Access Control
Overview
Network Access Control (NAC) is usually done with the 802.1X Network standard and a RADIUS server. At a base level, users identify themselves and are granted or denied access on an individual basis.
Role Based Access Control (RBAC) uses the same setup, but takes it a step further. It examines user attributes, such as job title, physical location, time of day, etc, to decide if they can have access, and even what network to put them on.
Windows and Mac PCs support this over physical ethernet with little or no configuration. But a more frequent use is with Enterprise WiFi, where you supply both a login name or email address and a password.
Implementing with Open Source Tools
In our example we’ll use Linux with FreeRADIUS and OpenLDAP. Importantly, we’ll use the MSCHAPv2 password hash so that the user’s plaintext passwords don’t need to be stored and it directly integrates with Windows/Mac/Phones.
Install and configure as described in the following in order.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.