Radiator AAA server
Radiator is the highly flexible, configurable, and extensible RADIUS server from Radiator Software. It is designed from the ground up to offer features and options not found in any other RADIUS server.
Basic information
With more than 60 different authentication methods available, and support for most Unix and PC platforms, Radiator is the RADIUS server for serious ISPs and carriers who want power and flexibility to meet the needs of their growing user base.
Radiator now supports more 802.1X secure wireless and LAN authentication methods than any other RADIUS server giving a wide choice of 802.1X network clients. Private server and client certificates for testing 802.1X authentication are included.
Secure
Radiator is the only commercial AAA server delivered with full source code. You can audit, diagnose, and extend the source code yourself. Radiator is a well-established and trusted solution. Operators, carriers, large enterprises, and organisations – including many security-oriented ones – use it globally as a mission-critical AAA component..
Extendable
Radiator is modular by design. You can easily expand it to support new authentication methods and sources, ensuring that it stays up to date with the latest advancements in authentication, authorisation, and accounting. Radiator is highly configurable. It comes with a comprehensive collection of ready-to-use configuration examples. If you have any special requirements, you can even write your own modules – quickly and without compromising performance.
Interoperable
Radiator adjusts to your infrastructure. There is no need to make any changes to the existing infrastructure, which saves both time and money. Radiator is completely vendor independent. It works smoothly with devices and services from different vendors and incorporates data from multiple sources.
This makes Radiator an excellent choice for:
- supporting both existing and future requirements in evolving multi-vendor networks
- extending existing networks according to regulatory requirements
- merging network infrastructures after mergers and acquisitions
Technical details
- Fully featured RADIUS and TACACS+ support
- TLS support, including TLS 1.3 for RadSec and EAP-TLS
- RADIUS over TLS (RadSec)
- Supports IPv4, IPv6, UDP, TCP, SCTP
- Easy modification to suit your special requirements: full source code and extension API
- Support for standard tools like SNMP to monitor your server
- Extensible with wide range of logging solutions (JSON, syslog, SQL, Elasticsearch, Splunk, etc.)
- Support for 802.1X authentication
- Support for a wide range of EAP authentication methods including MD5, Generic Token Card
- (GTC), LEAP, FAST, TLS, TTLS (including PAP, CHAP, MSCHAPV1 and MSCHAPV2), PEAP and PWD
- Supports a wide range of multifactor authentication solutions (Microsoft/Google Authenticator and other TOTP compatible clients, Duo Security, RSA Token, YubiKey, DigiPass)
- Database support: SQL (MySQL, MariaDB, PostgreSQL, Oracle etc.), LDAP (Active Directory, OpenLDAP, etc.), REST
- Support for multiple read/write back-ends
- Address allocation from SQL, DHCP, etc.
- Supports Active Directory integration both in Windows and Linux/Unix
- Roaming and proxying support (eduroam, govroam,
OpenRoaming, etc.) - Comprehensive and extendable RADIUS dictionary with ready support for multiple vendor-specific attributes
- Vendor-neutral and interoperable with any device that uses RADIUS, TACACS+ or Diameter
- Can combine information from multiple sources for an AAA response
- Support for vendor-specific interfaces such as MICROS-Fidelio Opera Property Management System and SIP2
Popular use cases
Employee network authentication
One of the basic use cases for RADIUS authentication is employee LAN authentication, meaning employee’s authentication to both company’s internal network and the world wide web. There are multiple methods to achieve secure network connection for your employees.
At its simplest, the employee logs in with username-password combination. The network access server sends request to Radiator which checks credentials against an SQL database. Matching credentials grant access, request with wrong credentials are rejected. This solution requires local IT admin to provision WiFi credentials. This above diagram showcases some of the many pieces Radiator can integrate with in this use case, for example Active Directory or an SQL database.
When using AD the user credentials are checked against AD credentials. This model does not require manual configuration of first connection. The solution can also be complimented with second autentication factor with TOTP. All this can be implemented with just Radiator and your database of choice.
Network device administration
A classic use case for an AAA server is to manage administrative access to network devices such as controllers, switches and network gateways. Device administration for various types of NAS can be done with RADIUS or TACACS+ protocols.
With Radiator, you can get rid of insecure shared passwords and implement role-based access with personal user accounts. For easy user management, Radiator integrates external LDAP and SQL backends for fetching the user information and privileges. User authentication can also be combined with various MFA options for further security.
RADIUS or TACACS+
The choice between RADIUS and TACACS+ depends on security requirements in your organisation and the protocols supported by your device vendor(s). TACACS+ adds more encryption and allows more granular control for authorising each command separately, but not all devices support it. Radiator can be configured to process both RADIUS and TACACS+ requests, so you can choose one or both.
Great in multi-vendor network
With Radiator, you can avoid vendor lock-in and freely choose the network equipment you want: Radiator includes vendor-specific attributes from most device vendors [linkki?] and adding proprietary ones or own custom attributes is made easy. This makes Radiator a great choice for multi-vendor environments.
Deployment support
Radiator team has lots of experience with device administration deployments, so we can help you whether you’re considering a greenfield deployment, want to upgrade from an in-house or open source setup, want to unify AAA following a merger or acquisition, or migrate from other solutions.
Looking for more?
More information of Radiator AAA server:
Already got a licence?