North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Robust/feature-rich RADIUS server

  • From: Andy Dills
  • Date: Tue Dec 11 14:52:47 2001

On Tue, 11 Dec 2001, Hugh Irvine wrote:

> Many people on this list use Radiator (commercial source code product).

Hugh is officially associated with radiator (not sure in what capacity, if
nothing else he does a fantastic job of giving free support on the
radiator maling list), so I'll give a quick opinion from somebody who just
uses it and is NOT affiliated.

It's simply fantastic. There are built-in hooks for nearly every possible
way you can think of authenticating a user (and if nothing else you can
call external scripts). It's written in easy-to-read perl (yes, virginia,
there is such a thing) and is therefore very easy to extend should you
discover some obscure functionality you want that isn't implemented. The
config is so powerful that it's extremely simple for straightfoward
configurations, yet extremely adaptable for complex configurations. It
seems to try to follow the perl motto: TMTOWTDI. (There's more than one
way to do it.)

For instance, we use Platypus as our billing package, which runs on
Windows, with a SQL 7 backend, where we store our accounting data. Our
authentication is done via mysql (hosted on the same FreeBSD server as
radiator)...we have three different ISPs we own/run, each with different
customer databases, NASes in several different states/networks, and a
multiple providers of out-sourced modem ports which send us multiple
distinct realms. We had to use a third-party package (from openlink) to
get ODBC connectivity from our FreeBSD box to the Windows box, but that
was a breeze. It can do anything you can do with Radius, as far as I've
been able to determine.

If you're concerned about scalability, one of my colocation customers is a
large aggregator of out-sourced modem companies. He authenticates from
several different networks, accepting requests from proxy radius servers,
authenticating many locally, and proxying the other requests to customer
radius servers. He authenticates aboutt 80,000 users. (Yeah, it's
ridiculous.) He uses radiator and it's smooth as butter, even though his
config files are thousands of lines long. If it's going to be big like
this, use lots of memory.


Andy Dills                              301-682-9972
Xecunet, LLC                  
Dialup * Webhosting * E-Commerce * High-Speed Access