Product specifications

• Full source code provided
• Extreme flexibility and configurability
• Over 60 different authentication methods are supported, which can be mixed and chained to suit almost any authentication need
• Unlimited users
• Complies with RFCs 2548, 2619, 2621, 2865, 2866, 2867, 2868, 2869, 3579, 4669, 4671, 5176, 5997, 5998
• Dictionary or other applicable support for RFCs 4372, 4849, 4675, 4849, 5080, 5447, 5580, 5607, 5904, 6158, 6929, 6519, 6572, 6677, 7055, 7268, 8044
• Supports RFC 6614, also known as RadSec – secure, reliable RADIUS proxying
• Acts as a Diameter to RADIUS gateway for NAS authentication and accounting. Supports Diameter RFCs 3588, 6733, 4072, 4005, 7155. Diameter support includes TLS encryption, TCP or SCTP transport, accounting, PAP, CHAP, MSCHAP, MSCHAP-V2 and EAP types. Interoperates with Cisco, NSN, Juniper, Huawei and other vendors
• Acts as a RADIUS to Diameter gateway for NAS authentication and accounting.
• Supports EAP in accordance with RFC 3748
• Supports EAP-MD-Challenge, EAP-OTP and EAP-GTC, RFC 3748
• Supports EAP TLS, RFC 5216
• Supports EAP TTLS, RFC 5281
• Supports PEAP, IETF drafts and MS-PEAP
• Supports EAP-MSCHAP-V2
• Supports Cisco LEAP
• Supports EAP-FAST, RFC 4851
• Supports EAP-pwd, RFC 5931
• Supports EAP-PSK, RFC 4764
• Supports EAP-PAX, RFC 4746
• EAP-SIM, EAP-AKA, EAP-AKA’, 3GPP AAA Server and other related features are available through Radiator SIM Pack
• Acts as authentication server for IEEE 802.1X with support for IEEE 802.1AE, also known as MACsec
• Supports HOTP, RFC 4226
• Supports TOTP, RFC 6238, sometimes referred as Google Authenticator
• RADIUS SIP Digest authentication per draft-sterman-aaa-sip-00.txt and RFC 5090
• Diameter 3GPP EIR and other carrier features are available through Radiator Carrier Pack
• Diameter 3GPP GBA/BSF support for VoLTE Supplementary Services and other related features are available through Radiator GBA/BSF Pack
• Diameter 3GPP PCRF, PCEF, OCS, and other Diameter and RADIUS related policy and charging features are available through Radiator Telco Pack
• Complies with 3GPP2 P.S0001-A Wireless IP Network Standard up to version 3GPP X.S0011
• Supports iPass and GoRemote roaming services
• Supports SIP2 – the 3M Standard Interchange Protocol (SIP) 2.0
• Supports many ISP billing packages
• Supports most Vendor Specific Attributes
• Supports most SQL databases
• Supports most platforms
• Test command line and GUI utility allows you to test user passwords and to load test your server
• Works with any RADIUS server and RADIUS client
• Performance and scalability for large systems
• Integrates with complete Lawful Interception systems providing RADIUS-based triggering, traffic interception, mediation and warrant management
• Supports IPv4 and IPv6 on RADIUS, proxy, TACACS+, SNMP connections etc. Supported RFCs include 3162, 4818, 4669, 4671, and 6911
• Supports VOIP authentication such as Asterisk

