Live Chat Software by Kayako
The 9 Best Low-Cost RADIUS Servers
Posted by Thang Le Toan on 03 October 2015 10:28 AM
Need a Remote Authentication Dial-In User Service (RADIUS) server for your authentication, authorization and accounting (AAA) needs? You can spend thousands on RADIUS solutions, but there are also a number of lower-cost alternatives.
For more information on Windows servers Partner Offers
These solutions are especially useful for smaller organizations that may only be using it for a single purpose, such as to implement enterprise Wi-Fi security with 802.1X authentication. Many, however, can also be used for other AAA purposes.
If you're running a Windows Server, keep in mind you already have RADIUS capability. Before using a third-party server, look into the Internet Authentication Service (IAS) component in Windows Server 2003 R2 and earlier or the Network Policy Server (NPS) component in Windows Server 2008 and later.
For those without a Windows Server, or those whom require more functionality and customization, consider these solutions:
This free and open source software is one of the most popular RADIUS servers in the world. FreeRADIUScan be setup on an old desktop tower to serve anywhere from a dozen to a few hundred users, or it can be installed on appropriate servers to support up to millions of users and requests. FreeRADIUS is designed for running on Unix, Linux and other Unix-like operating systems. You can find it in the repositories of most Linux distributions installed easily or manually compiled on most others. By default, FreeRADIUS has a command-line interface, and setting changes are made via editing configuration files best suitable for IT professionals with Unix/Linux experience. The configuration is highly customizable, and because it's open source you can even make code changes to the software.
FreeRADIUS.netis a free Windows distribution of FreeRADIUS, designed to work on Windows XP. It may also work on other versions of Windows. It's offered via a Windows installer, but it is based on the old FreeRADIUS version 1.1.7. You can also manually build your own binaries, but you may be limited to the 2.0 version. Due to these version limitations, and given that it doesn't run on its native platform, FreeRADIUS.net isn't suitable for critical networks. But it's great for RADIUS newbies who want to experiment and aren't familiar with Unix or Linux.
TekRADIUSruns on Windows and offers a GUI. The basic features are offered for free; additional versions can be purchased. The TekRADIUS Enterprise version ($149) adds support for EAP-TLS, dynamic self-signed certificate creation for PEAP sessions, NTLM authentication for MS-CHAP authentication methods and regular expression based attribute matching. Then the TekRADIUS SP version ($449) gives you VoIP billing in addition to the enterprise features.
4. Access Points
If you're looking for a RADIUS solution just for 802.1X authentication so you can implement enterprise Wi-Fi security, keep in mind some Access Points (APs) have an embedded RADIUS server. For example, the HP ProCurve 530. Additionally, ZyXEL offers built-in RADIUS on a couple different business-class APs, such as the NWA-3500, NWA3166 or NWA3160-N. These are priced over $230 and are great for those who don't want to setup and maintain their own server. One of these could serve as the authentication server for all the other APs, and they don't even have to of the same model or brand.
RouterOS is the operating system (OS) MikroTik uses for its RouterBOARD products, which it offers for free (limited functionality) and all features for a nominal fee ($45+). It includes an embedded RADIUS server. Since it offers all the main router functions (e.g., NAT firewall, VPN server and hotspot gateway) it could even be used as the main network router. The OS is downloadable as an ISO image that you can burn on a CD and boot from to install it. A Windows utility is also offered to write RouterOS to a secondary drive that's been attached and the drive can be moved to the dedicated PC or server. Configuration changes can be made via a few methods, including command-line, web browser, and RouterOS' Windows WinBox utility.
ZeroShell is another router OS, but it is open source and completely free. It also includes a built-in RADIUS server among the usual router functionalities: NAT firewall, VPN, and so on. ZeroShell is offered as a live CD, so it doesn't have to be installed and requires only a small drive to save the configuration. However, this project isn't as popular as others and is still in beta. Thus, it isn't the best choice for critical networks.
AuthenticateMyWiFiis a cloud-based service priced starting at $13/month. It offers hosted server access specifically for 802.1X authentication. It enables small and midsize organizations to easily use the enterprise mode of WPA or WPA2 security for their Wi-Fi network. Since there's no server to set up, it's great for organizations without an IT staff. Since AuthenticateMyWiFi is cloud-based, it also makes securing Wi-Fi networks at multiple offices easy.
