Back to article
6 Open Source Projects for 802.1X Network Authentication
September 20, 2010
By Eric Geier
The 802.1X authentication protocol plays a major role in Wi-Fi security of business networks. It enables the Enterprise flavor of Wi-Fi Protected Access (WPA and WPA2) encryption for wireless networks, and can also provide authentication on the wired side. Here are six open source projects that deal with 802.1X authentication:
FreeRADIUS is probably the most important contribution to 802.1X from the open source community. It's a popular Remote Authentication Dial In User Service (RADIUS) server that can provide the Authentication, Authorization, and Accounting (AAA) for 802.1X and numerous other protocols. FreeRADIUS can save you from buying a commercial server like Radiator or Elektron, saving hundreds or thousands of dollars.
FreeRADIUS can install and run on Linux, Mac OS X, and other Unix-like operating systems. As you see in the next section, you can even run it on Windows. FreeRADIUS works with all the major 802.1X clients or supplicants and operating systems.
FreeRADIUS can handle all the popular 802.1X protocols, such as PEAP, EAP-TLS, and EAP-TTLS. For the user database, it supports local files, LDAP, Active Directory, MySQL, and more. FreeRADIUS is also highly customizable with the configuration files, RADIUS attributes, and source code changes.
If you haven't worked much with Linux and RADIUS servers, there'll be some learning curve. It's not GUI-based, you setup everything in configuration files. However, now FreeRADIUS is quite easy to setup for 802.1X. The server certificate is auto generated and you should only have to make a few changes to the configuration files. If you need help, refer to a previous tutorial I wrote for another Internet.com site.
FreeRADIUS.net is a win32 distribution of FreeRADIUS with MySQL support that can install and run on Windows XP. Currently, it uses FreeRADIUS version 1.1.7, one of the last 1.x releases. Keep in mind, there have been major improvements in the 2.x versions, with the latest version being 2.1.9.
If you want to use a more current FreeRADIUS release, consider building your own version with Cygwin. You can refer to the FreeRADIUS.net homepage for instructions on how to do this with versions 2.0.x and below.
Once you install FreeRADIUS.net, you'll see a system tray icon for it. The menu has shortcuts to the main configuration files and directories. Here you can also start, stop, and restart the server, put it into debug mode, and access the command shell. The help files includes the manual pages and other helpful information.
The open source community has also made contributions on the client side. You'll see 802.1X clients also referred to as supplicants. One of these is wpa_supplicant.
The wpa_supplicant is an open source project designed for use on Linux, BSD, Mac OS X, and Windows. Its main advantage is the portability of different drivers and operating systems (OSs). Though Microsoft and Apple have now designed their own native cleints, wpa_supplicant still provides for the open source OSs.