SearchSearch   ProfileProfile   Log inLog in   RegisterRegister 

RADIUS Authentication Mode

 
Post new topic   Reply to topic    FirstSpot Forum Index -> Announcement, Technical FAQ
View previous topic :: View next topic  
Author Message
alan
Forum facilitator


Joined: 26 Sep 2003
Posts: 4435

PostPosted: Tue Apr 25, 2006 7:03 am    
Post subject: RADIUS Authentication Mode

Starting from v3, FirstSpot supports RADIUS Authentication Mode (in additional to ODBC Authentication Mode). Technically, FirstSpot acts as a RADIUS client (in RADIUS terminology, Network Access Server or NAS) which queries RADIUS server for AAA (Authentication, Authorization and Accounting) purpose. Normally, you should only use RADIUS Authentication Mode if you have another NAS that already uses RADIUS and you want FirstSpot to share that RADIUS directory.

FirstSpot supports Microsoft IAS/NPS RADIUS server. For IAS/NPS to work, a DLL plug-in is needed. You can download IAS DLL sample source code at http://patronsoft.com/firstspot/sample/iasdllv6.zip . Note that this source code is only provided as is. You might need to modify it to suit your need. Also, if you need to integrate with your existing Active Directory (AD), you can setup IAS/NPS to read user accounts from AD.

As RADIUS protocol is quite loosely defined on the Authorization part (second A), FirstSpot will probably work with other RADIUS server (e.g. FreeRADIUS) on the Authentication and Accounting part (first and third A) but not on Authorization (second A) .

As an alternative, you can use Microsoft IAS/NPS as RADIUS proxy to other RADIUS server. Keep in mind that Microsoft IAS/NPS is free and it comes bundle with Windows Server OS. Please check out readme.rtf (within the trial package) for the exact version of RADIUS server we support.


Last edited by alan on Tue Nov 08, 2011 10:22 am; edited 9 times in total
Back to top
kevin
Forum facilitator


Joined: 26 Sep 2003
Posts: 442

PostPosted: Tue May 23, 2006 3:59 am    
Post subject:

A few more points concerning the Microsoft IAS:

1) In Windows 2003, you need to download Windows® Server 2003 R2 Platform SDK, in order to compile the needed DLL successfully. As of 2006-March, the following is the latest download link:

http://www.microsoft.com/downloads/details.aspx?familyid=484269E2-3B89-47E3-8EB7-1F2BE6D7123A&displaylang=en

2) After installing the SDK, a Windows HTML Help file will be installed, which contains very detailed information about how to get your own dll created. A sample screen capture of the help file is here: http://patronsoft.com/images/ias.jpg

3) Please also refer to section 9 (Setting up RADIUS server) of our firstspot_guide.pdf for some high-level information about how to make IAS to work with FirstSpot.
_________________
~ Patronsoft Limited ~
Back to top
alan
Forum facilitator


Joined: 26 Sep 2003
Posts: 4435

PostPosted: Tue Feb 05, 2008 8:32 am    
Post subject:

Note that without the DLL, FirstSpot (v4.0.9 or newer, see http://patronsoft.com/forum/viewtopic.php?t=945 ) will still work but with only login/logout (i.e. no other user attributes like timeleft). In other words, only Authentication/Accounting but no Authorization since the DLL is used to implement other user attributes (i.e. Authorization) . This is due to the design of IAS/NPS and the fact that RADIUS is more a protocol for Authentication and Accounting (the first and third A in AAA) but not Authorization (the second A).
_________________
~ Patronsoft Limited ~


Last edited by alan on Fri Nov 04, 2011 11:32 am; edited 1 time in total
Back to top
alan
Forum facilitator


Joined: 26 Sep 2003
Posts: 4435

PostPosted: Tue Jun 08, 2010 12:58 pm    
Post subject:

Another confusing aspect of the RADIUS support is WPA/WPA2 (Wi-Fi Protected Access) Enterprise. Many APs currently support RADIUS through WPA/WPA2 Enterprise. In this case, the AP acts as a RADIUS client. Note that FirstSpot also acts as RADIUS client when RADIUS Authentication Mode is enabled. The two (AP and FirstSpot) RADIUS clients do not communicate with each other directly. In fact, in most Wi-Fi hotspot (or guest) networks, we don't recommend turning on WPA/WPA2 Enterprise, as it might confuse end-users and also they will need to login twice (AP and FirstSpot).
_________________
~ Patronsoft Limited ~
Back to top
Display posts from previous:   
Post new topic   Reply to topic    FirstSpot Forum Index -> Announcement, Technical FAQ All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group