Back to article
6 Secure Linux Wi-Fi Authentication Servers
FreeRADIUS, GNURadius, OpenRADIUS
November 15, 2010
Here we'll take a look at six different open and free Remote Authentication Dial In User Service (RADIUS) servers available for Linux (and other platforms). You'll find something that will work for you, whether you're supporting dial-up or VPN users, offering 802.1X for Wi-Fi security, or running VoIP. All your Authentication, Authorization, and Accounting (AAA) needs can be met on a Linux server.
The FreeRADIUS project was founded in June of 1999 by Miquel van Smoorenburg and Alan DeKok. Its freely available via the GNU General Public License, Version 2 (GPLv2) for running on Linux, other Unix-like systems, and even Windows. Since the first stable release in 2001 there have been feature improvements and bug fixes released every couple of months. There is extensive community support via documentation, a Wiki, mailing lists, and tutorials throughout the Internet. Commercial support is also available from consulting firms like Network RADIUS.
FreeRADIUS claims to be the world's most popular RADIUS Server. They estimate their server is responsible for authenticating hundreds of millions of users daily across over 50,000 sites. They claim their server provides the AAA needs of many Fortune-500 companies and ISPs.
In addition to the actual RADIUS server, FreeRADIUS includes a BSD licensed client library, a PAM library, an Apache module, and other administrative tools. FreeRADIUS includes most features of other servers, plus supports EAP for 802.1X authentication for Wi-Fi security. Binary packages are downloadable for numerous platforms, and the source code is always available. Settings are defined text configuration files, which are well commented and documented.
GNU Radius was started under the GNU project and had its first public releases in 2002. Its freely available via the GNU General Public License, Version 3 (GPLv3) and runs on Unix-like systems. The latest release was in December of 2008. For support there are mailing lists, an online reference manual, and a printed manual available for purchase.
GNU Radius supports a wide variety of authentication schemes, including system database, internal database, SQL database and PAM authentication. It includes some basic administration tools in addition to the server. GNU Radius is configurable via text configuration files, similarly to FreeRADIUS.
The OpenRADIUS project released its first public version in 2001, and the latest in 2007. Its freely available and licensed under the GNU General Public License, Version 2 (GPLv2) and can run on Unix-like systems. Support includes online documentation and a mailing list. Commercial support and custom development are also available.
OpenRADIUS offers a versatile backend interface which can get shared secrets, authentication information, policies and user profiles from any available external data source. It supports Unix password databases, Livingston-style ASCII files, and LDAP directories out of the box. Flexibility is provided with a built-in expression language. The powerful dictionary can be made to support all types of vendor-specific attributes. The OpenRADIUS settings are defined in just two configuration files.