[c-nsp] Choosing a radius package

Adam Maloney adam at whee.org
Mon Feb 20 13:40:08 EST 2006

I need to implement radius for the following:

Cisco Aironet wireless (pairs of 350's)
PIX VPN clients
Cisco dial-in users
Nortel Contivity VPN clients

These need to authenticate to (ugh) Active Directory.

Unless I hear strong arguments otherwise, I've boiled it down to either 
FreeRADIUS or Funk's Steel-Belted radius.  It appears either will do the 

My concern with SBR is on integrating it with custom tools and modules. 
I'll be forced to use either the Windows version or the appliance, 
(Solaris and Linux are not options for this app) and in both cases that 
will hinder my ability to manage/customize it.  I'm mostly thinking in 
terms of, 6 months down the road we want to do something that SBR can't 
do, and there's no way to customize it.

I'd be running Freeradius under FreeBSD.

My only concerns with Freeradius are AD integration and support.  AD 
integration supposedly works, but it looks kind of kludgy.  3rd-party 
support exists, but at least one of the companies I contacted didn't 
return my e-mail.  If I can get a definite "We're using it against AD with 
<some ungodly number> auths/second and it works great", I don't think 
3rd-party support will be an issue.  Other than the AD stuff, I'm 
confident I can support it myself.

Opinions are greatly appreciated.

More information about the cisco-nsp mailing list