documentation of the raduis segment in the ... · web viewthis installation of clearbox radius...
TRANSCRIPT
ContentsHistory..............................................................................................................................................................2
Documentation of the RADUIS segment in the PRONESTOR_GUEST network.................................................3
Installation objective....................................................................................................................................3
Servers & Network Units..........................................................................................................................3
ClearBox RADIUS server................................................................................................................................4
Clearbox Website:....................................................................................................................................4
Version used in this case..........................................................................................................................4
System requirements...............................................................................................................................4
Concept & How it works...................................................................................................................................5
ClearBox Installation Guide (step by step)........................................................................................................6
Configuration of ClearBox RADUIS server...................................................................................................13
Configuration advice:..............................................................................................................................13
ClearBox, just behind the curtain...............................................................................................................14
Basics for the configuration....................................................................................................................15
The installation procedure..........................................................................................................................15
Configuration Starters............................................................................................................................16
1) Create a Realm..................................................................................................................................17
2) Create a Datasource...........................................................................................................................18
3) Create Clients.....................................................................................................................................21
4) Add Datasources and Clients to the Realm.........................................................................................23
SQL statement:.......................................................................................................................................26
Starting the RADIUS Service.......................................................................................................................27
1
2
Documentation of the RADUIS segment in the PRONESTOR_GUEST network
Installation objectiveThe objective is to authenticate a User who is logged in in to the PRONESTOR_GUEST network, in the PRONESTOR MS SQL Database. The reception generates a username and password for the guest, and hands out the information on a card.
The generated user credentials are stored in the PRONESTOR DB. The Nortel WSS switch currently used, cannot connect directly to the MS SQL database, but has to forward the login request to a RADIUS server.
Servers & Network Units Units overview
Server Name Description Graphicdkcphcb00 ClearBox RADIUS Server
OS: MS Windows 2008 R2
ClearBoxRADIUS
dkcphsql02 PRONESTOR SQL Database Server
Pronestor DBWSS1 Wireless Security Switch
WSS2 Wireless Security Switch
Accesspoint Accesspoint for the PRONESTOR_GUEST network
Access Point
This installation of ClearBox RADIUS server will be implemented on a MS Windows 2008 R2 server.
3
ClearBox RADIUS server ClearBox RADUIS is a ”Remote Authentication Dial In User Service” application.
Clearbox Website:http://www.xperiencetech.com/
Version used in this case
System requirements ClearBox System requirements
Processor Pentium II or higher
Memory 256 MB or higher
Operating system Windows 2000/XP/2003
Connectivity TCP/IP installed and configured
Hard disk capacity 9 MB of free space
4
Concept & How it works
At arrival at the company’s HQ, the user is greeted by the reception with a PRONESTOR VISITOR badge. The badge contains a username and password generated by the PRONESTOR VISITOR Reception frontend. The Credentials is stored in the PRONESTOR DB.
1) The user connects to the Wireless network PRONESTOR_GUEST.2) When a browser is opened at the host, the user is greeted by a login webpage and prompted for
the credentials on the VISITOR badge, given by the reception. The login webpage is hosted by the primary WSS switch.
3) When the user has typed in the credentials, the WSS the passes on the login information to the ClearBox RADIUS server. Then waits for an answer from the RADIUS server.
4) The ClearBox RADIUS server is using the PRONESTOR Database as a remote database. ClearBox queries the PRONESTOR DB for the User login credentials, received from the WSS switch.
5) Whether the credentials is found and authenticated correctly, the ClearBox RADIUS server returns an Allow or Reject answer to the WSS switch.
6) The WSS switch then decides upon the answer from the ClearBox, whether the user is authorized to connect to the PRONESTOR_GUEST wireless network. If the user is allowed, the WSS then stores the user within its own database.
5
7) The user is authorized and authenticated to use the PRONESTOR_GUEST wireless network, and is not restricted further by this installation.
Depending upon the setup of the PRONESTOR Database, the user gains access to the PRONESTOR_GUEST network for a limited time.
ClearBox Installation Guide (step by step)Installation Guide
REMEMBER: This installation does not use certificates! When installing the ClearBox RADIUS server, DO NOT choose to install SSL Certificate tools. If installed, the RADIUS server will require the use of certificates, and will not work properly.
Run the file: clearbox_enterprise_5_6.exe
Yes install!
6
Next
Read License Agreement … Click the “I accept the agreement”.Next
7
Choose an installation folder.We chose the standard folder; “C:\Program Files (x86)\ClearBox Server”.Next
Select “Full Installation”.Next
8
Type in a password for the ClearBox installation. This can be edited at a later time.Next
Choose “Normal Mode”.Next
9
WARINIG !! DESELECT the “Enable wireless authentication” option.Next…
Chose a name in the Start Menu.Next.
