External Auth Script or local Auth

Alan DeKok aland at deployingradius.com
Sat Jan 13 16:30:02 CET 2018


On Jan 13, 2018, at 8:40 AM, JAHANZAIB SYED <aacable at hotmail.com> wrote:
> I am using Freeradius ver 2.1.10

  You should upgrade to 2.2.10.  There's just no reason to use a version which is almost 10 years old

> I have noticed that some commercial radius servers (with freeradius backend) using External script (php/perl or C code) to authenticate users. I just wanted to know that what are the additional benefits of using external auth script over freeradius own authentication (via rad-groups) ?

  So that they can avoid GPL licensing issues.

> I made my own bash script that runs fine for authentication by checking user status in my_users table like expiry, disable/enable, quota, uptime etc , but for heavy load network like 20-30k users, what is recommended?

  Use the features in FreeRADIUS.  They work.  They're also MUCH faster than forking an external program.

  i.e. FreeRADIUS can do 10's of 1000's of DB queries per second, and 10's of 1000's of authentications per second.  When you use shell script, that number can drop by 10x to 100x.

  On top of that, why re-implement features which already work?  It doesn't make any sense to write a shell script to do something, when FreeRADIUS can already do it.

  Most people who are re-packaging FreeRADIUS are figuring this out.  Some have taken the source, and hacked it up... at which point they have their own magic server that no one understands.

  And a few years later, FreeRADIUS has more / better features than their hacked-up version, and they can no longer sell decent features to their customers.

  Alan DeKok.




More information about the Freeradius-Users mailing list