Wanting to experiment, radius server at home...anybody try?

techtips · Oct 30, 2015

Hey guys,

I am trying to be a bit more creative with my home network and build up on some knowledge as my current workplace does not challenge me at all.

After upgrading my old E4200 to the most recent DD-WRT version, I've been thinking more about security. I always use strong keys combined with MAC address filtering but I've started to think about Radius authentication.

I understand that it may be overkill for a home network. I don't have 'mission critical' information at all but I'd like to build something at home to gain a bit of experience in doing so.

Has anybody set up a Radius server at home? Are there any pro's and con's?

I found a few guides on setting up a linux server to do it...sounds interesting and I'd like to have it running as a VM on a desktop if possible.

Sinclair · Oct 30, 2015

It's a good project since quite a few enterprise-type things utilize RADIUS. I run a RADIUS server on my 2012 R2 DC at home for a few services, primarily for one of the UniFi SSID's and for TACACS to authenticate against on the switches/routers.

For me, PROS: Single authentication source.

CONS: More dependency on a single point of failure (sometimes), added complexity.

Raekwon · Oct 30, 2015

I've got it running on Ubuntu Server 14.04 if you have any questions. I'm still working on it, but using it to authenticate users on network devices and checking an AD server via NTLM and LDAP.

swatbat · Oct 30, 2015

Sinclair said:
It's a good project since quite a few enterprise-type things utilize RADIUS. I run a RADIUS server on my 2012 R2 DC at home for a few services, primarily for one of the UniFi SSID's and for TACACS to authenticate against on the switches/routers.

For me, PROS: Single authentication source.

CONS: More dependency on a single point of failure (sometimes), added complexity.

Yea what he said. I haven't setup it at home in a while but have it deployed at a few clients. Most are basic things like having the cisco routers use radius to authenticate vpn access.

I'd work on using it along a domain controller or a linux box handing it.

techtips · Oct 31, 2015

Thanks for the replies guys.

As I am new with Radius, does it have to authenticate with AD? We did light radius work back in school but I cannot remember how it was setup.

I initially thought I could host a VM running an OS that will run the Radius services for authentication. It seems like you guys incorporate your client logins with it.

goodcooper · Oct 31, 2015

Raekwon said:
I've got it running on Ubuntu Server 14.04 if you have any questions. I'm still working on it, but using it to authenticate users on network devices and checking an AD server via NTLM and LDAP.

what are using to manage? just cli?

i was looking into daloradius for an enterprise deployment

would use it for wireless and VPN, maybe switches too if i'm feeling extra secure

goodcooper · Oct 31, 2015

techtips said:
Thanks for the replies guys.

As I am new with Radius, does it have to authenticate with AD? We did light radius work back in school but I cannot remember how it was setup.

I initially thought I could host a VM running an OS that will run the Radius services for authentication. It seems like you guys incorporate your client logins with it.

you can... i want mine to be certificate based

mainly because i hate myself....

Deleted member 12106 · Nov 2, 2015

I think I am going to try this. I have a legit wildcard SSL as well.

Wanting to experiment, radius server at home...anybody try?

techtips

Gawd

Sinclair

Limp Gawd

Raekwon

2[H]4U

swatbat

[H]F Junkie

techtips

Gawd

goodcooper

[H]F Junkie

goodcooper

[H]F Junkie

Deleted member 12106

Guest