10
Inspect the installation selections. If everything is as expected… Install.
ClearBox installing…
11
The installation is complete.To configure the ClearBox click the ”Run Control Centre” option.Finish.
12
Configuration of ClearBox RADUIS serverThis installation is configured on the DKCPHCB00 MS Windows 2008 R2 server.
Configuration advice:For in-depth configuration of the ClearBox RADIUS server please refer to the website for more information.
13
ClearBox, just behind the curtain.To configure the ClearBox RADIUS server it is important to understand how it works.
To start the configuration of the ClearBox click the “Configure the Server” button.Choose whether to use the frontend as a remote configuration utility for a preinstalled ClearBox server, or use a local installation.Chose “Open local XML file with server settings”.
This will open a default configuration.
Chose “No”. The utility might not work as you want it to.
14
Now you have the standard configuration. This is where you start to edit and configure the ClearBox RADIUS server.
Basics for the configurationDescription for the used configuration tools.
SQL Data Sources.This will define what database to use for your installation. This is where we will configure the connection details for the PRONESTOR Database.
Realms.A Realm is like a Domain in Windows. This is the Container or Object that contains and connects your devices as one interconnected configuration in ClearBox.Realm contains the Realm rules, AAA setup and logging configuration.Configuration of the SQL query, and rule setup will be applied here.
RADIUS clients.This is where you define the devices or clients you want to use in the configuration.Here the connection information and credentials for the WSS switches will be defined.
The installation procedure1) Create a Realm2) Create SQL Datasource 3) Create the Clients4) Add Datasources and Clients to the Realm
15
Configuration Starters
Create a new configuration file for this installation.
Click “File” and choose “Save As…”.
This configuration will be called “Pronestor_Config_21-02-2011”.Click “Save”.
16
1) Create a Realm
To create a new Realm, Right click and click “Add New Realm”
Type in the name of the Realm. (Rlm_Pronestor)
17
2) Create a Datasource
Right click on “SQL Data Sources” and select “Add New Data Source”.
Type in the name for the datasource: SQL_Pronestor
18
Select “MS SQL Server” under Data source type:.Type in the Server name: (dkcphsql02)Type in the database name: (pronestor)Type in the username for ClearBox to access the database: (pronestorguest)Type in the password for the ClearBox username: (<password???>)
When done, click the “Test Connection”, to verify SQL connection settings.
Click “Apply Changes”.
19
20
3) Create ClientsCreate new clients for the RADIUS server. This will add the WSS switches, which will be added to the Realm later on.
Right click on RADIUS Clients, and click “Add New Client”.
Type in the name for your device.
21
Then type in the Client IP address (10.129.144.3) WSS switch IPThe password (Shared Secret) ( <Password ???>) WSS switch passwordAnd choose the Realm you have created: (Rlm_Pronestor)
Click “Apply Changes”
Repeat the steps for all the clients you want to use. (Next is DKCPHWSS02)
Type in the Client IP address (10.129.144.2) WSS switch IPThe password (Shared Secret) ( <Password ???>) WSS switch passwordChoose the Realm you have created: (Rlm_Pronestor)
Click “Apply Changes”.
22
4) Add Datasources and Clients to the Realm
This will add your Clients to your Realm.
First we add the Clients to the Realm
Click on your realm in the Tree view (Rlm_Pronestor)Then click the box “By client IP address”.For adding Clients, click the “+” button.
Add the two Security switches DKCPHWSS02 and DKCPHWSS01Click “OK” button.Click “Apply Changes”.
23
This will add your Datasources to your Realm.
First, select your realm in the tree view (Rlm_Pronestor).Then select the Authentication tab Click the SQL database button Select the your datasource “SQL_Pronestor”.
24
In the “Password selection query” field paste in the SQL query that enables the RADIUS server to lookup authentication requests in the PRONESTOR Database.
To get the “SQL Editor” view above click the button on the far right .When satisfied with the SQL statement, click “OK”.
Then click “Apply Changes”.
See “SQL statement” for the used query.
25
SQL statement:Select [wifi_password] from badgewhere [wifi_user] = '$u'AND(badge.state = 'in' )AND(
(dateadd(DAY,1,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()
)OR(
dateadd(MONTH,1,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()and guest_category_id = 6
)OR(
dateadd(MONTH,3,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()and guest_category_id = 7
)OR(
dateadd(MONTH,6,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()and guest_category_id = 8
) OR(
dateadd(YEAR,1,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()and guest_category_id = 9
))
26
Starting the RADIUS ServiceTo start the ClearBox RADIUS service…
In the left panel, click the “Service Control” option.Click the “Start” button to start the service
If Errors occur, view the error log by clicking on “view errors log”.
Now the service is running.
This concludes the installation.
27