The server has all of the features that are found in a normal RADIUS server implementation. It is unique among Open Source RADIUS servers in it’s support for EAP. In addition, it has many capabilities not found in any other RADIUS products, even commercial servers from large vendors. In spite of that complexity, it is simple to install and configure.
In short, if you need a certain feature, it is likely that FreeRADIUS supports it. Please see the text below for information about specific features.
Performance and Scalability
The server is one of the fastest and scalable products we know of. The unique modular design enables it to be stripped down for embedded systems, or to expose all of the available features where required. In addition to being simple, FreeRADIUS is designed to be secure. An AAA server is a critical part of a network, and a primary target for attackers. Keeping the server safe and secure is a high priority for us, and for any administrator using the product.
The server runs on a wide variety of Operating Systems. Every effort is make to ensure it is 64-bit “clean”, though occasional issues are discovered during development.
A large number of CPU and OS architectures are have been verified to work, and are supported via the users list. We suggest that the server be installed via a pre-built package if one is available. If a package does not exist for your system, it can be built from source.
The server can authenticate users via simple methods (PAP, CHAP, MS-CHAP, MS-CHAPv2, SIP Digest) and all common EAP types. All client operating systems are supported, including Windows XP (SP1 and SP2) and Vista, Linux, Mac OSX, *BSD, and many others.
Both pre-authentication and post-authentication policies are supported. Polices may be stored in databases, flat-text files, or in Perl or Python scripts. IP addresses can be allocated through IP Pools.
All common accounting methods are supported. Accounting data can be logged to flat-text files (detail), or to most databases. Schemas and queries for both plain Internet access and VoIP are included.
Any RADIUS request can be proxied. Standard RADIUS realms are supported via simple configurations. More complex policies can use any method necessary to cause a request to be proxied.
Over 100 vendor dictionaries are supported. All common vendor equipment is supported, including all common attributes used by each vendor. Vendor updates can be mailed to firstname.lastname@example.org
All commonly used databases are supported for authorization, authentication, and accounting. (LDAP, SQL, text files, etc.). Fail-over and load-balancing across multiple servers is also supported.
FreeRADIUS is the only RADIUS server (commercial or Open Source) that supports virtual servers. This feature is similar to the virtual servers used in well-known web servers such as Apache. This feature can simplify complex implementations, and can reduce ongoing support and maintenance costs. Other functionality
VLAN assignment may be done via the VMPS protocol. IP address assignment can be done via the experimental DHCP implementation.
All RADIUS RFC’s are supported. The server is compliant with the following specifications:
rfc1157 rfc1227 rfc1448 rfc1901 rfc1905 rfc2243 rfc2289 rfc2433 rfc2548 rfc2607 rfc2618 rfc2619 rfc2620 rfc2621 rfc2716 rfc2759 rfc2809 rfc2865 rfc2866
rfc2867 rfc2868 rfc2869 rfc2882 rfc2924 rfc3162 rfc3575 rfc3576 rfc3579 rfc3580 rfc3748 rfc4372 rfc4675 rfc4679 rfc4818 rfc4849 rfc5080.
In addition to implementing standards, FreeRADIUS is defining new industry standards for RADIUS.
The server has been tested to be interoperable with a wide range of clients, servers, and 802.1x supplicants.