors will get to vote on new features for the free video editor.
Debian project puts init out to pasture and says no to Ubuntu's Upstart.
Ultra-sophisticated attack tool might have originated from a state-sponsored intelligence service.
New alternative for init comes with a small footprint and minimal configuration.
X marks the target for the next-generation windowing system.
Super-clone CentOS Linux gets beamed up to the mother ship.
HTML technology will enable new video editing and playback options.
New Linux distro is optimzed for gaming.