Date: Fri, 21 Feb 2003 11:18:23 -0500 From: "Dave [Hawk-Systems]" <dave@hawk-systems.com> To: <freebsd-isp@freebsd.org> Cc: "Manny Obrey" <manny8383@hotmail.com> Subject: RE: radius server suggestions Message-ID: <DBEIKNMKGOBGNDHAAKGNAEEAJAAB.dave@hawk-systems.com> In-Reply-To: <F76H5EbRkSYmOSlyPtY00049c7e@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>I'd like to get some input on open source radius server packages. >Can anyone suggest which to stay away from and/or which ones are working for >you ? > >XtRadius > >- robust >- radius server should be able to query a backend ldap server >- also allow me to have an ascii file that would allow me to >allow/disallow users that may be in that file. Not sure about robust, we manage slightly over 6k users currently. Went with XTRadius because it allows you to either control in the users file, or outsorce to an external script/program that returns a 0 or 255 response. We heavily manage users from a variety or sources and requirements (time limitations, custom ACL transmissions, IP address management from radius, restrict to certain POPs, etc...) so we needed to simply dump the RADIUS request to a custom made script which parses the login information and determines using a variety of requirements and cases, what to return with the auth. So from a flexibility POV it can't be beat, though I am not sure this is unique to XTRadius. In short, being able to do customization in Perl rather than dealing with plugins and so forth for a specific RADIUS application was the primary appeal(which would require some sort of ramp-up) was the primary motivating factor, and still is to date. All XTRadius worries about is 0 or 255, auth or not, and passes back to the NAS whatever the external app gives it back along with the auth. Of course, your mileage may vary :) Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBEIKNMKGOBGNDHAAKGNAEEAJAAB.dave>