Search the Community

Previously, we have discussed what radius servers are all about. Today we'll talk about Radius Servers' types and their features. Some are free sources, while some are paid. Each of these radius servers is exceptional for what they are developed and used for. They developed some of these radius servers for different operating systems. First, there are different radius servers that were designed for different purposes and different usage based on their platforms. Below are the radius servers, their platforms, and their usage: FreeRadius: FreeRadius is one of the leading open-source RADIUS servers, and is available on Linux, Unix, and Windows. Other than the RADIUS Server, it includes a BSD licensed client library, Apache module, and a PAM library. Supposed to be the world’s most widely deployed RADIUS server, over 50 thousand sites use it and can support organizations ranging in size from 10 users to over a million users. It can also be configured independently for each of the server IP addresses, client IP addresses, home server IP pool, and inner TLS tunnels. FreeRADIUS has authenticated over 1 billion users around the globe, and it's still counting. Many popular telecommunication companies rely on FreeRadius Server. FreeRADIUS was founded in June 1999 by Miquel van Smoorenburg and Alan DeKok. The first public “alpha” release of the code was in August 1999, with 0.1 being released in May 2001. Since then, new versions have been released every few months.

What is Radius Server? When we say Radius Server in networking, what does it really mean? According to Wikipedia, Radius Server is a networking protocol that provides centralized authentication, authorization, and accounting management for users who connect and use a network service. Livingston Enterprises developed RADIUS Server in 1991 as an access server used for authentication and accounting protocols (AAA). They commonly use radius servers in telecommunication networks for user authentication, authorization, and accounting, and are better known for their availability, scalability, and redundancy in networking. Radius Server ensures the user has access to the network and what permissions they may have access to on the network. It is also a client/server protocol that runs in the application layer and can be used either TCP or UDP in a networking environment. Home Network Access Servers (NAS) also have a radius client that communicates with the radius server in order for the system to perform the full task of AAA. I know the RADIUS server well for its 802.1X authentication and is usually a background process running on UNIX or Microsoft Windows. How Does the Radius Server Work? Earlier, we discussed that radius server is a protocol, which means it uses' protocol to communicate with its network clients, Now let's explain how radius servers communicate with their clients with their so-called protocol. Authentication and authorization: How does the RADIUS server check that the information is correct using authentication schemes such as PAP, CHAP or EAP? First, the user's proof of identification will be verified, along with, optionally, other information related to the request, such as the user's network address or phone number, account status, and specific network service access privileges. Historically, RADIUS servers checked the user's information against a locally stored flat-file database. Modern RADIUS servers can do this, or can refer to external sources—commonly SQL, Kerberos, LDAP, or Active Directory servers to verify the user's credentials. RADIUS Authentication and Authorization Flow, The RADIUS server then returns one of three responses to the NAS: Access Reject: They unconditionally deny the user access to all requested network resources, and the reasons may include failure to provide proof of identification or an unknown or inactive user account. Access Challenge: Requests additional information from the user, such as a secondary password, PIN, token, or card. It also uses access challenge in more complex authentication dialogs where a secure tunnel is established between the user machine and the Radius Server in a way that the access credentials are hidden from the NAS. Access Accept: User has been granted access. Once the user is authenticated, the RADIUS server will often check that the user may use the network service requested. A user may be allowed to use a company's wireless network, but not its VPN service, for example. Again, this information may be stored locally on the RADIUS server, or may be looked up in an external source such as LDAP or Active Directory. Each of these three RADIUS responses may include a Reply-Message attribute which may give a reason for the rejection, the prompt for the challenge, or a welcome message for the acceptance. It can pass the text in the attribute on to the user on the return web page. We can define a radius Server as –> Remote Authentication Dial-In User Service Server.