Contents
History
Documentation of the RADUIS segment in the PRONESTOR_GUEST network
Installation objective
Servers & Network Units
ClearBox RADIUS server
Clearbox Website:
Version used in this case
System requirements
Concept & How it works
ClearBox Installation Guide (step by step)
Configuration of ClearBox RADUIS server
Configuration advice:
ClearBox, just behind the curtain.
Basics for the configuration
The installation procedure
Configuration Starters
1) Create a Realm
2) Create a Datasource
3) Create Clients
4) Add Datasources and Clients to the Realm
SQL statement:
Starting the RADIUS Service
Documentation of the RADUIS segment in the PRONESTOR_GUEST network
Installation objective
The objective is to authenticate a User who is logged in in to the PRONESTOR_GUEST network, in the PRONESTOR MS SQL Database. The reception generates a username and password for the guest, and hands out the information on a card.
The generated user credentials are stored in the PRONESTOR DB. The Nortel WSS switch currently used, cannot connect directly to the MS SQL database, but has to forward the login request to a RADIUS server.
Servers & NetworkUnits
Units overviewServer Name / Description / Graphic
dkcphcb00 / ClearBox RADIUS Server
OS: MS Windows 2008 R2 /
dkcphsql02 / PRONESTOR SQL Database Server /
WSS1 / Wireless Security Switch /
WSS2 / Wireless Security Switch /
Accesspoint / Accesspoint for the PRONESTOR_GUEST network /
This installation of ClearBox RADIUS server will be implemented on a MS Windows 2008 R2 server.
ClearBox RADIUS server
ClearBox RADUIS is a ”Remote Authentication Dial In User Service” application.
Clearbox Website:
Version used in this case
System requirements
ClearBox System requirementsProcessor / Pentium II or higher
Memory / 256 MB or higher
Operating system / Windows 2000/XP/2003
Connectivity / TCP/IP installed and configured
Hard disk capacity / 9 MB of free space
Concept & How it works
At arrival at the company’s HQ, the user is greeted by the reception with a PRONESTOR VISITOR badge. The badge contains a username and password generated by the PRONESTOR VISITOR Reception frontend. The Credentials is stored in the PRONESTOR DB.
1)The user connects to the Wireless network PRONESTOR_GUEST.
2)When a browser is opened at the host, the user is greeted by a login webpage and prompted for the credentials on the VISITOR badge, given by the reception. The login webpage is hosted by the primary WSS switch.
3)When the user has typed in the credentials, the WSS the passes on the login information to the ClearBox RADIUS server. Then waits for an answer from the RADIUS server.
4)The ClearBox RADIUS server is using the PRONESTOR Database as a remote database. ClearBox queries the PRONESTOR DB for the User login credentials, received from the WSS switch.
5)Whether the credentials is found and authenticated correctly, the ClearBox RADIUS server returns an Allow or Reject answer to the WSS switch.
6)The WSS switch then decides upon the answer from the ClearBox, whether the user is authorized to connect to the PRONESTOR_GUESTwireless network. If the useris allowed, the WSS then stores the user within its own database.
7)The user is authorized and authenticated to use the PRONESTOR_GUEST wireless network, and is not restricted further by this installation.
Depending upon the setup of the PRONESTOR Database, the user gains access to the PRONESTOR_GUEST network for a limited time.
ClearBox Installation Guide (step by step)
Installation Guide
- REMEMBER:
This installation does not use certificates!
When installing the ClearBox RADIUS server, DO NOT choose to install SSL Certificate tools. If installed, the RADIUS server will require the use of certificates, and will not work properly.
Run the file: clearbox_enterprise_5_6.exe
Yes install!
Next
Read License Agreement …
Click the “I accept the agreement”.
Next
Choose aninstallation folder.
We chose the standard folder; “C:\Program Files (x86)\ClearBox Server”.
Next
Select “Full Installation”.
Next
Type in a password for the ClearBox installation. This can be edited at a later time.
Next
Choose “Normal Mode”.
Next
WARINIG !!DESELECT the “Enable wireless authentication” option.
Next…
Chose a name in the Start Menu.
Next.
Inspect the installation selections. If everything is as expected…
Install.
ClearBox installing…
The installationis complete.
To configure the ClearBox click the ”Run Control Centre” option.
Finish.
Configuration of ClearBox RADUIS server
This installation is configured on the DKCPHCB00MS Windows 2008 R2 server.
Configuration advice:
For in-depth configuration of the ClearBox RADIUS server please refer to the website for more information.
