Archive for July, 2006

Preliminary review of the Wiley RADIUS book.

Tuesday, July 25th, 2006

I've taken a quick look at the Wiley RADIUS Book, and I have to say it looks like a significant effort. 300 pages, $120, and the table of contents covers a wide variety of topics.

My only question, though, is how useful it will be for the average administrator. The summary says

This text will provide researchers in academia and industry, network security engineers, managers, developers and planners, as well as graduate students,with an accessible explanation of the standards fundamental to secure mobile access.

I find that summary a little daunting, quite frankly. The first target audience is researchers. And from reading the sample chapter contents, I agree that researchers are a good target for this book. I've been working with RADIUS for a long time, and it took me some effort to understand the text.

Based on a preliminary review, this book appears useful if you're:

  • a researcher,
  • using mobile IP,
  • using IPsec,
  • using Diameter.

For the average administrator intent on deploying RADIUS, that book is probably too much. It looks to have some RADIUS content (20 pages or so), some overview of AAA architectures (50 pages or so), but the majority of it is devoted to issues that just don't come up in common RADIUS deployments.

The overlap between that book and Deploying RADIUS: Practices and Principles appears to be pretty minimal. My book will concentrate on practice, and not on research. i.e. Administrators are less concerned with how something works than with how to get a job done.

That's where Deploying RADIUS will shine.

I'm writing a RADIUS book.

Monday, July 24th, 2006

I've been working on FreeRADIUS for over 7 years, and RADIUS for over a decade. In that time, RADIUS has grown substantially. The wireless market (802.1x) has exploded in recent years, making it even more important for the average administrator to have a good RADIUS reference.

The O'Reilly book is a good introduction to many of the RADIUS basics, but it's starting to show it's age. It's almost 4 years old, and covers an ancient version of the server. The goal with a new book is to discuss new features that have been developed in the last few years, and to cover additional topics that the O'Reilly book didn't cover in detail.

The current plans are to cover the following topics, in as much detail as possible:

  • RADIUS background and history,
  • RADIUS network architecture,
  • Common deployment problems,
  • Ongoing maintenance issues,
  • FreeRADIUS installation,
  • Configuring radiusd.conf,
  • Configuring the users file,
  • Server modules, including writing custom modules,
  • Whatever else I have time for, and people need.

The book is titled Deploying RADIUS because its emphasis is helping administrators set up a functional and maintainable RADIUS infrastructure. It starts off with small systems, and gradually introduces new concepts to end up at a complex installation. Rather than being a collection of template “how-to's”, the book is designed to give the administrator the experience and knowledge to solve new problems in common RADIUS deployments.

The subtitle is Practices and Principles in order to highlight my experience that most deployment problems relate to methods, rather than knowledge. A lot of RADIUS knowledge can be found online via Google searches, or in existing documentation. I would refer to much of that information as trivia, because lists of attributes don't help the average administrator in their search for meaning.

What this means is that the book will summarize my decade of experience with RADIUS, and give you, the administrator, the tools to track down the problem, find the solution, implement it, test it, and deploy it quickly with minimal errors.

Oh, and it will contain trivia, too. There are a number of little details and “gotcha's” in FreeRADIUS that aren't documented anywhere else.