The FreeRADIUS Project
FreeRADIUS includes a RADIUS server, a BSD licensed client library, a PAM library, and an Apache module. In most cases, the word FreeRADIUS refers to the RADIUS server.
FreeRADIUS is the most widely deployed RADIUS server in the world. It is the basis for multiple commercial offerings. It supplies the AAA needs of many Fortune-500 companies and Tier 1 ISPs. It is also widely used in the academic community, including eduroam. The server is fast, feature-rich, modular, and scalable.
The server has reached a stable Version 2.1.8 (sig) , with incremental improvements added in every release.
Recent News
2009.12.30 Version 2.1.8 (sig) has been released. The focus of this release is stability.
Feature improvements
- Print more descriptive error message for too many EAP sessions. This gives hints on what to do when "failed to store handler"
- Commands received from radmin are now printed on stdout when in debugging mode.
- Allow accounting packets to be written to a detail file, even if they were read from a different detail file.
- Added OpenSSL license exception (src/LICENSE.openssl)
Bug fixes
- DHCP sockets can now set the broadcast flag before binding to a socket. You need to set "broadcast = yes" in the DHCP listener.
- Be more restrictive on string parsing in the config files
- Fix password length in scripts/create-users.pl
- Be more flexible about parsing the detail file. This allows it to read files where the attributes have been edited.
- Ensure that requests read from the detail file are cleaned up (i.e. don't leak) if they are proxied without a response.
- Write the PID file after opening sockets, not before (closes bug #29)
- Proxying large numbers of packets no longer gives error "unable to open proxy socket".
- Avoid mutex locks in libc after fork
- Retry packet from detail file if there was no response.
- Allow old-style dictionary formats, where the vendor name is the last field in an ATTRIBUTE definition.
- Removed all recursive use of mutexes. Some systems just don't support this.
- Allow !* to work as documented.
- make templates work (see templates.conf)
- Enabled "allow_core_dumps" to work again
- Print better errors when reading invalid dictionaries
- Sign client certificates with CA, rather than server certs.
- Fix potential crash in rlm_passwd when file was closed
- Fixed corner cases in conditional dynamic expansion.
- Use InnoDB for MySQL IP Pools, to gain transactional support
- Apply patch to libltdl for CVE-2009-3736.
- Fixed a few issues found by LLVM's static checker
- Keep track of "bad authenticators" for accounting packets
- Keep track of "dropped packets" for auth/acct packets
- Synced the "debian" directory with upstream
- Made "unlang" use unsigned 32-bit integers, to match the dictionaries.
2009.09.09 Version 1.1.8 (sig) has been released. The focus of this release is security.
Feature Improvements
- None
Bug Fixes
- Fix crash (memcpy with length -1) when invalid Tunnel-Password attributes are received.
2009.09.01 Alan DeKok (Project Leader) is giving a webinar in conjunction with MySQL. We will discuss the concepts and implementation of RADIUS services using the FreeRADIUS server and the MySQL Cluster database to deliver highly available and scalable AAA services.
For more information, please see the North America registration page, or the EMEA registration page.
2009.07.20 We have worked with MySQL to create two white papers on MySQL scalability and MySQL cluster. They are now available:
-
Delivering Scalable & Highly Available AAA Services
This white paper discusses the concepts of current data storage solutions for Authentication, Authorization and Accounting (AAA) environments and their potential limitations as network use grows and services become more dynamic.
The paper then presents an alternative deployment scenario based on the FreeRADIUS Server and MySQL Cluster serving as the back-end AAA database, providing an infrastructure for high growth and availability, with low complexity. A sizing study and user case study are presented to demonstrate how the solution performs in real-world FreeRADIUS environments
Read the whitepaper, posted here:
http://www.mysql.com/why-mysql/white-papers/mysql_wp_ha_auth_account.php
This Guide documents a best-practice approach to configuring and testing a FreeRADIUS server deployed with the MySQL Cluster database storage engine serving as the back-end data store for user and accounting data. Deployment topologies and configurations are presented, enabling users to quickly and simply replicate the solution in their own environment.
Read the guide, posted here:
http://www.mysql.com/why-mysql/white-papers/mysql_wp_deploying_FreeRADIUS.php
2008.03.05 FreeRADIUS Client Version 1.1.6 (sig) has been released. The focus of this release is stability.
- Added dead_time functionality / configuration.
- Merge in fixes and enhancements from 'radiusclient-ng'.
- Improved functionality for embedded operation. In use in FreeSWITCH and OpenSER projects.
- Wrap gethostby*() family of calls with threadsafe variants.
- Change UINT4 to uint32_t, int to size_t, etc.
- Fixed wrong usage of strncat function in several places.
2007.12.01 - A Development Roadmap is announced
As part of the continued growth of the server, we are actively looking for sponsors for new features. New projects include support for WiMAX, 3GPP2, Change of Authorization (CoA), Windows ports, etc.
The world's most popular RADIUS Server.