XC07 Advanced use and extension of freeradius (3 Days)
In this course the students will learn about freeradius internals.
This course is targetted to students who will need to extend, debug or
do 3rd level support of large networks running freeradius.
This is an advanced course.
FreeRADIUS is an Internet authentication daemon, which implements
the RADIUS protocol, as defined in RFC 2865 (and others). It allows
Network Access Servers (NAS boxes) to perform authentication for
dial-up users, and dial-up-like users. Recently, this has included
authenticating users at 802.11 hotspots using the 802.1x protocols.
On day 1, the internals of freeradius will be discussed. Data structures
will be discussed, and programming conventions. The components of the systems
relating to how it deals with high load, failover will be explored.
The debugging options will be explained, and the student will explore
its uses by solving a series of misconfiguration labs.
On day 2, the extension API of freeradius will be explained. A detailed
walk through of how a request is processed and answered will form the core of
the content. The student will be introduced to radius state via experience with the
EAP-MD5 challenge methods.
On day 3, the students will build a trivial new authentication mechanism,
backed by a database application. This will be done in teams. Critical
functions and structures will be explained through out the day in a series
of mini-lectures.
At the end of the course the students will have been able to constructively
manage and extend the freeradius system. This deep understanding will permit the
student to debug problems that might arise in the field.
This is a hands on course.
Prerequisites:
- Linux Systems Administration
- TCP/IP Networking
- Experience with some form of internet access provider
- C programming
- XC06 or basic freeRadius use
