Translations of this page

Radius

 [image of the Head of a GNU]

Table of Contents


Introduction to Radius

Radius is a server for remote user authentication and accounting. Its primary use is for Internet Service Providers, though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations.

The package includes an authentication and accounting server and some administrator tools.

Authentication Schemes

Radius supports a wide variety of authentication schemes. A user supplies his authentication data to the server either directly by answering the terminal server's login/password prompts, or using PAP or CHAP protocols. The server obtains the user's personal data from one of the following places:

System Database
The user's login and password are stored in /etc/passwd on the server, i.e. they are a "normal" UNIX user on the system.
Internal Database
The user's login ID, password etc. are stored in the internal radius database. The user's password is stored in encrypted form using either MD5 or DES hash, whichever is appropriate. Alternatively, a plaintext password can also be used if CHAP protocol is being used, CHAP usage is strongly discouraged for security reasons.
SQL authentication
User's details are stored in an SQL database. The database structure is fully determined by the system administrator, Radius does not restrict it in any way. See Interaction with SQL Servers.
PAM authentication
User is authenticated via PAM (Pluggable Authentication Service) framework. See the Linux PAM homepage for more details.

Accounting Schemes

Radius has three built-in accounting schemes:

Unix accounting
Accounting data are stored in radutmp/radwtmp files and can be viewed using radwho and radlast commands. Both commands are upward compatible with their Unix counterparts who and last.
Detailed accounting
The detailed accounting information is stored in plain text format. The resulting files can easily be parsed using standard text processing tools (grep, awk, etc.)
SQL accounting
Upon receiving accounting information Radius stores it in an SQL database. This can then be processed using standard SQL queries.

Radius is extensible and new accounting methods can be added using the extension language.

Interaction with SQL Servers

Radius is currently able to communicate with MySQL and PostgreSQL servers. Other DBMS are supported via ODBC interface.

Radius imposes no restrictions on the structure of authentication and accounting tables. The queries it uses to store and retrieve records are supplied by the system administrator thus allowing complete freedom in creating and configuring the databases.

Extensibility

Radius is a fully extensible system. It supports two extension languages: the built-in Rewrite language and Scheme. Rewrite has a syntax reminiscent of C and is designed primarily for modifying ("rewriting") the contents of incoming requests.

Use of Scheme requires Guile version 1.4 or higher. It allows the administrator to write his own authentication and accounting methods.

The two extension mechanisms can interoperate with each other: e.g. Scheme functions can call Rewrite functions.

SNMP Management

Radius allows for SNMP management of its activities. Its MIB tree contains MIBs proposed by RFC 2619 and 2621 as well as its private extensions.

Terminal Servers

Radius is compatible with any existing terminal server. It can even communicate with terminal servers that have some deviations from the RADIUS protocol. The built-in extension language allows the administrator to write his own rules for ad hoc parsing and restructuring of the packets coming from terminal servers.

Manuals

The Free Software Foundation publishes a GNU Radius Reference Manual. You can order the manual in printed form from the Free Software Foundation.

Complete documentation in Texinfo format is also included in the distribution. An online manual is available.

Mailing Lists

The following mailing lists are related to GNU Radius:

<[email protected]>
This list distributes announcements and progress reports on GNU Radius. This is a moderated list. Please, do not send bug reports or requests for help to this list, there exist special mailing lists for these purposes. To subscribe to the list, visit http://mail.gnu.org/mailman/listinfo/info-gnu-radius.
<[email protected]>
This list is the place for users and installers of GNU Radius to ask for help. The list is not moderated, but postings are allowed for list members only. To subscribe to the list, visit http://mail.gnu.org/mailman/listinfo/help-gnu-radius.
<[email protected]>
This list distributes bug reports, bugfixes, and suggestions for improvements in Radius. User discussion of Radius bugs also occurs here. The list is not moderated, postings are allowed for anybody. To subscribe to the list, visit http://mail.gnu.org/mailman/listinfo/bug-gnu-radius.

Downloading Radius

Radius can be found on http://ftp.gnu.org/gnu/radius/ or one of the mirrors.

