All You Need to Know About FreeRADIUS

ByFoxpass
page_1_thumb_large-0112a0bd

Introduction:

Supporting RADIUS, DHCPv4, DHCPv6, TACACS+, and VMPS, the FreeRADIUS Server Project is an efficient and flexible multi-protocol policy server. The GNU General Public License, Version 2 (GPLv2), governs its distribution. With RADIUS, a network’s authentication and authorization can be handled centrally, reducing the number of tweaks needed when new users are added or removed.

Users of 802.1x (wi-fi), dialup, PPPoE, VPNs, VoIP, and many other systems can be authenticated via FreeRADIUS. Databases including MySQL, PostgreSQL, Oracle, Active Directory, Apache Cassandra, Redis, OpenLDAP, and many more are supported in the background. Each day, it is used by hundreds of millions of people across websites with 10k to 10m+ users to verify their identities before granting them access to the internet.

In what ways is FreeRADIUS unique?

For RADIUS servers, FreeRADIUS is by far the most extensively used and widely deployed option. It’s the foundation for various commercial products and services, and it meets the requirements of many large corporations and Internet service providers (ISPs) for authentication, authorization, and accounting (AAA). However, its use is not limited to the general public since it is widely adopted in the academic sector (i.e., Eduroam, the worldwide roaming access service developed for the international research and education community, utilizes FreeRADIUS software).

Alan DeKok and Miquel van Smoorenburg in August 1999 created FreeRADIUS. When the Livingston server was shut down, Miquel penned the Cistron RADIUS server software, which quickly gained popularity. This modular approach to FreeRADIUS’s development was made to foster greater participation from the user base.

What you get out of FreeRADIUS:

FreeRADIUS‘s widespread use is due to its many advantages beyond those provided by the extensive range of other RADIUS servers. As a result of its protocol’s feature-rich, modular, and scalable design, FreeRADIUS offers the following benefits and advantages to network administrators:

  • Features

FreeRADIUS has more authentication methods supported than any other open-source server. By illustration, FreeRADIUS is the only open-source RADIUS server supporting Extensible Authentication Protocol (EAP).

Moreover, “virtual servers” are supported by no other RADIUS server, commercial or open source. FreeRADIUS has a significant leg up on the competition because its support for virtual servers simplifies complex setups and reduces the continuing support and maintenance expenses for network managers.

  • Modularity

FreeRADIUS‘s modular layout makes it simple to learn. The modular interface makes it easy to swap out components as needed. For instance, if a module is not required for a particular setup, it can be uninstalled. When the module is deleted, it no longer consumes memory or poses a security risk to the system. Thanks to its adaptability, the server can function on anything from embedded devices to multi-core machines with gigabytes of RAM.

  • Scalability

Changing some of the default settings allows a single RADIUS server to go from processing a request per few seconds to thousands of requests per second. FreeRADIUS is relied upon by many large businesses (those with more than 10 million users).

Unlike commercial servers, which typically have multiple software versions to choose from, FreeRADIUS requires upgrading to the most recent version to take advantage of improvements in performance, the addition of new realms and RADIUS clients, and other features.

Components of the RADIUS Network

RADIUS follows the client-server approach used by many other protocols. A RADIUS server receives requests from a RADIUS client, also known as a Network Access Server (NAS). After receiving the request, the RADIUS server responds with its findings.

Wi-fi access points like the Linksys WRT54G and dialup modems are two examples of widely available NAS products from established tech companies. Cisco ISE, Microsoft Network Policy Server, Steel Belted RADIUS, Open Systems Radiator, and FreeRADIUS are all examples of popular RADIUS server software.

The RADIUS Dictionary

Even though attributes are often referred to by name (for example, “User-Name”), these names have no relevance in the protocol because RADIUS is a binary protocol and not text-based like SMTP or HTTP. Information (such as “User-Name”) is not sent as a string of text but rather as a binary header followed by binary data.

  • Dictionary files are employed to convert human-readable names into the binary data contained in RADIUS packets. Over 100 dictionaries and approximately 5,000 characteristic definitions are included with FreeRADIUS out of the box. These dictionaries are used to facilitate easy server configuration and to facilitate easy extension without the need for source code compilation.
  • There are numerical attributes, length-based ones, and binary data in the NAS’s outgoing packets. On the other hand, the contents of a dictionary file are just a list of words or phrases, each of which is associated with a name, a number, and a data type.
  • The server consults the dictionaries to find an item that corresponds to the number in the packet and then utilizes the information about the data type contained in that entry to decipher the binary data. For human readability, all logs and debug messages use the name from the dictionary entry to describe the attribute.
  • The server can also encode a string (such as “User-Name = Bob”) into “number, length, binary data” in a packet by using dictionaries.
  • If a server receives a packet with the number 1 and some binary data, for instance, the data is considered to be a binary representation of a package. The server could not decode these properties without knowing whether the binary information was a text, an IP address, or an integer. The dictionary entry could read: “1” is a string data type known as “User-Name.” The server can correctly decode the packet into a form that is usable by policies and administrators thanks to the information in the dictionary entry.
  • Dictionaries make adding new properties to RADIUS software easier without requiring an upgrade.
  • Vendors can define new dictionary attributes without modifying the source code of the server or the client. After that, these supplementary characteristics can be factored into policy choices or recorded in a ledger.

Conclusion:

Please utilize the ‘freeradius-users’ mailing list to share your thoughts and ask for help if you’re experiencing trouble with FreeRADIUS . Members of the FreeRADIUS community run and contribute to the mailing list. If you have studied the necessary documentation for your issue, users of the list will gladly answer your queries.

Please report any issues you find with the freeradius-server repository on GitHub, make feature requests, or offer patches to the code there. However, before writing a bug or feature request, it is recommended that you discuss the issue with the appropriate mailing groups.

0