Nextelco:AAA

From its-wiki.no
Jump to: navigation, search

AAA server

The AAA server, also known as RADIUS server, provides end-users and devices Authentication, Authorization and Accounting. It is specially necessary to manage who or what users or devices have access to the network and which kind of service should the network provide them.


Currently, AAA servers communicate using the RADIUS protocol, that is why they are also known as RADIUS servers. However, future AAA servers are expected to use a successor protocol to RADIUS known as Diameter.


One of the most widely deployed RADIUS server in the world is FreeRADIUS. Some successful examples of its usage include many Fortune-500 companies, Tier 1 ISPs and eduroam. FreeRADIUS includes a RADIUS server, a BSD licensed client library, a PAM library, and an Apache module.


What is Authentication, Authorization and Accounting?

Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security.

As the first process, authentication provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted. The process of authentication is based on each user having a unique set of criteria for gaining access. The AAA server compares a user's authentication credentials with other user credentials stored in a database. If the credentials match, the user is granted access to the network. If the credentials are at variance, authentication fails and network access is denied.

Following authentication, a user must gain authorization for doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication. Once you have authenticated a user, they may be authorized for different types of access or activity.

The final plank in the AAA framework is accounting, which measures the resources a user consumes during access. This can include the amount of system time or the amount of data a user has sent and/or received during a session. Accounting is carried out by logging of session statistics and usage information and is used for authorization control, billing, trend analysis, resource utilization, and capacity planning activities.

Authentication, authorization, and accounting services are often provided by a dedicated AAA server, a program that performs these functions. A current standard by which network access servers interface with the AAA server is the Remote Authentication Dial-In User Service (RADIUS).


FreeRADIUS

In this section we are going to explain how to install and configure FreeRADIUS. Currently, version 3 of FreeRADIUS is available. However, in the repositories of Debian 7.5 the version 2.1.12 is already built and prepared. We are going to use the oldest version due to its stability and easy configuration.


Installation

The installation of FreeRADIUS is as easy as using the next command:

# apt-get install freeradius freeradius-utils freeradius-mysql


FreeRADIUS developer web page:

  1. FreeRADIUS configuration


Interesting Web pages:

  1. AAA with FreeRADIUS, MySQL and daloRADIUS
  2. Freeradius + Coova-Chill + daloRADIUS
  3. CoovaChilli v1.3.0 & Freeradius v2.2.0 – Working
  4. Freeradius: Disconnected user when time limit exceed
  5. How to create a bootable USB stick on OS X


ASA 5505 and FreeRADIUS

  1. ASA5500 FreeRADIUS authentication
  2. FreeRADIUS supports ASA clients
  3. Japanish web page with some commands


Return to Application Server page.

Return to Technology page.