Contents History ................................................................................................................. Error! Bookmark not defined. Documentation of the RADUIS segment in the PRONESTOR_GUEST network ................................................. 3 Installation objective ..................................................................................................................................... 3 Servers & Network Units ........................................................................................................................... 3 ClearBox RADIUS server ................................................................................................................................ 4 Clearbox Website: ..................................................................................................................................... 4 Version used in this case ........................................................................................................................... 4 System requirements ................................................................................................................................ 4 Concept & How it works .................................................................................................................................... 5 ClearBox Installation Guide (step by step) ........................................................................................................ 6 Configuration of ClearBox RADUIS server ................................................................................................... 13 Configuration advice:............................................................................................................................... 13 ClearBox, just behind the curtain. ............................................................................................................... 14 Basics for the configuration ..................................................................................................................... 15 The installation procedure .......................................................................................................................... 15 Configuration Starters ............................................................................................................................. 16 1) Create a Realm ................................................................................................................................... 17 2) Create a Datasource ............................................................................................................................ 18 3) Create Clients ...................................................................................................................................... 21 4) Add Datasources and Clients to the Realm ......................................................................................... 23 SQL statement: ........................................................................................................................................ 26 Starting the RADIUS Service ........................................................................................................................ 27 1 2 Documentation of the RADUIS segment in the PRONESTOR_GUEST network Installation objective The objective is to authenticate a User who is logged in in to the PRONESTOR_GUEST network, in the PRONESTOR MS SQL Database. The reception generates a username and password for the guest, and hands out the information on a card. The generated user credentials are stored in the PRONESTOR DB. The Nortel WSS switch currently used, cannot connect directly to the MS SQL database, but has to forward the login request to a RADIUS server. Servers & Network Units Units overview Server Name dkcphcb00 Description ClearBox RADIUS Server Graphic OS: MS Windows 2008 R2 ClearBox RADIUS dkcphsql02 PRONESTOR SQL Database Server Pronestor DB WSS1 Wireless Security Switch WSS2 Wireless Security Switch Accesspoint Accesspoint for the PRONESTOR_GUEST network Access Point This installation of ClearBox RADIUS server will be implemented on a MS Windows 2008 R2 server. 3 ClearBox RADIUS server ClearBox RADUIS is a ”Remote Authentication Dial In User Service” application. Clearbox Website: http://www.xperiencetech.com/ Version used in this case System requirements ClearBox System requirements Processor Pentium II or higher Memory 256 MB or higher Operating system Windows 2000/XP/2003 Connectivity TCP/IP installed and configured Hard disk capacity 9 MB of free space 4 Concept & How it works 1) User connects to Access point 3) WSS forwards Login request to RADIUS server 4) RADIUS queries PRONESTOR for match on credentials Http://www.yyy.zzz COMPANY Enter your WiFi credentials User name: Password: Login 6) The WSS verifies whether the User is allowed, and makes the decision upon the RADIUS answer ClearBox RADIUS 5) RADIUS returns the request with a Allow or Reject answer PRONESTOR DB 7) If correct login the user is allowed to the Wireless network ? 2) WSS greets User with login screen. Username and password is given from PRONESTOR VISITOR Wireless Security Switch COMPANY WIRELESS GUEST NETWORK At arrival at the company’s HQ, the user is greeted by the reception with a PRONESTOR VISITOR badge. The badge contains a username and password generated by the PRONESTOR VISITOR Reception frontend. The Credentials is stored in the PRONESTOR DB. 1) The user connects to the Wireless network PRONESTOR_GUEST. 2) When a browser is opened at the host, the user is greeted by a login webpage and prompted for the credentials on the VISITOR badge, given by the reception. The login webpage is hosted by the primary WSS switch. 3) When the user has typed in the credentials, the WSS the passes on the login information to the ClearBox RADIUS server. Then waits for an answer from the RADIUS server. 4) The ClearBox RADIUS server is using the PRONESTOR Database as a remote database. ClearBox queries the PRONESTOR DB for the User login credentials, received from the WSS switch. 5) Whether the credentials is found and authenticated correctly, the ClearBox RADIUS server returns an Allow or Reject answer to the WSS switch. 6) The WSS switch then decides upon the answer from the ClearBox, whether the user is authorized to connect to the PRONESTOR_GUEST wireless network. If the user is allowed, the WSS then stores the user within its own database. 