The project's homepage at Savannah is the place to look for the latest news and patches for the project.

Alpha releases of the development version can be downloaded from alpha.gnu.org.

Latest Releases

Date Version Download (please use one of the mirrors instead) Information
2008-12-17 1.6.1 radius-1.6.1.tar.gz and its signature
radius-1.6.1.tar.bz2 and its signature

This minor release fixes compilation of radiusd with gcc version 4.3.0 (or later), which overly optimizes some code. It does such a remarkable job of optimization, that reduces a perfectly valid code to explicit dead loops in the produced object files.

To avoid this, starting from this version GNU Radius will be compiled with -fno-strict-aliasing.

I can only repeat after Linus Torvalds, that "the aliasing code in particular is not even worth enabling, it's just not possible to sanely tell gcc when some things can alias."

2008-12-06 1.6 radius-1.6.tar.gz and its signature
radius-1.6.tar.bz2 and its signature
  • The syslog statement (file raddb/config) takes an optional 3rd argument specifying the syslog tag to use, e.g.:
          
        channel default {
    	    syslog local1.info radiusd;
        };
    
  • New attributes:
    GNU-Server-Address
    Holds IP address of the RADIUS server that recieved the request. Notice, that the value of this attribute is "0.0.0.0" if there are no listen statement in your raddb/config.
    GNU-Server-Port
    Holds UDP port number of the RADIUS server that recieved the request.
  • Autoconf function AM_GNU_RADIUS is provided, for checking if GNU Radius is installed from configure.ac scripts.
  • Guile support requires Gule version 1.8 or later.
  • Bugfixes:
    • Pass NAS-IP-Address to mlc_stop_query.
2007-06-29 1.5 radius-1.5.tar.gz and its signature
radius-1.5.tar.bz2 and its signature
  • Licensed under the GPLv3.
  • The libgnuradius library uses its own namespace.
  • Wildcard matching in raddb/hints considerably improved.

    The new code supports everything wildmat used to support plus allows to select arbitrary parts of the matched string using \( and \) grouping.

  • Fix builds on non-glibc systems.
  • Fix handling of max-port-count statement.
2006-11-24 1.4 radius-1.4.tar.gz and its signature
radius-1.4.tar.bz2 and its signature
  • Hints are evaluated before verifying the user name validity.
  • New builtin functions in Rewrite language: time, strftime.
  • Exec-Program-Wait and Scheme-Procedure can occur in hints profiles.
  • Rewrite expressions are allowed as values of Exec-Program and Exec-Program-Wait pairs.
  • Bugfixes:
    • Properly protect occurrences of define in scm4 files.
    • Explicit assignments in naslist flags were incorrectly parsed.
    • Rewrite functions correctly handle strings, containing nul characters.
    • Fix format string vulnerability in sqllog (IDEF1590)
2004-11-20 1.3 radius-1.3.tar.gz and its signature
radius-1.3.tar.bz2 and its signature
See the announcement.
2004-09-23 1.2.95 (alpha) radius-1.2.95.tar.gz and its signature
radius-1.2.95.tar.bz2 and its signature
This release fixes the following bugs:
  • The first two file descriptors were not closed when launching a program by Exec-Program attribute, which, if the program was printing something on stdout, interfered with normal inter-process communication.
  • Fixed timeout computation in RPP code.
  • Radtest no longer requires libreadline
2004-09-15 1.2.94 (alpha) radius-1.2.94.tar.gz and its signature
radius-1.2.94.tar.bz2 and its signature
Announce and a list of user-visible changes since previous alpha 1.2.93.
2004-06-26 1.2.93 (alpha) radius-1.2.93.tar.gz
radius-1.2.93.tar.bz2
NEWS and ChangeLog diffs to the previous version 1.2.
2003-12-08 1.2 radius-1.2.tar.gz and its signature.
radius-1.2.tar.bz2 and its signature.
Latest stable release. See the official announce.

Translations of this page:

[ English | Polish ] Valid XHTML 1.0!