On Wed, 10 Mar 2004, Martin Jr., D. Michael wrote: > I am interested in what specific types of RADIUS servers are being used > by individuals out there in the higher education community for wireless > applications? > > Are people using Unix-based, Linux-based, or Windows-based RADIUS > systems?
We have several RADIUS servers running on Solaris, and on Linux. However, the server we use will also run on Windows! 8-) > Are people using OpenSource or Commercial? Commercial. We use Radiator (http://www.open.com.au) The license costs for education are reasonable (even for a small school), the support is top notch, and the product supports just about everything you could want. And, since it is written in Perl, if it does something you don't like, it is easy to change. > What RADIUS systems have been the easiest to configure? Radiator comes with example configs for a whole bunch of different environments it may be used in. And if there isn't one that fits, I would be glad to help out. Funk's Steel Belted RADIUS, and Meetinghouse's RADIUS server are both fairly easy to configure. Microsoft's Internet Authentication Server (IAS) can be painful, and is quite limited in functionality. FreeRADIUS isn't too bad to configure but can be a pain at times. Cisco's SecureACS fits somewhere between Funk and IAS. > What RADIUS systems have been the biggest headaches? I would probably suggest staying away from IAS, unless you have an Active Directory environment. > > We are in the process of evaluating what type of RADIUS to use here and > I would like to get feedback before we go down a wrong road. IMHO, there are a few key things to consider when looking at a RADIUS server. 1. What do you intend to do with it? -- If you are just authenticating modem users, you don't need much. Pretty much any RADIUS server will do. If you are planning on doing anything with EAP, (for 802.1x, VPN, etc) you need to determine which EAP types you want to be able to use, and look for a server that supports them. 2. How many users are you going to support? -- Again, if you are just authenticating modem users, this probably isn't a big issue. But, if you are doing anything with EAP, the amount of CPU time needed per user goes up quite a bit! (But you can always throw more CPU at it. ;) 3. What kind of support do you want? -- I really only have experience with support from Meetinghouse, FreeRADIUS, and Radiator. Meetinghouse's support is okay. FreeRADIUS can be difficult depending on what you are trying to get help with, but the code is available so you can always help yourself. Radiator has some of the best support I have seen in a product. Radiator also has an active user base in their forums that can help resolve most problems fairly quickly. If you need to contact their support directly, they will get back to you quickly. Also, you get source with Radiator, so you have the self help option. 4. Cost (probably should have been #1) -- IAS is "free" if you have a Windows server environment. FreeRADIUS is free. The price for Funk will vary drastically depending on what you want to do. (In one case, for us, a single server license was quoted at $20k.) While an unlimited Radiator license is only $6,800. And a single server license is only $1,000. > > Any input would be appreciated. > > Thanks, > > D. Michael Martin, Jr. > Network Administrator > University of Montevallo > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/cg/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.
