Journals and Authentication - Overview of Radius

Jul 10, 2024

Journals and Authentication: Overview of Radius

Introduction

  • Presenter: Simon Bingham
  • Part of a video series on journals and authentication.
  • Previous video covered user classes and local authentication.
  • Today's focus: Scalability of user authentication via Radius.

Local vs. Centralized Authentication

  • Local Authentication

    • Managing passwords on each individual device.
    • Not scalable: Difficult to manage for hundreds of devices.

  • Radius (Remote Authentication Dial-In User Service)

    • Centralized system for user authentication.
    • Integrates with systems like Active Directory.
    • Deactivates access if the user is removed from Active Directory.
    • Simplifies user management across multiple devices.

Common Radius Implementations

  • Popular Radius server: Microsoft 2008 (Enterprise Networks).
  • Example used: Steel-Belted Radius (Juniper product)
    • Web-based and available as a 30-day trial.

Basic Configuration Example

  1. Setup on Device (Juniper)

    • Edit configuration sections for the system.
    • Define authentication order (Radius first).
    • Specify Radius server and source address.
    • Set up login users and assigns roles (e.g., super-user).

  2. Steel-Belted Radius Configuration

    • Define devices that will communicate with the Radius server.
    • Configure IP addresses and shared secrets.
    • Create user entries with return list attributes for authorization.

Authentication Process

  • Authentication process involves:

    1. Device sends credentials to the Radius server.
    2. Radius server checks credentials and user permissions.
    3. Radius server sends back return list attributes (e.g., allowed commands).
    4. Device uses these attributes to grant appropriate access.

  • Use tools like Wireshark to monitor Radius authentication traffic.

Advanced Configuration and Use Cases

  • Juniper specific parameters:
    • Allow/Deny commands via Radius server settings.
    • Set VLANs, firewall filters, and more, centrally from Radius.

Conclusion

  • Radius simplifies and centralizes user management across devices.
  • Despite initial setup complexity, it provides flexibility and control.
  • Encourages using documented resources for setting up Radius properly.