5 7) The user is authorized and authenticated to use the PRONESTOR_GUEST wireless network, and is not restricted further by this installation. Depending upon the setup of the PRONESTOR Database, the user gains access to the PRONESTOR_GUEST network for a limited time. ClearBox Installation Guide (step by step) Installation Guide REMEMBER: This installation does not use certificates! When installing the ClearBox RADIUS server, DO NOT choose to install SSL Certificate tools. If installed, the RADIUS server will require the use of certificates, and will not work properly. Run the file: clearbox_enterprise_5_6.exe Yes install! 6 Next Read License Agreement … Click the “I accept the agreement”. Next 7 Choose an installation folder. We chose the standard folder; “C:\Program Files (x86)\ClearBox Server”. Next Select “Full Installation”. Next 8 Type in a password for the ClearBox installation. This can be edited at a later time. Next Choose “Normal Mode”. Next 9 WARINIG !! DESELECT the “Enable wireless authentication” option. Next… Chose a name in the Start Menu. Next. 10 Inspect the installation selections. If everything is as expected… Install. ClearBox installing… 11 The installation is complete. To configure the ClearBox click the ”Run Control Centre” option. Finish. 12 Configuration of ClearBox RADUIS server This installation is configured on the DKCPHCB00 MS Windows 2008 R2 server. Configuration advice: For in-depth configuration of the ClearBox RADIUS server please refer to the website for more information. 13 ClearBox, just behind the curtain. To configure the ClearBox RADIUS server it is important to understand how it works. To start the configuration of the ClearBox click the “Configure the Server” button. Choose whether to use the frontend as a remote configuration utility for a preinstalled ClearBox server, or use a local installation. Chose “Open local XML file with server settings”. This will open a default configuration. Chose “No”. The utility might not work as you want it to. 14 Now you have the standard configuration. This is where you start to edit and configure the ClearBox RADIUS server. Basics for the configuration Description for the used configuration tools. SQL Data Sources. This will define what database to use for your installation. This is where we will configure the connection details for the PRONESTOR Database. Realms. A Realm is like a Domain in Windows. This is the Container or Object that contains and connects your devices as one interconnected configuration in ClearBox. Realm contains the Realm rules, AAA setup and logging configuration. Configuration of the SQL query, and rule setup will be applied here. RADIUS clients. This is where you define the devices or clients you want to use in the configuration. Here the connection information and credentials for the WSS switches will be defined. The installation procedure 1) 2) 3) 4) Create a Realm Create SQL Datasource Create the Clients Add Datasources and Clients to the Realm 15 Configuration Starters Create a new configuration file for this installation. Click “File” and choose “Save As…”. This configuration will be called “Pronestor_Config_21-02-2011”. Click “Save”. 16 1) Create a Realm To create a new Realm, Right click and click “Add New Realm” Type in the name of the Realm. (Rlm_Pronestor) 17 2) Create a Datasource Right click on “SQL Data Sources” and select “Add New Data Source”. Type in the name for the datasource: SQL_Pronestor 18 Select “MS SQL Server” under Data source type:. Type in the Server name: Type in the database name: Type in the username for ClearBox to access the database: Type in the password for the ClearBox username: (dkcphsql02) (pronestor) (pronestorguest) (<password???>) When done, click the “Test Connection”, to verify SQL connection settings. Click “Apply Changes”. 19 20 3) Create Clients Create new clients for the RADIUS server. This will add the WSS switches, which will be added to the Realm later on. Right click on RADIUS Clients, and click “Add New Client”. Type in the name for your device. 21 Then type in the Client IP address The password (Shared Secret) And choose the Realm you have created: (10.129.144.3) WSS switch IP ( <Password ???>) WSS switch password (Rlm_Pronestor) Click “Apply Changes” Repeat the steps for all the clients you want to use. (Next is DKCPHWSS02) Type in the Client IP address The password (Shared Secret) Choose the Realm you have created: (10.129.144.2) WSS switch IP ( <Password ???>) WSS switch password (Rlm_Pronestor) Click “Apply Changes”. 22 4) Add Datasources and Clients to the Realm This will add your Clients to your Realm. First we add the Clients to the Realm Click on your realm in the Tree view (Rlm_Pronestor) Then click the box “By client IP address”. For adding Clients, click the “+” button. Add the two Security switches DKCPHWSS02 and DKCPHWSS01 Click “OK” button. Click “Apply Changes”. 23 This will add your Datasources to your Realm. First, select your realm in the tree view (Rlm_Pronestor). Then select the Authentication tab Click the SQL database button Select the your datasource “SQL_Pronestor”. 24 In the “Password selection query” field paste in the SQL query that enables the RADIUS server to lookup authentication requests in the PRONESTOR Database. To get the “SQL Editor” view above click the button on the far right When satisfied with the SQL statement, click “OK”. Then click “Apply Changes”. See “SQL statement” for the used query. 25 . SQL statement: Select [wifi_password] from badge where [wifi_user] = '$u' AND (badge.state = 'in' ) AND ( ( dateadd(DAY,1,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE() ) OR ( dateadd(MONTH,1,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE() and guest_category_id = 6 ) OR ( dateadd(MONTH,3,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE() and guest_category_id = 7 ) OR ( dateadd(MONTH,6,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE() and guest_category_id = 8 ) OR ( dateadd(YEAR,1,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE() and guest_category_id = 9 ) ) 26 Starting the RADIUS Service To start the ClearBox RADIUS service… In the left panel, click the “Service Control” option. Click the “Start” button to start the service If Errors occur, view the error log by clicking on “view errors log”. Now the service is running. This concludes the installation. 27