Discussion:
(RADIATOR) Radiator vs Freeradius study
Tiago Fernandes
2004-06-21 21:20:50 UTC
Permalink
I'am doing a non-fundamentalist study about Radiator versus Freeradius
(http://www.freeradius.org), costs not-involved, to see what to use at
work.

I looking for advantages and disadvantages mainly.

In terms of funcionalities, we want to have PEAP and MS-CHAPv2 support.


Thanking you in advance,


Tiago Fernandes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040621/4475704b/attachment.bin>
Terry Simons
2004-06-22 01:29:05 UTC
Permalink
Hi Tiago,

We have been using Radiator for over a year now in a production
University campus environment. We chose Radiator, at the time, because
FreeRADIUS didn't have the required EAP type support (TTLS->PAP) that
we decided to deploy.

I think one of the major benefits of Radiator is that you are
guaranteed support for the product (because you *DO* have to purchase
it), but you also get the source code.

Mike and Hugh have been extremely helpful in solving problems for us,
and in some cases they have had fixes for our bugs in less than 24
hours.

Originally when we looked at FreeRADIUS, we asked them what plans they
had for TTLS support, and we were told that if we wanted the
functionality, we could write it ourselves. (Standard Open Source
answer, I suppose. ;-)

At any rate, FreeRADIUS does now support many more EAP types than last
year when we did our deployment, but I think if I were faced with the
decision again, I would push my campus to buy Radiator, because it's an
excellent product, IMO.

I haven't used FreeRADIUS a lot, though, so I can't really speak for
that side of things.

This may not be relevant to you, but Xsupplicant (the Open Source
802.1X client for Linux) is primarily tested against Radiator, so if
you are planning on using Xsupplicant, it has a higher chance of
working with Radiator, simply because that's what we test against most
heavily.

- Terry
Post by Tiago Fernandes
I'am doing a non-fundamentalist study about Radiator versus Freeradius
(http://www.freeradius.org), costs not-involved, to see what to use at
work.
I looking for advantages and disadvantages mainly.
In terms of funcionalities, we want to have PEAP and MS-CHAPv2 support.
Thanking you in advance,
Tiago Fernandes
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Mark
2004-06-22 12:20:22 UTC
Permalink
Hi everyone

I've given users a set amount of internet time. This is working with Session
Time-Out currently. My problem is that I'd like the users to only be allowed
to log-in within 24hr of the first login.

Could any one suggest a way of doing this that's dynamic. So accounts can be
created in advance.

I'm running RADIATOR with MySQL on 'Linux Fedora Core 1'.

Thx

Mark

--
mark at x31.com
markf at cyberware.co.uk
http://www.huhsz.com

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Jose Borges Ferreira
2004-06-22 14:23:31 UTC
Permalink
Try this approach:

Add a column to your user database and the when you receive an
Account-Start, update that field if empty. Then limit the
Session-Timeout using that value.
That is simple enough to be implemented only with SQL.
I have implemented a similar procedure and is working fine.
Post by Mark
Hi everyone
I've given users a set amount of internet time. This is working with Session
Time-Out currently. My problem is that I'd like the users to only be allowed
to log-in within 24hr of the first login.
Could any one suggest a way of doing this that's dynamic. So accounts can be
created in advance.
I'm running RADIATOR with MySQL on 'Linux Fedora Core 1'.
Thx
Mark
--
mark at x31.com
markf at cyberware.co.uk
http://www.huhsz.com
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Vincent Hua
2004-06-22 17:31:37 UTC
Permalink
Hi, guys,

We needed to secure the passwords which appear in clear text in the
radius.cfg.

Any suggestions?

Thanks...

Vincent

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Terry Simons
2004-06-22 18:26:56 UTC
Permalink
You can SHA1 or MD5 hash the passwords in your file.

There are examples in the "users" file in the Radiator directory.

Here's an example from the users file:

pwtest2 User-Password = "{SHA}k1qAjger6rE9fhCrig+QPZ/HTrJhYWE="

- Terry
Post by Vincent Hua
Hi, guys,
We needed to secure the passwords which appear in clear text in the
radius.cfg.
Any suggestions?
Thanks...
Vincent
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Bret Jordan
2004-06-22 22:36:00 UTC
Permalink
And here is a passwd hashing script I wrote to do just this, it will do
SHA1 and MD5.

http://utahgeeks.sourceforge.net/prgs/passwd.html

Bret
Post by Terry Simons
You can SHA1 or MD5 hash the passwords in your file.
There are examples in the "users" file in the Radiator directory.
pwtest2 User-Password = "{SHA}k1qAjger6rE9fhCrig+QPZ/HTrJhYWE="
- Terry
Post by Vincent Hua
Hi, guys,
We needed to secure the passwords which appear in clear text in the
radius.cfg.
Any suggestions?
Thanks...
Vincent
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bret Jordan Dean's Office
Director of Networking College of Engineering
801.585.3765 University of Utah
jordan at coe.utah.edu
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Hugh Irvine
2004-06-22 23:30:14 UTC
Permalink
Hello Vincent -

You can use the "rcrypt" utility included in the "goodies" directory.

See section 6.17.21 in the Radiator 3.9 reference manual
("doc/ref.html").

regards

Hugh
Post by Vincent Hua
Hi, guys,
We needed to secure the passwords which appear in clear text in the
radius.cfg.
Any suggestions?
Thanks...
Vincent
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Hugh Irvine
2004-06-22 23:35:18 UTC
Permalink
Hello Vincent -

If you really mean the radius.cfg file, you should make it readable
only by the user that radiusd runs as.

regards

Hugh
Post by Vincent Hua
Hi, guys,
We needed to secure the passwords which appear in clear text in the
radius.cfg.
Any suggestions?
Thanks...
Vincent
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
Loading...