RADIUS (Remote Authentication Dial-In User Service) is a central component of UCS and enables you to control access to WLAN networks for users, groups, and devices. In January we published a blog post with a short introduction to RADIUS, and in this article I’m going to explain how to set up RADIUS for your UCS domain. This article also covers the new features in UCS 4.4.
What is RADIUS?
RADIUS handles the authentication of users and their authorization after logging in (i.e. access to certain data or services). It also takes care of creating log files. Advantages of this solution are that the users’ credentials (their domain passwords) are stored and managed at a central location (in the directory service). RADIUS enhances security for your networks and is therefore a good idea when you’re planning to set up a BYOD (Bring Your Own Device) environment, for example in companies or schools.
It’s easy to install RADIUS via the Univention App Center. In order to connect WLAN clients (such as laptops, smartphones, or tablets), the corresponding access point (AP) must support the IEEE 802.1x standard, i.e. WPA Enterprise. Store the RADIUS server’s information in the AP configuration, and users can now connect with the same usernames/passwords they use in the UCS domain.