Technical features

• Supports a number of EAP authentication methods as used in 802.1X wireless LANs. This means that secure wireless authentication and communication is easy to configure.
• Free Private server and client certificates for testing 802.1X authentication included
• Can act as a gateway between PEAP-MSCHAPV2 clients and non-EAP RADIUS servers
• Interoperates with Coova – the open source captive portal for wireless hotspot management including CoovaAP – open source hotspot access point firmware
• Supports Novell eDirectory with universal passwords. Universal passwords can be used with PAP, CHAP, MSCHAP, MSCHAPV2, TLS, TTLS-*, PEAP, EAP-MD5, and so on
• SNMP support for the IETF Radius Server MIB: gather server stats with SNMP
• Full suite of load balancing algorithms for RADIUS proxying
• Grouping, chaining, diverting and reusing of authentication methods is easy and means you can authenticate users even with very unusual collections of user databases.
• Flexible and extensible event logging
• Utilities for creating and updating user databases in various formats are included
• Simultaneous-Use check item can optionally verify logins for most NAS
• Automatic IP address allocation from SQL database and DHCP
• Check items can be regular expressions.
• Chooses automatically authentication methods based on any combination of request attributes
• Ascend abinary Filter attributes, including generic, ip and ipx
• Plug-in authentication handlers
• Username rewriting and realm stripping
• Object-Oriented design and understandable code (with many comments)
• Works with almost any SQL database schema
• Fault tolerant connection to your SQL server recovers when your SQL server recovers.
• Logging to log files, STDOUT, SQL, syslog, or your your own logging system
• Proxy-State and Proxy-Action support
• Proxy to primary/secondary RADIUS servers with multiple fallbacks and round-robin DNS
• Multiple DEFAULT users with optional Fall-Through
• Auth-Type cascades authentication to another user database of any type. It checks authentication in a multitude of ways: if user is in any database, if user is in all databases or any combination.
• Blocks authentication according to time of day and day of week, and force disconnection at the end of valid time blocks
• Rewrites requests and replies during forwarding and proxying
• Run-time variable substitution in reply items
• Multi-homed hosts
• Primary/secondary and multiple redundant servers
• Connect-Rate limits maximum permitted connection speed.
• Flat file (or any other method) backup database in the case of SQL server failure
• Supports plaintext, Unix Crypt, MD5 crypt, Radmin RCRYPT, SHA crypt passwords in any combination
• Block logins based on any combination of NAS and port
• Ascend Tunnel-Password encryption
• Supports Rcrypt reversibly encrypted passwords
• Prefix and Suffix check items
• Honours the “Dialin Privilege” flag on NT User Manager
• Easily configurable rejection messages: tell your user why they cannot log in
• Authentication logging lets you capture plaintext passwords from legacy users.
• Supports IETF RADIUS Tunnelling attributes
• Session management works even with multiple server instances, via internal, DBM or SQL session databases.
• Supports ADSL
• Supports GPRS, UMTS and 4G/LTE
• Can optionally act as a TACACS+ server, converting TACACS+ requests into RADIUS requests
• Optional tunnelling of RADIUS requests using SOAP over HTTP or HTTPS for improved security
• Handles special mapping of Breezecom/Alvarion accounting VSAs

Supported platforms

• Unix and Linux
• Red Hat Enterprise Linux 6, 7, 8
• Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS
• Debian 9, 10, 11, 12
• Centos 7, 8
• SUSE
• Any Linux using tar.gz for manual installation
• Solaris 8, 9, 10, 11. 32-Bit or 64-Bit. SPARC or Intel
• Windows 7/8/8.1/10 and Server 2008/2012/2016/2019/2022
• Mac OS X
• VMS

802.1X support

Radiator has strong support for a wide range of 802.1X/RADIUS devices such as Wireless LAN Access Points and wired LAN switches.

• Radiator supports a wide range of standard EAP authentication methods, including MD5, One-Time-Password (OTP), Generic Token Card (GTC), TLS, TTLS (including PAP, CHAP, MSCHAPV1 and MSCHAPV2), PEAP and LEAP compatible.
• EAP-SIM, EAP-AKA and EAP-AKA’ authentication support for Radiator is available through Radiator SIM Pack
• Supports IEEE 802.1AE, also known as MACsec
• Radiator includes free private server and client certificates for testing 802.1X authentication.

Authentication methods

Radiator can authenticate for many different realms and clients at the same time, with different databases, options and authentication methods in each realm. Multiple proxy targets, with packet and attribute filtering allow you to service both small and large ISP and carrier environments. Radiator can authenticate users from a wide variety of different user databases, such as

• Flat files in standard RADIUS user database format
• DBM files in Merit DBM file format
• Unix password format files (including shadow files)
• Most commercial and free SQL databases
• Proxying to other RADIUS servers by UDP
• Proxying to other RADIUS servers by RadSec for secure reliable delivery
• LDAP (including Umich, iPlanet/Netscape, OpenLDAP, Open Directory). Supports SSL and TLS connections, simple and SASL binding
• Tacacs Plus (PAP and CHAP)
• Native Windows NT user database and domains (even from Unix!)
• Active Directory on Windows 2000 and later
• AFS Kerberos
• Heimdal Kerberos (supports PAP, EAP-MD5, EAP-MSCHAPV2, and such)
• Microsoft Windows LSA
• PAM, and thus any authentication method supported by PAM
• Custom One-Time-Password systems including auto password generation and customisable back-channel password delivery such as SMS (SMS gateway not included)
• saslauthd authentication server from Cyrus SASL
• Your legacy user database
• SIP2 – 3M Standard Interchange Protocol (SIP) 2.0 for authenticating and authorising library patrons
• External programs and scripts
• iPASS Roaming Network both inbound and outbound authentication and accounting
• Other methods contributed by Radiator users
• RSA Security RSA Mobile and Authentication Manager
• Telstra DialConnect
• CHAP authentication
• Apache htgroup files
• OPIE one-time-passwords
• MSCHAP (v1 and v2) authentication and MPPE Keys per RFC 2548
• Cisco VOIP implementations
• Works with most EAP authentication protocols
• Compatible with MICROS-Fidelio OPERA Property Management System
• Novell eDirectory, including support for Novell Universal Passwords and NMAS Methods such as the Vasco Digipass NMAS Method
• NIS+
• CDB
• POP3
• IMAP

