Tutorial 1
Task: Look into setting up a RADIUS
server so as to provide us with a WPA-PSK-Enterprise WAP [and connect
to it via a separate device].
Okay, so this one looks kind of fun.
Set up a router to authenticate users via a Radius Server.
Firstly, we need to know what a
“RADIUS” server is. A little Google-fu has informed me that a
RADIUS server is a client/server protocol running in the Application
layer of the OSI model, it uses UDP and runs as a background process
on either a UNIX or Windows machine. It's used for providing
centralised Authentication, Authorisation and Accounting management
for the machines that connect to it. Before you say anything, yes
that is almost word-for-word as I read it, but to be honest I
understand what it's saying and I can't really think of another way
to word it without wasting time and energy. This isn't a piece of
coursework, it's a blog.
So basically, I need to first figure
out if I want to run this server straight off my Windows install or
create a Virtual Machine for a Linux Distribution. Hrmm... What the
hell, Linux Distro it is. What would be the point of doing it off
Windows? No one in the real world would do that and I wouldn't learn
anywhere near as much as I would otherwise.
Right, so I know I'm using Linux, but
now which Distro do I want? I mean, there's thousands of them. Time
for some more Google-fu. I want something that would be lightweight
and relevant. I don't want to just google “Linux Download” and
click on the first link. So I decided to look at some Linux Server
Distros. After a little time reading up on a few of them, I stumble
upon “Red Hat Enterprise Linux”, an enterprise Linux Distro used
for large corporations. That sounds great; it's a server distro, it's
lightweight and it's incredibly popular. Oh balls. It's not free.
Then I discover that there's something called “CentOS”, which is
basically a free (and legal) version of RHEL without the support or
branding. Perfect. Let's get that. (http://www.centos.org/
)
Now, my internet is pretty slow right
now, so downloading a 5.06GB ISO isn't something that I can just do
whilst I go grab a coffee. So I might as well make myself useful as
I'm downloading it. So I decide to set up my Virtual Machine for the
installation of CentOS.
Now, CentOS is a very lightweight
operating sytem. The official page stating hardware requirements states that as a minimum, the system will require 2GB free Disk
Space and 256MB of RAM. So people following this guide who have a
lower-specification machine, I would suggest that. However, I'm going
to go with the largest specifications on the hardware page: 8GB Disk
Space and 1GB RAM. I have the resources spare, so why not?
I load up VMWare player, create a new
Virtual Machine and assign the appropriate values. (Install OS Later,
Linux, CentOS 64-bit, Store in single file). Now I just have to wait
for my ISO to finish downloading. I can read up a bit in the
meantime.
Okay, the ISO is now downloaded, so I
open up VMWare Player again and click on my CentOS image, click “Edit
virtual machine settings”, “CD/DVD (IDE)” and then tell it to
use an ISO, point it to my first CentOS iso and hit okay. Then I hit
“Play Virtual Machine” and run through the installation process.
When installing the OS, be sure to skip
setting up the network adapter (we'll do this later) and set it up as
“Server” - we want to make this as educational as possible, so
we're sticking with the CLI on this one.
Note: The install time for this is
pretty long (around the 10 minute mark) after you've entered all the
set-up information.
When CentOS is installed, it will
restart and spend a little time setting itself up and then ask you
which item you would like to modify in the Setup Agent. Right now, we
can just ignore this; we need to get some connectivity going on the
VM. So let's power it down by holding “Ctrl + Alt” to unbind the
cursor and then going to “Player > Power > Shut down”. Now
go the Virtual Machine Settings, Network Adapter and set it to
“Bridged Connection” do not tick the box to replicate the
physical network connection.
Now run the VM again, wait for it to go
through the set up and log in (this will be 'root' and the password
you chose during initial set up). We're going to set up
connectivity. Firstly, you need to know your host's (the computer
with the VM running on it) default gateway. To do this, (on windows)
open up command prompt and enter “ipconfig”. Make note of your
Default Gateway. Now go back to your VM.
Note: I'm going to be honest, I had a
lot of trouble with this, it took me an hour to find the advice I
needed on Google and when I did it was fairly straight forward. I'm
going to copy a lot of what I found, but credit where credit's due,
here's the source.
Okay, so you're going to want to first
configure your network card to receive static or DHCP IP, then
configure your gateway and finally configure your DNS. Here's how you
do it:
# cd /etc/sysconfig/network-scripts/
# vi ifcfg-eth0
[Note: You're now in VI editor. I'd
never used this until now (I used nano before) and I was a little
confused. Basically, just edit the file how you would normally, but
when you want to save and exit, hit “esc”, then “:” and type
“wq” and then hit enter. There's a tutorial here.
Now, you'll want to add/edit the file
so it looks like this:
# Intel Corporation 82573E Gigabit
Ethernet Controller (Copper)
DEVICE=eth0
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:30:48:56:A6:2E (This line
will already be here, leave the MAC Address as is)
IPADDR=10.10.10.15 (Change this to the
IP address you want to assign to the VM)
NETMASK=255.255.255.192 (This should be
the same as the Subnet mask on your host)
ONBOOT=yes
Save and close this. Now:
# vi /etc/sysconfig/network
Add/edit to look like this:
NETWORKING=yes
HOSTNAME=myserver.example.com
GATEWAY=[Make sure this is the same IP
as your host's default gateway, most likely 192.168.0.1]
Save and exit that one too.
Now it's time to restart your network
adapter so that they'll load your shiny new settings:
# /etc/init.d/network restart
Now that your network adapter is
configured correctly, you're going to need to set up a DNS server.
Let's use Google's:
# vi /etc/resolv.conf
Make the text look like this:
nameserver 8.8.8.8
nameserver 8.8.4.4
Save and close this. Verify
connectivity by using the command
# ping google.com
Note: If this doesn't work, try pinging
your gateway. If that works, it's an issue after you restarted your
network adapter (i.e. the DNS servers aren't configured correctly).
If it doesn't work, double check all the settings BEFORE you
restarted the adapter.
Now that we have the OS and Network all
set up and working, it's time to get to work on Radius. Firstly,
let's install it:
# sudo yum install freeradius
Enter “y” to download and then “y”
again to accept the key.
When it's complete, it'll say
“Complete!”
Okay, so here it is. I've failed. Task
one and I just cannot for the life of me get the Radius
Authentication up and running. I hate that I've failed and I hate
giving up. But I'm looking at things like “eap” and having no
idea what any of it it is. This was way too challenging for a first
attempt and I'm hoping to get some better suggestions from people in
reply to this. I feel like a massive failure right now, but hopefully
after a bit more work and time on this, I can come back with more
knowledge and understanding of what to do.
I strengthened my knowledge somewhat in areas regarding VM Network settings and the CLI though. So that's something.
