Secure access to network resources requires a few "A's," -- authentication, authorization and accounting, often referred to as a "triple A." Authentication is accomplished with identity credentials, such as passwords, tokens,
Despite the "dial-in" portion of its name, RADIUS has moved well beyond dial-in to become a staple for secure wireless authentication for Linux and Windows networks. RADIUS provides corporations with a central database that is shared among remote servers. User profiles are maintained on this database, and can be distributed to enterprise servers for authentication lookups. This simplifies administration and improves security, because user access policies can be managed at a single logical point in the network.
Yet there's a way to make a good thing even better. FreeRADIUS is the premiere version of RADIUS, an open source RADIUS server licensed under General Public License (GNU) version 2. It supports the authentication, authorization and accounting needs of sites with 10 users to tens of thousands of users, and it can also be found in carrier-class deployments with millions of users.
FreeRADIUS provides support for SQL, LDAP, RADIUS proxying, failover and load balancing. It also has connectors for many types of back-end databases. On the client side, it performs authentications via the PAP, CHAP, MS-CHAP, EAP-MD5, EAP-GTC, EAP-TLS, EAP-TTLS, PEAPv0, LEAP, EAP-SIM and digest authentication protocols. With its ability to proxy, support for pluggable authentication modules and Linux virtual servers, FreeRADIUS rivals and exceeds capabilities found in commercial products, such as Cisco ACS and Microsoft IAS.
The FreeRADIUS server is bundled with enterprise Linux packages, such Red Hat Linux, making installation as easy as checking a box. It is also available via most popular Linux repositories, which can install it simply by clicking on an install button. It's also easy to administer, using a customizable PHP-based Web-based user administration tool. For those who only run Windows, there is also a Win32 distribution based on the FreeRADIUS source.
FreeRADIUS offers a high level of performance and availability for the three As across heterogeneous networks. It is modular, extensible, and is extremely well supported. You would be hard-pressed to find a better infrastructure product at any price.
About the author:
Scott Sidel is an ISSO with Lockheed Martin.
This was first published in November 2007