FreeRADIUS is the premiere open source RADIUS server. While detailed statistics are not available, we believe that FreeRADIUS is well within the top 5 RADIUS servers world-wide, in terms of the number of people who use it daily for authentication.
FreeRADIUS project scales from embedded systems with small amounts of memory, to systems with millions of users. It is fast, flexible, configurable, and supports more authentication protocols than many commercial servers.
The FreeRADIUS Server Project encompasses more than just a RADIUS server. The related software includes a PAM authentication module, and an Apache 1.3 and 2.0 authentication module. The server comes with a PHP-based web user administration tool, called dialupadmin.
The RADIUS server has more features and is more flexible than any other free software RADIUS server, and many commercial servers. Most commercial servers are distributed as a "base" system ($), and an "enhanced" version ($$) with more features. FreeRADIUS has all the features of a commercial "enhanced" server, without the associated cost.
In it simplest form, the server is similar to Livingston's 2.0 server. Many configuration files are similar, and the general operation of the server should be familiar to anyone who has used a variant of the Livingston server.
FreeRADIUS can be extended significantly from this simple form, however. There are many modules and configuration files which have no equivalent in older RADIUS servers. These new features permit FreeRADIUS to work within complex systems, and environments which require high performance.
To support the demanding requirements of a modern RADIUS server, FreeRADIUS features more than 50 vendor-specific dictionary files. It ships with support for LDAP, MySQL, PostgreSQL, Oracle databases. It supports EAP, with EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP, and Cisco LEAP sub-types.
It supports proxying, with fail-over and load balancing. It has reached a stable 1.0 release, with incremental improvements being added and tested daily. In short, it is a powerful, fast, and complex RADIUS server which is compatible with the latest network protocols and practices, and is well suited for deployment in any size network.
Product's homepage
What's New in This Release: [ read full changelog ]
Feature improvements:
· Updates to dictionary.erx, dictionary.siemens, dictionary.starent, dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol
· Added support for PCRE from Phil Mayers
· Configurable file permission in rlm_linelog
· Added "relaxed" option to rlm_attr_filter. This copies attributes if at least one match occurred.
· Added documentation on dynamic clients. See raddb/modules/dynamic_clients.
· Added support for elliptical curve cryptography. See ecdh_curve in raddb/eap.conf.
· Added support for 802.1X MIBs in checkrad
· Added support for %{rand:...}, which generates a uniformly distributed number between 0 and the number you specify.
· Created "man" pages for all installed commands, and documented options for all commands. Patch from John Dennis.
· Allow radsniff to decode encrypted VSAs and CoA packets. Patch from Bjorn Mork.
· Always send Message-Authenticator in radtest. Patch from John Dennis. radclient continues to be more flexible.
· Updated Oracle schema and queries
· Added SecurID module. See src/modules/rlm_securid/README
Bug fixes:
· Fix memory leak in rlm_detail
· Fix "failed to insert event"
· Allow virtual servers to be reloaded on HUP. It no longer complains about duplicate virtual servers.
· Fix %{string:...} expansion
· Fix "server closed socket" loop in radmin
· Set ownership of control socket when starting up
· Always allow root to connect to control socket, even if "uid" is set. They're root. They can already do anything.
· Save all attributes in Access-Accept when proxying inner-tunnel EAP-MSCHAPv2
· Fixes for DHCP relaying.
· Check certificate validity when using OCSP.
· Updated Oracle "configure" script
· Fixed typos in dictionary.alvarion
· WARNING on potential proxy loop.
· Be more aggressive about clearing old requests from the internal queue
· Don't open network sockets when using -C
Find us on Google+
