From owner-freebsd-isp Fri Feb 21 8:18:28 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 933F437B401 for ; Fri, 21 Feb 2003 08:18:26 -0800 (PST) Received: from web1.nexusinternetsolutions.net (web1.nexusinternetsolutions.net [206.47.131.12]) by mx1.FreeBSD.org (Postfix) with SMTP id A64B943FAF for ; Fri, 21 Feb 2003 08:18:25 -0800 (PST) (envelope-from dave@hawk-systems.com) Received: (qmail 15985 invoked from network); 21 Feb 2003 16:18:24 -0000 Received: from unknown (HELO ws1) (24.157.103.51) by web1.nexusinternetsolutions.net with SMTP; 21 Feb 2003 16:18:24 -0000 From: "Dave [Hawk-Systems]" To: Cc: "Manny Obrey" Subject: RE: radius server suggestions Date: Fri, 21 Feb 2003 11:18:23 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >I'd like to get some input on open source radius server packages. >Can anyone suggest which to stay away from and/or which ones are working for >you ? > >XtRadius > >- robust >- radius server should be able to query a backend ldap server >- also allow me to have an ascii file that would allow me to >allow/disallow users that may be in that file. Not sure about robust, we manage slightly over 6k users currently. Went with XTRadius because it allows you to either control in the users file, or outsorce to an external script/program that returns a 0 or 255 response. We heavily manage users from a variety or sources and requirements (time limitations, custom ACL transmissions, IP address management from radius, restrict to certain POPs, etc...) so we needed to simply dump the RADIUS request to a custom made script which parses the login information and determines using a variety of requirements and cases, what to return with the auth. So from a flexibility POV it can't be beat, though I am not sure this is unique to XTRadius. In short, being able to do customization in Perl rather than dealing with plugins and so forth for a specific RADIUS application was the primary appeal(which would require some sort of ramp-up) was the primary motivating factor, and still is to date. All XTRadius worries about is 0 or 255, auth or not, and passes back to the NAS whatever the external app gives it back along with the auth. Of course, your mileage may vary :) Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message