RADIUS is one of the features often supported in your remote access solution. It’s very likely the preferred or most supported authentication mechanism for that remote access solution. And yet, a RADIUS sever somehow didn’t come included and integrated in that same remote access solution. Firewalls, remote access gateways, VPN concentrators and more all work seem to have the best support with RADIUS, especially with the Accounting components.
RADIUS may be your choice because your AAA solution doesn’t support LDAP or Active Directory, or because you don’t have a directory server already in place and designing and implementing one isn’t practical. If you already have a directory, FreeRADIUS can support LDAP as a back-end data store. This is a common configuration in VPN AAA.
So, FreeRADIUS may be the solution for you.
Features (5 out of 5)
FreeRADIUS has all the features you would expect from a commercial RADIUS server, plus quite a few more that I hadn’t seen in many commercial offerings. The FreeRADIUS project also offers client software and libraries for RADIUS integration if you need more than just the server. Some of the server features include: Access-based huntgroups, caching of all config files in memory, keeping a list of logged in users, support for vendor-specific attributes, proxy support, PAM support, and more. SNMP support, PEAP, EAP-TLS and other advanced features are also present and implemented. Other nice features include logging to SQL databases, and as mentioned earlier, LDAP support. Of all these features, you may never need many of them, but it’s nice to know that if you do need a feature, that it’s very likely to be implemented in FreeRADIUS.
Installation & Setup (4 out of 5)
Documentation and install instructions are plentiful on the FreeRADIUS web site. If you have installed software on any Unix, Linux, or Unix-like OS you should be familiar with the process. Tar files are provided for compilation, and the Suse project offers several package files if you prefer binaries. There is even a Win32 binary package, although the one I found required Cygwin.
Now if you haven’t installed, compiled, and configured applications on Unix platforms before, this may not be the easiest program for you to start off with. Explaining compilation options and precompilation dependencies is definitely beyond the scope of this review! Also, if you have never set up an access server or NAS device, and never used RADIUS before, this isn’t going to be the easiest thing in the world for you to figure out.
Overall (5 out of 5)
With so much support and so many features, you may find that everything you need regarding AAA for NAS is available in this Open Source offering. FreeRADIUS brings a feature-rich, platform independent RADIUS implementation that works with the Windows clients of the world and runs on any Unix platform you’re likely to have. And if you really want to run the radiusd server on Windows, that’s possible too.