SQL Databases

Radiator works with any SQL database that has Perl DBD support, including:

• Oracle
• Informix
• Sybase
• mSQL
• MySQL
• Microsoft SQL Server
• ODBC
• Interbase
• SAP
• PostgreSQL
• SQLite

Radiator interoperates with Continuent’s uni/cluster which provides high availability, scalability and manageability services for MySQL, PostgreSQL and Sybase. Radiator Software can provide assistance with converting passwords from Cisco Secure ACS database dumps or Juniper Networks Steel Belted Radius RIF export files. Contact us for details

Accounting

Radiator can store accounting information in a variety of formats including:

• Flat files in standard Livingston radius accounting file format
• Most free and commercial SQL databases
• Proxying to other Radius servers
• Most ISP billing packages
• Your legacy accounting database
• wtmp files
• Proxying to a SOAP server
• Compatible with MICROS-Fidelio Opera Property Management System

ISP Billing

Radiator supports many ISP billing packages including:

• Micros-Fidelio Opera Property Management System
• Platypus
• Emerald
• EngageIP (previously Hawk-i)
• Billmax
• Rodopi
• Freeside
• ISPBill
• Advanced ISP Billing
• Jet ISP billing
• Interoperates with PanaOne Billing solution
• Any ISP billing package that supports Livingston standard users and accounting detail files

NAS’s (Network Access Servers) supported

Radiator has been tested with a number of clients and servers and will work with any RADIUS compliant client or server. A partial list of clients is below:

• Alcatel DANA
• Altiga
• Apple AirPort
• Ascend (all models)
• Assured Access X1000
• Bay including RAC8000 and Annex Server 5399
• Breezecom
• Cisco routers and NAS’s
• Cisco Aironet AP340 and AP350 wireless Access Points
• Cisco SSG and SESM
• Computone
• Enterasys SS2200, SSR8000 SSR8600
• Ericsson ACC
• Ericsson GSN
• Ericsson IMS Diameter
• GRIC AimTraveler
• Huawei
• iPASS Net Server and Roam Server
• Livingston Portmaster including 25 and 3
• Merit proxy server 2.4 and 3.5
• Microsoft PPTP
• Mikrotik
• Nokia Access Controller
• Nomadix USG II
• Nortel including CVX
• Orinoco/Proxim wireless Access Points
• Portslave 1.16
• QuarryTech
• Ravlin RedCreek
• Redback, including SMS and SE 800
• SecurityDynamics ACE/Server Radius
• Shasta
• Shiva
• Spring Tide
• Tigris
• Unisphere
• USR/3Com Total Control (including HiPer ARC)
• Windows RRAS
• Xyplex
• And any other RADIUS compatible device

VSA’s (Vendor Specific Attributes)

Radiator supports standard and non standard Vendor Specific RADIUS attributes including:

• USR/3COM
• Cisco (including VOIP)
• CVX 4-byte Vendor Specific Attributes, including the Vendor Specific Boolean data type
• Ascend
• Breezecom with broken VSA’s
• Bay
• Shiva
• ACC
• Microsoft
• Mikrotik
• Shasta
• Springtide
• Altiga
• Redcreek
• Unisphere
• Extreme
• KarlNet
• Colubris
• Level3
• 3GPP2
• DTag (Deutsche Telekom)
• Nomadix
• Redback 64bit integers
• and many others…

Lawful Interception

Radiator interoperates with several Lawful Interception solutions including:

• Aqsacom
• Hammond Street Developments
• Verint

Minimum System Requirements

• Unix, Linux, Windows 7/8/8.1/10, Windows Server 2008/2012/2016, or Mac OS X
• Perl 5.8.8 or later, ActivePerl from ActiveState or Strawberry Perl on Windows
• 32MB of disk space for the Radiator distribution and additional space for log files