We have found RADIATOR to be very flexible and configurable. We are using it to implement our own version of "vlan pooling" since Meru doesn't have that feature.
One caution, we run RADIATOR on windows servers (because we do AD authentication) and there is the potential for you to have performance issues. Radiator has many features that can be used to get around those (We run multiple instances of it on one box and use the EAPBALANCE feature to load balance), but it takes some care and planning. -Neil -- Neil Johnson Network Engineer The University of Iowa Phone: 319 384-0938 Fax: 319 335-2951 Mobile: 319 540-2081 E-Mail: neil-john...@uiowa.edu From: <Turner>, Ryan H <rhtur...@email.unc.edu<mailto:rhtur...@email.unc.edu>> Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Date: Wednesday, April 17, 2013 2:10 PM To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>> Subject: [WIRELESS-LAN] Radiator versus Freeradius We are switching to EAP-TLS for wireless authentication, and have everything in place with the exception of a Certificate Revocation Checking process. We would prefer to use OCSP, but it appears that freeRadius isn’t supporting OCSP very well (it is either buggy or not feature rich). Specifically, it would appear that if you don’t specify a URL (a responder override), freeRadius will not correctly pull the responder URL from the certificate. Verification then fails, and thus the user connection will not be established. We have multiple CAs, so hard coding in a single responder URL is not optimal. The other issue, is that a fail open option for freeradius also doesn’t look to be officially supported, and is only provided via some user patch that won’t likely work when the code is upgraded. A soft fail would allow users to be authenticated if a responder is unavailable, and presumably we can set some time out that is less than a user connection time out for this to occur. With all of this preface, I have been looking for commercially supported radius platforms, and Radiator looks to be a really good option. I am not entirely they support the above options, but have inquired. Anyone have some good opinions on Radiator? As to our actual problems, we could be messing up the config, but I don’t think so :) Thanks, Ryan Turner ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
