Zack W Kneisley wrote: > Very Interesting. I have been evaluating Radiator off and on and find it > interesting that you would prefer FreeRADIUS over a $700 Radius > solution. Could you give me more insight into this switch? More details > on the AV pairs to certain proxy requests based on Client-IP-Address? > Could you provide any details on the hardware that your setup is running > on? > > Zack
FreeRADIUS versus Radiator was a fairly easy decision. First, I was already familiar with Cistron RADIUS, and FreeRADIUS was the natural progression. I also found FreeRADIUS simple but flexible, modular and graceful in design. The fact that it is open source wasn't a minor factor in my decision, either. It is often remarked that documentation for FreeRADIUS is lacking. While perhaps there aren't exactly volumes filled with endless pegagogical examples, what _does_ exist is extremely concise and accurate in its description of FreeRADIUS functions. If you're willing to read, test, read again, test again, read once more and repeat ad nauseum, it does contain everything you need to know to create just about every possible configuration for any sceinero. If nothing else, the debug output from the server is _exceptionally_ verbose and useful for, well, debugging. As for the issue with Client-IP-Address, I was faced with a situation where I needed to assign Ascend-Data-Filters to all sessions, both those handled locally and those proxied, when coming from a certain set of NAS I investiated doing this via Radiator. I had "inherited" the Radiator installation in question, and it's almost exclusively reliant on a rather poorly designed Microsoft SQL database. Every solution to this problem that Radiator was able to provide was either clumsy, not completely effective, or both. I found myself pushing down bubbles on wallpaper. Eventually, I used hints, user files, and the configurable failover functionality of FreeRADIUS to achieve my objective. Although it worked, I was particularly pleased with the fact that configurable failover gave me the ability to configure FreeRADIUS such that the Ascend-Data-Filters were assigned to all the right Access-Reply packets _AND_ no packets were processed by any modules that did not need to process them. No wasted processor cycles, memory, time, etc. As far as hardware... All my FreeRADIUS servers run on Compaq DL380', DL360's, and 1850R's using Intel P3 Xeon-class processors, ranging from 500MHz to 800MHz. All have 512 to 1024MB RAM and SCSI disks on RAID 5. The lowest-end of the servers handles tens of thousands of requests a day and never breaks a sweat. All the servers are running FreeBSD 4.6-STABLE or 4.7-STABLE. Alright, that's enough gushing for one day. Franklin -- Franklin Trumpy, NFA, MNGS, GSc | Say not, "I have found the truth," Sr. UNIX Systems Administrator | but rather, "I have found a truth." Lighthouse Communications | [EMAIL PROTECTED] | Say not, "I have found the path of the soul." (515)244-1115 | Say rather, "I have met the soul walking (888)953-3278 | upon my path." http://www.lh.net | | -Kahlil Gibran, _The Prophet_, 1923 | On Tue, 29 Oct 2002, Zack W Kneisley wrote: > Date: Tue, 29 Oct 2002 13:07:23 -0500 > From: Zack W Kneisley <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: RE: Experience > > > > Very Interesting. I have been evaluating Radiator off and on and find it > interesting that you would prefer FreeRADIUS over a $700 Radius > solution. Could you give me more insight into this switch? More details > on the AV pairs to certain proxy requests based on Client-IP-Address? > Could you provide any details on the hardware that your setup is running > on? > > Zack > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > [mailto:freeradius-users- > > [EMAIL PROTECTED]] On Behalf Of Franklin Trumpy > > Sent: Tuesday, October 29, 2002 12:31 PM > > To: Freeradius-Users > > Subject: Re: Experience > > > > I am running three implementations of FreeRADIUS for three different > > purposes. Primarily, I use FreeRADIUS to authenticate, authorize, and > > account for about 750 PPP dial users via SQL(including the session > > database), with authentication and authorization failover to a users > file. > > These same two RADIUS servers also proxy requests for about 15,000 > users > > to a set of Radiator RADIUS servers, which are, incidentially, > scheduled > > to be replaced by FreeRADIUS servers in the next month. > > > > All told, the 16,000 users arrive from any of about 99 RADIUS clients, > > 80 of which are the proxy RADIUS servers of three wholesale dial > vendors > > (AT&T, QWest, and UUNet). Those 80 clients proxy requests for about > 500 > > NAS. The remaining 19 RADIUS clients are NAS controlled by my > organization. > > FreeRADIUS also serves to add several AV pairs to certain proxy > requests > > based on Client-IP-Address, a function Radiator RADIUS cannot easily > > handle. > > > > My second implementation, using two other servers, does AAA for about > > 500 L2TP users via SQL, also failing over to a flatfile in the event > > of loss of database connectivity. There are about 15 "virtual" RADIUS > > clients configured on the one "real" NAS, a Redback SMS 1800. > > > > The third and final implementation, on its own, single server, > provides > > AAA for about 200 PPTP users via SQL. Once again, it fails over to a > > flatfile if necessary. The single RADIUS client is a Cisco 3000-series > VPN > > concentrator where authentication is handled by MS-CHAPv2. > > > > Three services, five servers, all running a FreeRADIUS CVS snapshot > from > > last week, and running just fine. > > > > Franklin > > > > -- > > Franklin Trumpy, NFA, MNGS, GSc | Say not, "I have found the truth," > > Sr. UNIX Systems Administrator | but rather, "I have found a truth." > > Lighthouse Communications | > > [EMAIL PROTECTED] | Say not, "I have found the path of > the > > soul." > > (515)244-1115 | Say rather, "I have met the soul > walking > > (888)953-3278 | upon my path." > > http://www.lh.net | > > | -Kahlil Gibran, _The > Prophet_, > > 1923 > > | > > > > On Tue, 29 Oct 2002, Zack W Kneisley wrote: > > > > > Date: Tue, 29 Oct 2002 08:12:38 -0500 > > > From: Zack W Kneisley <[EMAIL PROTECTED]> > > > Reply-To: [EMAIL PROTECTED] > > > To: Freeradius-Users <[EMAIL PROTECTED]> > > > Subject: Experience > > > > > > I've been watching this list for some time now, and it seems that > > > Freeradius is much more robust than I previously thought. Could some > > > users of this list give me some configuration examples (users > served, > > > how many NAS's using, Hardware & OS's being used, using sql, how > long > > > you have been using it ect. ) I have been looking into several > different > > > radius packages and it seems Freeradius can do almost everything the > > > others can. If you could provide me with successful read-world > > > deployments, the pros & cons, I encourage you to post them. > > > > > > Zack Kneisley > > > > > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
