Earthweb.com Practically Networked Home Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
Troubleshooting
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting
    Guides

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  
 
Forums
About
Jobs
Home

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router and by extension, your network is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.



Add a RADIUS Server to Your SMB's Network

By Eric Geir

RADIUS servers support the authentication of millions of users to ISPs and networks every day. Small and medium sized businesses might also require RADIUS /AAA for wireless 802.1X security or VPN connections. Here we'll review three different servers smaller organizations might consider.

Elektron RADIUS Server

Periodik Labs offers a RADIUS server for both Windows and Mac OS X, starting at $750.00. It can run on the legacy and latest operating systems: Windows 2000 to Windows 7/Server 2008 R2 and Mac OS X 10.3.9 to 10.6. It requires 20 MB of disk space and 128 MB of RAM.

It supports all the latest Wi-Fi authentication protocols: PEAP , EAP-TLS, LEAP , EAP-TTLS, and EAP-FAST. Additionally, it supports other basic RADIUS protocols, such as PAP and CHAP .

The Elektron RADIUS Server supports many databases for storing and retrieving the user account information:

  • Windows Active Directory
  • Local Windows Accounts
  • Mac OS X Open Directory
  • Elektron Accounts (built-in)
  • LDAP
  • RADIUS
  • ODBC (SQL)
  • Script

However, there isn't database support for the RADIUS client (access point) list. You must enter the IP addresses and shared secrets of the RADIUS clients on their built-in list.

The Elektron RADIUS Server features access policies, to help you further control access. For example, you could specify the AP users connect through, limit connections based on day and time, and assign users to VLANs .

Elektron has a sever replication feature, which is not always included in comparable servers. This keeps a backup server configured in case the primary server goes down. However, you must purchase a second server license.

The server supports accounting to log connection details, however, the data is only logged to a text file and optionally forwarded to another remote RADIUS server. The event handler feature, however, is very useful. It can alert with via e-mail, syslog, script, or SNMP trap when a select event occurs, such as failed logins, password lockout, or server status.

Elektron features a useful wizard to create a self-signed CA certificate for the server. It also helps you export the CA certificate to the computers via e-mail and installers. However, Elektron doesn't help create user certificates, such as when using EAP-TLS.

ClearBox Enterprise RADIUS Server

XPerience Technologies offers a RADIUS server for the Windows platform, starting at $599. It supports Windows 2000 to Windows Vista/Server 2008. It requires 8 MB of free disk space and at least 256 MB of RAM.

It supports the most popular EAP implementations for 802.1X: PEAP, EAP-TLS, and EAP-TTLS. It doesn't support LEAP or EAP-FAST; however, these are now older unsecure protocols. But it supports a couple other non-wireless authentication protocols: ASCII, PAP, CHAP, MS-CHAP/MS-CHAPv2, ARAP, and SIP-Digest.

The ClearBox Enterprise RADIUS Server also supports many databases for storing and retrieving the user account information:

  • Windows Active Directory
  • Mac OS X Open Directory
  • User Manager (built-in)
  • LDAP
  • RADIUS
  • ODBC (SQL)

Like Elektron, ClearBox also has a built-in database for listing the RADIUS client (access point) details. Plus it even has a dynamic client feature where it can query a database, unlike Elektron.

ClearBox supports authorization features to better control access. When using the internal User Manager, you can limit access by login hours, expiration date, time credit, MAC address, and more. When using a different user database, you'd have to manually define attributes.

ClearBox includes a load balancing and fail-over feature. However, unlike Elektron, there isn't replication support.

ClearBox offers several ways to output accounting data. It can log packets to the internal or an external database, file, for proxy-forward to a remote RADIUS server. It also supports Syslog and other advanced logging.

Like Elektron, ClearBox includes a wizard to create a self-signed CA certificate for the server. It doesn't help distribute the certificate, but it can create and management user certificates for EAP-TLS. Plus it can create a request for certificate signing from a third-party CA, like Verisign or GoDaddy.

TekRADIUS Server

TekRADIUS is a RADIUS server for the Windows platform. The Freeware version can be used for both commercial and personal use. The Enterprise edition runs for $149, and gives you EAP-TLS support.

TekRADIUS has been tested on Windows XP, Windows 2003 Server, and Windows Vista. At least a Pentium IV class CPU and 1 GB of RAM is recommended. The Microsoft .NET Framework 4.0 Client Profile must be installed. When running the Microsoft SQL Server Edition, it also requires Microsoft SQL Server. Alternatively, there is the SQLite Edition.

It supports the following wireless authentication protocols: PEAP, EAP-TLS (Enterprise edition only), and EAP-MD5. It also supports the following general protocols: PAP, CHAP, MS-CHAP/MS-CHAPv2, and SIP-Digest.

User accounts can be created and modified in the server manager or via a command line utility. They are stored by the MS SQL Server or SQLite database. It also supports authentication with Windows Domains or Active Directory.

RADIUS client (or access point) details can be entered via the GUI, which is stored in the MS SQL or SQLite database.

Unlike the two previous servers, you must manually setup attributes to implement access policies such login times and expiration dates.

TekRADIUS logs accounting data in the MS SQL or SQLite database. The Reporting tab on the server manager can display the data with the ability limit to a date range, user, or group.

Like Elektron and ClearBox, TekRADIUS offers a wizard (TekCERT) to create a self-signed CA certificate for the server. Like ClearBox, it also helps create client-side certificates for EAP-TLS. But it doesn't offer any deployment or third-party request features.

There are more options

We reviewed three different RADIUS servers. Elektron seems to be the most user-friendly, ClearBox the most advanced, and TekRADIUS the most economical.

Remember, if you run a Domain network with Active Directory on a Windows Server, you already have RADIUS capability. Check out the Internet Authentication Service (IAS), or Network Policy Server (NPS) for 2008 and later.

If running your own RADIUS server is to cost or time consuming for your organization, consider outsourced services, like those listed at this article on 18 free or no-cost solutions for your network .


Eric Geier founded NoWiresSecurity, which helps small businesses quickly and easily protect their Wi-Fi with enterprise-level security. He's also a freelance tech writer and author of many networking and computing books, for brands like For Dummies and Cisco Press.


For more help, check out the PracticallyNetworked Forums.

Add to del.icio.us | DiggThis




Earthwebnews.com Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation


Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums