YubiRadius allows the system administrator to host an in-house Radius server (I was about to write Yadius) that is the missing link between Yubikeys and anything that can interface with Radius.
Unfortunately YubiRadius only comes in OVF and VMware formats, which leaves anyone with Hyper-V infrastructure in a hole, but luckily its quite easy to get it up and running on Hyper-V
The Conversion Process
1. Download YubiRadius VMWARE edition from here http://yubico.com/yubiradius-vm
2. Grab the VMDK2VHD converter, it easily converts VMDK files directly to VHD for use in Hyper-V. You can download it from here http://vmtoolkit.com/files/folders/converters/entry8.aspx
4. Open VMDK2VHD, it will prompt you for a VMDK file, point it towards the YubiRadius VMDK file you downloaded in step 1. Select an output location for your VHD file and start the process.
3. Once the VHD has been created jump onto your Hyper-V box and create a new virtual machine, give it the following attributes.
Memory: 1024MB (or more if you want)
Legacy Network Adapater
and assign your newly created VHD file to the IDE controller.
The rest of the settings are up to your personal preference.
4. Take a snapshot before you start, just in case you hose something in the setup process. Then boot your new Hyper-V YubiRadius server.
5. Login with the default credentials.
Username: root
password: yubico
Once logged in the GUI may not load correctly, it didn't for me. A simple ctrl+alt+f2 will re-direct you to a working terminal. From here you can use update-rc.d -f remove to remove services you don't want to run at boot, such as the GUI X11.
6. We need to setup the network adapter so we can login via SSH for future configuration. Enter the following commands at the command prompt.
cd /etc/networkBelow are some example settings you can change and then paste directly into the interfaces file.
nano interfaces
# The primary network interfaceMake sure you hash out the #auto eth0 line, or you may have problems booting.
allow-hotplug eth0
iface eth2 inet static
address 192.168.1.100
netmask 255.255.254.0
network 192.168.1.0
broadcast 192.168.2.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.1.1
dns-search domain.internal
Press ctrl+x to exit, and type Y to save the changes.
7. Next we need to add at least one DNS server to /etc/resolv.conf to enable DNS resolution. You can change the below IP address to reflect your DNS server.
echo 192.168.1.1 >> /etc/resolv.conf
8. Finally you can issue a reboot with the below command for the settings to activate.
shutdown -r now
9. After the system has rebooted, you should be able to SSH in and access the Webmin interface via http://IP:10000/
The default username is yubikey and the password is yubico.
It might be a good idea to setup an IPTables firewall and disable as many unrequired services as possible, YubiRadius is fairly loose by default.
If you hose the system (it doesn't reboot after you change the network settings) you can go back to the snapshot you took before you started. Ensure your network configuration is correct and you hashed out the #auto eth0 line after changing the interfaces file.
No comments:
Post a Comment