Seven Free or Low-Cost RADIUS Servers for Your Enterprise Network

By Jabez Gan | Dec 16, 2010 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/10952_3917546_3/Seven-Free-or-LowCost-RADIUS-Servers-for-Your-Enterprise-Network.htm

If you're a network administrator at any large, security-conscious organization, you've got identity management implemented for your wired endpoints. What if you want to extend this beyond your wired infrastructure, to your wireless clients? That's where a Remote Authentication Dial-In User Service (RADIUS) server comes in: Your wireless access points will act as RADIUS clients, giving your users access to your network with their existing identities. If you haven't implemented RADIUS yet, here's how it works:

  1. Wireless devices connect to a wireless access point using a RADIUS client.
  2. The RADIUS client requests a set of credentials from the user.
  3. When the user types in the username and password, the RADIUS client passes the credentials to the RADIUS server
  4. The RADIUS server will apply network policies and pass the credentials to the identity management server, e.g.Active Directory Domain Services.
  5. The identity management server passes back the authorization to the RADIUS server.
  6. The RADIUS server confirms network connection with the client.
  7. The RADIUS client connects the mobile device's wireless adapter to the network.

Figure 1 shows how these infrastructures communicate with one another using Microsoft's technologies.

RADIUS clients communicating with a network

RADIUS server options

If you are new to RADIUS and just getting started on researching the right RADIUS server for your environment, you might be surprised at the many software offerings available. To help you get your bearings, I've selected some of the most used RADIUS servers.

No-Cost RADIUS servers

FreeRADIUS

Since they're working on the most widely used free RADIUS server, the developers of FreeRADIUS software have extra motivation to enhance the software constantly. Updates come out every few months, ensuring that users are not only getting the basic features of a RADIUS server, but also commercial-grade security features as well.

FreeRadius can integrate with Active Directory and Novell eDirectory for identity management, and is a good option if Internet Authentication Server (IAS) -- found in Windows Server 2003 or Network Policy Server (NPS) in Windows Server 2008 -- is not good enough for you.

Available for Linux/Unix only.

FreeRADIUS.NET

Due to the limitations of the original FreeRADIUS, FreeRADIUS.net ported the server to work on the Windows platform. Just like any other software, the developers can stall development anytime they want. This is the case for FreeRADIUS.net, which only offers builds up to version 1.1.7, which is two years old.

FreeRADIUS.net is only good for smaller businesses looking to deploy RADIUS on an existing Windows machine, and who do not care about support.

Available for Windows only.

TekRadius

The easiest to configure and use of the no-cost RADIUS servers on Windows, TekRadius provides a good option for companies who want to set up a RADIUS server on their existing backend infrastructure which runs on Windows XP/Vista.

TekRadius is stable and easy to use. The key features that I love about TekRadius include:

  • Ability to expire users
  • Ability to check users' credit limits
  • A nice interface to browse accounting records

Available for Windows only.

RADIUS GNU

RADIUS GNU works exactly the same as FreeRADIUS above, except that it supports a wider range of authentication schemes, including:

  • System Database: User credentials are stored in /etc/passwd

  • Internal Database: User credentials are stored in the internal RADIUS database

  • SQL authentication: User credentials are stored in a standard SQL database

  • PAM (Pluggable Authentication Service) authentication: Applications are not required to be re-written to support different authentication schemes. See this documentation on Linux PAM for more information.

Other than the above authentication schemes, there's no major difference with this RADIUS server software.

Available for Linux/Unix only.

Paid RADIUS servers

Network Policy Server/Internet Authentication Service

Network Policy Server (NPS) or Internet Authentication Service (IAS) is a built-in service from Windows Server. It integrates by default with Active Directory. With the GUI, the configuration becomes a breeze.

NPS and IAS are good only if the backend infrastructures rely on Microsoft technologies.

Available for Windows Server only.

Elektron

Elektron is one of the more affordable options for getting a quality, secure and user-friendly RADIUS server. Most importantly, it does not cost a lot. Unlike the free RADIUS servers listed above, Elektron also supports VPN and dial-in authentications.

I highly recommend Elektron if you want to have a reliable, non-Microsoft alternative RADIUS server.

Available for Windows and MacOS only.

Aradial

The last RADIUS server that I want to highlight is Aradial. Aradial is one of the oldest RADIUS servers out there, and it is used mainly by companies that want to charge their users for the usage, e.g. ISPs. Through Aradial, users need to purchase prepaid cards or vouchers before their accounts are usable.

If you want to setup a chargeable hotspot for your users to connect to, Aradial is the one for you.

Available for Windows, Linux and Solaris.

Did I leave out any other RADIUS servers worthy of highlight? Drop me a comment below!