FreeRADIUS: Acing a secure connection


FreeRADIUS: Acing a secure connection

Secure access to network resources requires a few "A's," -- authentication, authorization and accounting, often referred to as a "triple A." Authentication is accomplished with identity credentials, such as passwords, tokens,

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

or digital certificates. Authorization provides specific services, and accounting tracks the use of network resources by users. To manage this centrally, SMBs and large organizations alike use software that supports the Remote Authentication Dial-In User Service (RADIUS) protocol.

Despite the "dial-in" portion of its name, RADIUS has moved well beyond dial-in to become a staple for secure wireless authentication for Linux and Windows networks. RADIUS provides corporations with a central database that is shared among remote servers. User profiles are maintained on this database, and can be distributed to enterprise servers for authentication lookups. This simplifies administration and improves security, because user access policies can be managed at a single logical point in the network.

Yet there's a way to make a good thing even better. FreeRADIUS is the premiere version of RADIUS, an open source RADIUS server licensed under General Public License (GNU) version 2. It supports the authentication, authorization and accounting needs of sites with 10 users to tens of thousands of users, and it can also be found in carrier-class deployments with millions of users.

FreeRADIUS provides support for SQL, LDAP, RADIUS proxying, failover and load balancing. It also has connectors for many types of back-end databases. On the client side, it performs authentications via the PAP, CHAP, MS-CHAP, EAP-MD5, EAP-GTC, EAP-TLS, EAP-TTLS, PEAPv0, LEAP, EAP-SIM and digest authentication protocols. With its ability to proxy, support for pluggable authentication modules and Linux virtual servers, FreeRADIUS rivals and exceeds capabilities found in commercial products, such as Cisco ACS and Microsoft IAS.

The FreeRADIUS server is bundled with enterprise Linux packages, such Red Hat Linux, making installation as easy as checking a box. It is also available via most popular Linux repositories, which can install it simply by clicking on an install button. It's also easy to administer, using a customizable PHP-based Web-based user administration tool. For those who only run Windows, there is also a Win32 distribution based on the FreeRADIUS source.

FreeRADIUS offers a high level of performance and availability for the three As across heterogeneous networks. It is modular, extensible, and is extremely well supported. You would be hard-pressed to find a better infrastructure product at any price.

About the author:
Scott Sidel is an ISSO with Lockheed Martin.

This was first published in November 2007

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.