• Home
• Download
• FAQ
• Wiki
• Mailing Lists
• Documentation
• Support

The FreeRADIUS Project

FreeRADIUS includes a RADIUS server, a BSD licensed client library, a PAM library, and an Apache module. In most cases, the word FreeRADIUS refers to the RADIUS server.

FreeRADIUS is the most widely deployed RADIUS server in the world. It is the basis for multiple commercial offerings. It supplies the AAA needs of many Fortune-500 companies and Tier 1 ISPs. It is also widely used in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable.

The server has reached a stable Version 2.1.9 (sig) , with incremental improvements added in every release.

---

Recent News

2010.05.24 Version 2.1.9 (sig) has been released. The focus of this release is stability.

Feature improvements

• Add radmin command "stats detail " to see what is going on inside of a detail file reader.
• Added documentation for CoA. See raddb/sites-available/coa
• Add sub-option support for Option 82. See dictionary.dhcp
• Add "server" field to default SQL NAS table, and documented it.

Bug fixes

• Reset "received ping" counter for Status-Server checks. In some corner cases it was not getting reset.
• Handle large VMPS attributes.
• Count accounting responses from a home server in SNMP / statistics code.
• Set EAP-Session-Resumed = Yes, not "No" when session is resumed.
• radmin packet counter statistics are now unsigned, for numbers 2^31..2^32. After that they roll over to zero.
• Be more careful about expanding data in PAP and MS-CHAP modules. This prevents login failures when passwords contain '{'.
• Clean up zombie children if there were many "exec" modules being run for one packet, all with "wait = no".
• re-open log file after HUP. Closes bug #63.
• Fix "no response to proxied packet" complaint for Coa / Disconnect packets. It shouldn't ignore replies to packets it sent.
• Calculate IPv6 netmasks correctly. Closes bug #69.
• Fix SQL module to re-open sockets if they unexpectedly close.
• Track scope for IPv6 addresses. This lets us use link-local addresses properly. Closes bug #70.
• Updated Makefiles to no longer use the shell for recursing into subdirs. "make -j 2" should now work.
• Updated raddb/sql/mysql/ippool.conf to use "= NULL". Closes bug #75.
• Updated Makefiles so that "make reconfig" no longer uses the shell for recursing into subdirs, and re-builds all "configure" files.
• Used above method to regenerate all configure scripts. Closes bug #34.
• Updated SQL module to allow "server" field of "nas" table to be blank: "". This means the same as it being NULL.
• Fixed regex realm example. Create Realm attribute with value of realm from User-Name, not from regex. Closes bug #40.
• If processing a DHCP Discover returns "fail / reject", ignore the packet rather than sending a NAK.
• Allow '%' to be escaped in sqlcounter module.
• Fix typo internal hash table.
• For PEAP and TTLS, the tunneled reply is added to the reply, rather than integrated via the operators. This allows multiple VSAs to be added, where they would previously be discarded.
• Make request number unsigned. This changes nothing other than the debug output when the server receives more than 2^31 packets.
• Don't block when reading child output in 'exec wait'. This means that blocked children get killed, instead of blocking the server.
• Enabled building without any proxy functionality
• radclient now prefers IPv4, to match the default server config.
• Print useful error when a realm regex is invalid
• relaxed rules for preprocess module "with_cisco_vsa_hack". The attributes can now be integer, ipaddr, etc. (i.e. non-string)
• Allow rlm_ldap to build if ldap_set_rebind_proc() has only 2 arguments.
• Update configure script for rlm_python to avoid dynamic linking problems on some platforms.
• Work-around for bug #35
• Do suid to "user" when running in debug mode as root
• Make "allow_core_dumps" work in more situations.
• In detail file reader, treat bad records as EOF. This allows it to continue working when the disk is full.
• Fix Oracle default accounting queries to work when there are no gigawords attributes. Other databases already had the fix.
• Fix rlm_sql to show when it opens and closes sockets. It already says when it cannot connect, so it should say when it can connect.
• "chmod -x" for a few C source files.
• Pull update spec files, etc. from RedHat into the redhat/ directory.
• Allow spaces when parsing integer values. This helps people who put "too much" into an SQL value field.

2010.05.21 - A Development Roadmap is announced

As part of the continued growth of the server, we are actively looking for sponsors for new features. New projects include support for 3GPP2, Windows ports, etc.

2009.09.09 Version 1.1.8 (sig) has been released. The focus of this release is security.

Feature Improvements

• None

Bug Fixes

• Fix crash (memcpy with length -1) when invalid Tunnel-Password attributes are received.

2009.07.20 We have worked with MySQL to create two white papers on MySQL scalability and MySQL cluster. They are now available:

Delivering Scalable & Highly Available AAA Services

This white paper discusses the concepts of current data storage solutions for Authentication, Authorization and Accounting (AAA) environments and their potential limitations as network use grows and services become more dynamic.

The paper then presents an alternative deployment scenario based on the FreeRADIUS Server and MySQL Cluster serving as the back-end AAA database, providing an infrastructure for high growth and availability, with low complexity. A sizing study and user case study are presented to demonstrate how the solution performs in real-world FreeRADIUS environments

Read the whitepaper, posted here:
http://www.mysql.com/why-mysql/white-papers/mysql_wp_ha_auth_account.php

Deployment Guide: FreeRADIUS with the MySQL Cluster Database

This Guide documents a best-practice approach to configuring and testing a FreeRADIUS server deployed with the MySQL Cluster database storage engine serving as the back-end data store for user and accounting data. Deployment topologies and configurations are presented, enabling users to quickly and simply replicate the solution in their own environment.

Read the guide, posted here:
http://www.mysql.com/why-mysql/white-papers/mysql_wp_deploying_FreeRADIUS.php

2008.03.05 FreeRADIUS Client Version 1.1.6 (sig) has been released. The focus of this release is stability.

• Added dead_time functionality / configuration.
• Merge in fixes and enhancements from 'radiusclient-ng'.
• Improved functionality for embedded operation. In use in FreeSWITCH and OpenSER projects.
• Wrap gethostby*() family of calls with threadsafe variants.
• Change UINT4 to uint32_t, int to size_t, etc.
• Fixed wrong usage of strncat function in several places.

---

Copyright 2010 The FreeRADIUS Server Project | Last modified Monday, 24-May-2010 09:08:33 EEST
Sponsored by Network RADIUS Inc.