The FreeRADIUS Server Project

FreeRADIUS was founded in June 1999 by Miquel van Smoorenburg and Alan DeKok. The first public "alpha" release of the code was in August 1999, with 0.1 being released in May 2001. Since then, new versions have been released every few months.

FreeRADIUS is used daily by 100 million people to access the Internet.

Since then, the project has grown to include support for more authentication types than any other open source server. It is used daily by 100 million people to access the Internet. There are over 50 thousand sites using FreeRADIUS, ranging in size from 10 users to over 10 million users.

Since its founding, the project has expanded to include a number of other RADIUS related products, including:

freeradius-client A BSD licensed RADIUS client library.
mod_auth_radius A RADIUS module for Apache 1.x and 2.x.
pam_radius_auth A Pluggable Authentication Module (PAM) for RADIUS authenticationand accounting.

By the numbers

We recently commissioned a survey of FreeRADIUS users, in order to see how people are using the server. Here’s what the results showed:

No. of Users authenticated via FreeRADIUS
No. of RADIUS servers at each site
Databases where user information is stored
Authentication Protocols
Other RADIUS Servers

Most sites using FreeRADIUS are intermediate in size, and are probably running the server in enterprise (i.e. corporate) environments, or in small ISPs. Over 90% of the sites have less than 100,000 users.

FreeRADIUS is responsible for authenticating a third of all users on the Internet.

There are a small percentage of sites have over 10,000,000 (that's 10 MILLION) users. When we add up all of the sites, the total comes to about 100,000,000 users who are authenticated via FreeRADIUS. And that number includes only the sites that filled out the survey!

In total it is estimated that FreeRADIUS is responsible for authenticating more than ⅓ of users on the internet. Other users are split between Cisco ACS and Microsoft IAS (each with an equal share); and all the other RADIUS servers combined.

Number of Users

1 – 1014%
11 – 10017%
… – 10^325%
… – 10^425%
… – 10^513%
… – 10^64%
… – 10^7< 1%
10^7 or more1%

Not surprisingly, most sites have a very small number of servers. A few sites (likely the biggest ones) have a large number of servers.

It looks like most sites under 10,000 users have one or two servers. As the number of users grows, so does the number of servers used. A few sites have more than 50 servers, likely because they are placing servers at multiple locations.

Number of Servers

1 – 270%
3 – 519%
6 – 106%
11 – 202%
21 or more< 2%

Taken together, the various SQL modules account for nearly 50% of deployments. The only surprise is that Active Directory has such a low ranking, as it is the database used in most internal corporate environments. The conclusion that we can reach from this is that the people filling out this survey were probably ISPs and resellers rather than enterprise IT administrators.

Another conclusion is that if you have to store a few million users in a database, Active Directory probably isn't your first choice.

Databases used

MySQL32%
users file22%
OpenLDAP15%
Active Directory13%
PostgreSQL8%
Oracle5%
Other<4%

Most sites are using RADIUS for dial-in user authentication. e.g. Telephone dial-up, ADSL, etc. The number of wireless deployments is large, though, at just over a third. We expect that there will be more new wireless deployments in the future.

While we haven't broken the numbers out here, PEAP, EAP-TLS, and EAP-TTLS all have about the same share of the wireless space.

Authentication Protocols

PAP, etc.61%
Wireless (EAP)35%
Digest (VOIP)4%

Not everyone uses FreeRADIUS, so we also asked what other RADIUS servers people have used.

As mentioned above, ACS and IAS have about an equal market share, and together account for about 50% of other servers. Another 40% is shared pretty much equally between a few well-known RADIUS servers. The last 10% is a jumble of old servers (some very old), or servers that are targetted towards niche markets.

The numbers for Funk and Radiator are probably too low, because the survey was focussed on sites that have chosen to deploy Open Source. For the same reasons mentioned before, we expect that enterprises who have chosen to use a commercial product have also not filled out the survey.

Other servers

Cisco ACS24%
Microsoft IAS23%
Cistron12%
Funk11%
OpenRADIUS10%
Radiator10%
Other10%

The survey was commissioned because RADIUS servers are usally hidden inside of private networks (for very good reasons), and are not publicly accessibly like HTTP or DNS servers. That is, Apache can say that it is the number one HTTP server in the Internet because of public results from Netcraft. In order to get the same data, we have to directly ask site administrators what they are using. The good news is that over 500 responses to the survey were received, with the results as of November 2006 summarized as shown above.

Meet The Team

Alan DeKok Project Leader

Alan Dekok co-founded FreeRADIUS in 1999 and continues to lead the project today. He is recognized as one of the world's leading experts on remote network and AAA frameworks, and he has co-authored numerous AAA and RADIUS related RFCs. Alan is the CEO of NetworkRADIUS SARL.

deployingradius.com/

Arran Cudbard-Bell Principal Architect

Arran has a penchant for policy driven networking. He has been a contributor since 2007 and core team member since 2012, and has authored and rewritten many modules. He contributes heavily to code documentation, modernisation, re-architecture, and cleanup efforts. Arran is a member of the Jisc 802.1X SIG, and Director of RM-RF Ltd.

Alex Clouter Developer

Alex has been using FreeRADIUS for several years, and been part of the core team since 2016. He wrote the code for the EAP-FAST protocol and added TACACS support. Alex is the Director of coreMem Ltd.

Matthew Newton Developer

Matthew likes solving problems. He has contributed to FreeRADIUS since 2011, including modules such as Samba winbind authentication and EAP-TLS improvements, as well as documentation, examples and bug fixes. He has been a core team member since 2016. Matthew is a member of the Jisc 802.1X SIG, and Director of Newton Computing Ltd.

Security Contact

The FreeRADIUS security contact is security@freeradius.org. All security related information or notifications should be sent to that address. Security notifications may be signed with the pgp key aland@freeradius.org.