Radius compatibility questions

Jan Mulders lastchancehotel at gmail.com
Tue May 22 18:45:00 CEST 2007


One thing to keep in mind is Freeradius is basically just a framework that
you chuck plugins into: there are numerous plugins to do most any task
included with it to make things easier - and if you don't find what you
need, you can make your own (or, if you're lazy, you can build one in a
programming language module such as rlm_perl - which, being Perl, you can
also do pretty much anything in, including AD, LDAP, custom SQL stuff, or
even entirely custom implementations (eg, query an external webserver to
authenticate a user - so theoretically, 'ebay integration' is possible!).)

It's best not to think of Freeradius as a "monolithic product" (ie,
everything built in, with strict compatibility/functionality limitations, as
you'd buy off the shelf), and instead think of it as an unfilled server
rack, where you can plug and choose based on your requirements.

But yes, as Dennis pointed out, you have quite a bit of reading (and I
should also mention testing) to do. It should be trivial to build a very
simple test-bed installation of Freeradius once you understand what's going
on, then you can figure out what your APs and VPN servers are saying (and
wanting in return), from which you can choose and configure modules to suit
your needs.

Jan






On 22/05/07, Dennis Skinner <dskinner at bluefrog.com> wrote:
>
> Ouahiba MACHANI wrote:
> > Hi,
> >
> > Can anyone give me details about FreeRadius compatibility? My questions
> > are :
> >
> >
> > 1- Dose radius operate easily with Cisco equipments (including
> > firewalls, VPN, … ) and other hardware VPN servers?
> >
> > 2- The same question for software VPN, such as Microsoft Routing and
> > Remote Access Server (RRAS)?
> >
> > 3- the same question for access points?
> >
> > 3- What version or variants of the following standards and methods dose
> > radius support  :  X802.1X, EAP-X?
> >
> > - Is there available plug-in that allow to interface with
> > ActiveDirectory ? LDAP directories ? Databases (Oracle, MySQL, etc) ?
> >
> > Where can I find the features of the actual version of radius?
>
> FreeRADIUS is one of, if not the most widely deployed RADIUS server in
> the world.  I can't speak to the specifics of RRAS, but the answer to
> most of your questions is yes.
>
>
> > I want to develop a plug-in for FreeRadius. This plug-in should be able
> > to handle authentication requests send from a VPN server (either
> > hardware, Cisco or a Software (MS RRAS) implementation) or an
> AccessPoint.
> >
> > The second requirements, is that this plug-in should be able to
> > interface with the different users Data store including ActiveDirectory,
> > LDAP directories and Databases, to accomplish user authentication.
>
> So, you want something to listen for and process requests and then based
> on that request, do a lookup of some kind to get the user's account
> information and then do some sort of comparison between them and send an
> Accept or Reject back.
>
> Yep.  Sounds exactly like what freeRADIUS does.  There are already
> plugins for LDAP, SQL, Oracle, etc.  Time to do some reading I think:
>
> http://www.freeradius.org/
> http://wiki.freeradius.org/Main_Page
> http://deployingradius.com/
>
> especially:
> http://deployingradius.com/documents/protocols/compatibility.html
>
> Then grab the tarball and read the files in the doc dir, the man pages,
> and the comments in the config files.
>
> If you still have questions, google+list archive and asking on this list
> can help.
>
> --
> Dennis Skinner
> Systems Administrator
> BlueFrog Internet
> http://www.bluefrog.com
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070522/fb41abb6/attachment.html>


More information about the Freeradius-Users mailing list