[unisog] RADIUS Products

Michael Holstein michael.holstein at csuohio.edu
Thu Apr 14 13:32:29 GMT 2005

Well .. the story goes like this :

Microsoft's IAS has, like all other M$ products, wonderful integration 
(with the rest of M$'s products *only*, of course) -- it's 
point-and-click in tearms of easy to get your POTS/WLAN users 
authenticated, even if you want to do 802.1x on your Wireless.

That said .. we use FreeRADIUS and I have MySQL on the backend. That 
took about 5 minutes to setup (cd /usr/ports/net/freeradius && make 
install) and didn't cost squat. I'm doing accounting on hundreds of 
Aironet access points and several RAS concentrators. Only thing I had to 
do was write some perlscript to run from cron to delete the old stuff 
(see previous thread on dangers of keeping "subscriber identifying 
information" too long). AFIK you can get FreeRADIUS to do pass-through 
SMB authentication against a NT/200[0|3] domain for your 802.1x or RAS.

If you're a Cisco shop, I'd also suggest looking at their SecureACS 
software. I've worked with that in more than one enterprise and it's 
rock-solid as well.


Michael Holstein CISSP GCIA
Cleveland State University

Hart, Lee Anne wrote:
> Hello all,
> Does anyone have experience using any of the following RADIUS products:
> Microsoft Windows Server 2003 Internet Authentication Service (IAS),
> Novell's BoarderManager, or Steel Belted Radius? We are researching
> different RADIUS products to use with our Nortel network infrastructure
> equipment, but I expect our need will grow in the near future as we
> implement wireless and VPNs. Any information and experiences you have
> are appreciated. Thanks,
> Lee Anne Hart
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list