Although ClearBox is available only as as commercial offering, a 30-day evaluation is provided, and the $599 price after that is relatively low compared to other solutions and. ClearBox runs on Windows and is configured through a no-thrills GUI. It offers a configuration wizard to ease setup while at the same time, it is highly flexible and customizable. ClearBox supports integration with several billing systems as well.
Elektron is another commercial RADIUS server. It is priced at $750 after the 30-day evaluation. Elektron is marketed mostly toward providing 802.1X authentication for enterprise Wi-Fi security, but it can also be used for other AAA needs. Elektron runs on Windows and provides a GUI that's a bit more fresh and inviting than others. Although it should still be setup and maintained by an IT professional, the server and documentation is designed more for newbies than other solutions are. Although Elektron is flexible, it doesn't offer as much customization as some other solutions do.
Read more »
5 Free RADIUS Testing and Monitoring Tools
Posted by Thang Le Toan on 29 September 2015 10:55 PM
It's good to have a RADIUS client simulator program during the configuration and troubleshooting of a RADIUS server--whether you're using NPS or IAS on a Windows Server or other AAA server. Although most servers come with their own testing tool, it's always good to have choices.
When troubleshooting a RADIUS server, it's good to have a client simulator program. These five RADIUS testing and monitoring tools can help you test the initial configuration of the server and any changes.
These tools can help you test the initial configuration of the server and when you make changes, and you can experiment with varying client configurations. You might also want a RADIUS monitoring application if you don't have some other network monitoring solution in place.
Here are five RADIUS testing and monitoring tools, all completely free.
Depending on your firewall configuration, you may have to open up UDP ports 1645 and 1646 or 1812 and 1813, depending on which set your server uses.
NTRadPing is a free RADIUS client program offered by MasterSoft, developer of the DialWays server. It's available for Windows as a standalone or portable program that doesn't require installation. It sends packets and displays the replies on the GUI. You can select preconfigured packet types and attributes, or define your own custom ones.
You can quickly input sever, user, packet and attribute details on the GUI. The RADIUS dictionary is defined in an included file and can be customized with vendor specific attributes if needed.
Once everything is set, hit send and you'll see any replies. You can easily save all the settings and load them at a later time.
NTRadPing even has a Help button that provides pertinent info.
2. RADIUS Test Rig Utility
RADIUS Test Rig Utility is a free RADIUS client utility provided by Juniper Networks, an enterprise networking vendor. It is also known simply as RadiusTest. It runs on Windows as a portable program that doesn't require installation. However, it is limited to only sending packets for authentication and accounting (PAP and CHAP).
You input all the settings via both the configuration file and GUI. Its RADIUS dictionary is loaded with the popular vendor attributes and can be customized if needed.
After hitting Execute, you'll see the status and elapsed time for each packet. You'll also see a run-down of the overall testing statistics. Plus, you can hit the Details button to view status details and packets sent and received.
3. Radlogin (Included With FreeRADIUS)
Keep in mind, this is a totally different program and project than the one offered by IEA Software and discussed next. It can send packets to a RADIUS server and display the replies at the command-line. You can send authentication, accounting, status, and disconnect packets.
You can pass the desired attributes in the command-line or point to a file. You can also specify the number of times to send the packet, number of retry times, delay between packets and timeout limit. It uses the default dictionaries included with FreeRADIUS.
4. Radlogin From IEA Software
Although it has the same name as the previous program, this is totally different. This Radlogin program is offered free by IEA Software, developer of the RadiusNT and RadiusX servers. It can run on Windows, FreeBSD, Sparc Solaris and Linux platforms.
Radlogin can send authentication, accounting, and disconnect requests. But its more advanced than the other programs we've discussed so far. You can send RADIUS queries from the command line, a web-based interface or via the web service API. The dictionary supports more than 70 vendors. It even validates the RADIUS packet decodes. Status and reply details are displayed and stored for later reference.
It can also be used for load testing and even as an automated pinging and monitoring solution with uptime statistics and email/SMS alerts.
You'll find a comprehensive configuration and user PDF manual included with Radlogin.
RadPerf is provided free by Network RADIUS SARL, a FreeRADIUS consulting company headed by one of its founders, Alan DeKok. It's a command-based client program designed specifically for load-testing RADIUS servers to see if they're production-ready. It runs on Windows, Mac OS X and Linux.
You can load in a list of users and passwords in a CSV file, so it can generate the authentication and accounting packets at your desired rate. It can help simulate pikes in traffic, long-lived user sessions, and end-to-end user behavior.
After testing, it provide a report comparing the offered and accepted load, and gives the total accepted packets per second.
Recommended for You
Read more »