ClearBox, just behind the curtain.
To configure the ClearBox RADIUS server it is important to understand how it works.
To start the configuration of the ClearBox click the “Configure the Server” button.
Choose whether to use the frontend as a remote configuration utility for a preinstalled ClearBox server, or use a local installation.
Chose “Open local XML file with server settings”.
This will open a default configuration.
Chose “No”. The utility might not work as you want it to.
Now you have the standard configuration. This is where you start to edit and configure the ClearBox RADIUS server.
Basics for the configuration
Description for the used configuration tools.
- SQL Data Sources.
This will define what database to use for your installation. This is where we will configure the connection details for the PRONESTOR Database. - Realms.
A Realm is like a Domain in Windows. This is the Container or Object that contains and connects your devices as one interconnected configuration in ClearBox.
Realm contains the Realm rules, AAA setup and logging configuration.
Configuration of the SQL query, and rule setup will be applied here. - RADIUS clients.
This is where you define the devices or clients you want to use in the configuration.
Here the connection information and credentials for the WSS switches will be defined.
The installation procedure
1)Create a Realm
2)Create SQL Datasource
3)Create the Clients
4)Add Datasources and Clients to the Realm
Configuration Starters
Create a new configuration file for this installation.
Click “File” and choose “Save As…”.
This configuration will be called “Pronestor_Config_21-02-2011”.
Click “Save”.
1) Create a Realm
To create a new Realm, Right click and click “Add New Realm”
Type in the name of the Realm.(Rlm_Pronestor)
2) Create a Datasource
Right click on “SQL Data Sources” and select “Add New Data Source”.
Type in the name for the datasource: SQL_Pronestor
Select “MS SQL Server” under Data source type:.
Type in the Server name:(dkcphsql02)
Type in the database name:(pronestor)
Type in the username for ClearBox to access the database:(pronestorguest)
Type in the password for the ClearBox username:(<password???>)
When done, click the “Test Connection”, to verify SQL connection settings.
Click “Apply Changes”.
3) Create Clients
Create new clients for the RADIUS server. This will add the WSS switches, which will be added to the Realm later on.
Right click on RADIUS Clients, and click “Add New Client”.
Type in the name for your device.
Then type in the Client IP address(10.129.144.3) WSS switch IP
The password (Shared Secret)( <Password ???>)WSS switch password
And choose the Realm you have created:(Rlm_Pronestor)
Click “Apply Changes”
Repeat the steps for all the clients you want to use. (Next is DKCPHWSS02)
Type in the Client IP address(10.129.144.2) WSS switch IP
The password (Shared Secret)( <Password ???>)WSS switch password
Choose the Realm you have created:(Rlm_Pronestor)
Click “Apply Changes”.
4) Add Datasources and Clients to the Realm
This will add your Clients to your Realm.
First we add the Clients to the Realm
Click on your realm in the Tree view (Rlm_Pronestor)
Then click the box “By client IP address”.
For adding Clients, click the “+” button.
Add the two Security switches DKCPHWSS02 and DKCPHWSS01
Click “OK” button.
Click “Apply Changes”.
This will add your Datasources to your Realm.
First, select your realm in the tree view (Rlm_Pronestor).
Then select the Authentication tab
Click the SQL database button
Select the your datasource “SQL_Pronestor”.
In the “Password selection query” field paste in the SQL query that enables the RADIUS server to lookup authentication requests in the PRONESTOR Database.
To get the “SQL Editor” view above click the button on the far right .
When satisfied with the SQL statement, click “OK”.
Then click “Apply Changes”.
See “SQL statement” for the used query.
SQL statement:
Select [wifi_password] from badge
where [wifi_user] = '$u'
AND
(badge.state = 'in' )
AND
(
(
dateadd(DAY,1,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()
)
OR
(
dateadd(MONTH,1,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()
and guest_category_id = 6
)
OR
(
dateadd(MONTH,3,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()
and guest_category_id = 7
)
OR
(
dateadd(MONTH,6,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()
and guest_category_id = 8
)
OR
(
dateadd(YEAR,1,convert(varchar,(LEFT([start_date],8)),112)) > GETDATE()
and guest_category_id = 9
)
)
Starting the RADIUS Service
To start the ClearBox RADIUS service…
In the left panel, click the “Service Control” option.
Click the “Start” button to start the service
If Errors occur, view the error log by clicking on “view errors log”.
Now the service is running.
This concludes the installation.
1