The world's most popular RADIUS Server.Development Roadmap
The roadmap for the server is loosely defined. However, we are actively looking for sponsors for new features.
More complete HUP support
Scope of Work: Update the server core to re-load more configuration on HUP
Estimated effort: Variable, depending on the requirements. Priorities include re-reading clients, realms, home servers, etc.
Contact: hup@freeradius.org
WiMAX
WiMAX is growing in popularity. The WiMAX specification for RADIUS has a few differences from the historical Vendor-Specific Attribute (VSA) format. The protocol parser currently in the server does not support this new format.
Scope of Work: Modify the protocol handlers to parse and generate WiMAX attributes.
Estimated effort: To parse and generate WiMAX attributes, approximately a thousand lines of code. This includes attribute encoding and decoding only. The total cost is likely less than purchasing a commercial server that includes WiMAX support.
Contact: wimax@freeradius.org
3GPP2
Scope of Work: Update the protocol handlers to parse and generate 3GPP2 attributes.
Estimated effort: Approximately a thousand lines of code. The total cost is likely less than purchasing a commercial server that includes 3GPP2 support.
Contact: 3gpp2@freeradius.org
Change of Authorization (CoA)
Scope of Work: Update the server core to accept, process, and generate CoA-Request and Disconnect-Request packets.
Estimated effort: Significant. Three to six (3-6) weeks of effort.
Contact: coa@freeradius.org
Native port to Windows
Scope of Work: Update the server to build under MingW. Add native Windows implementations of some features (threads, signals, run as service, etc.)
Estimated effort: Three to four (3-4) weeks of work. The end result will be a native Windows binary that can be run as a service on Windows.
Contact: win32@freeradius.org
Active Directory integration
Scope of Work: Once the server runs natively on Windows, use internal Windows API's to obtain user passwords. This information is not available to programs running elsewhere on the network.
Estimated effort: Three to four (3-4) weeks of work. The end result will be a module that will look up a user and obtain their password from the internal Active Directory database. This functionality will be equivalent to the unix module on Posix systems, which uses the user name as a key to obtain the password from /etc/passwd
Contact: ad-password@freeradius.org
Completed Milestones
Version 2.0
Version 2.0 contains a large number of fixes over the 1.x release stream.
We expect that once this version has been released, 1.x will go into "maintenance" mode, where the only changes will be critical bug fixes.
The following is a partial list of new and updated functionality in 2.0:
- Debugging mode is much clearer and easier to read.
- A new policy language makes many configurations trivial. See man unlang for a complete description.
- Virtual servers are now supported. This permits clear separation of policies. See raddb/sites-available/README
- EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work". See raddb/certs/README for details.
- Proxying is much more configurable than before. See proxy.conf for documentation on pools, and new config items.
- Full support for IPv6.
- Much more complete support for the RADIUS SNMP MIBs.
- HUP now works. However, only some modules are re-loaded, and the server configuation is not reloaded.
- There is now a "check configuration" option. See man radiusd for functionality and limitations.
- radrelay functionality is now included in the server core. See raddb/sites-available/copy-acct-to-home-server
- support. It is minimal, but functional.
- Cleaned up internal API's and names, including library names.