[c-nsp] Choosing a radius package

Ray Burkholder ray at oneunified.net
Mon Feb 20 14:02:49 EST 2006

With documents such as like ones found at
http://www.itdojo.com/synner/pdf/synner2.pdf, wouldn't it make sense to use
Windows IAS server (aka radius) to do your authentication?  Or are there
things missing that force you to use FR or SBR? 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Adam Maloney
Sent: Monday, February 20, 2006 14:40
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Choosing a radius package

I need to implement radius for the following:

Cisco Aironet wireless (pairs of 350's)
PIX VPN clients
Cisco dial-in users
Nortel Contivity VPN clients

These need to authenticate to (ugh) Active Directory.

Unless I hear strong arguments otherwise, I've boiled it down to either
FreeRADIUS or Funk's Steel-Belted radius.  It appears either will do the

My concern with SBR is on integrating it with custom tools and modules. 
I'll be forced to use either the Windows version or the appliance, (Solaris
and Linux are not options for this app) and in both cases that will hinder
my ability to manage/customize it.  I'm mostly thinking in terms of, 6
months down the road we want to do something that SBR can't do, and there's
no way to customize it.

I'd be running Freeradius under FreeBSD.

My only concerns with Freeradius are AD integration and support.  AD
integration supposedly works, but it looks kind of kludgy.  3rd-party
support exists, but at least one of the companies I contacted didn't return
my e-mail.  If I can get a definite "We're using it against AD with <some
ungodly number> auths/second and it works great", I don't think 3rd-party
support will be an issue.  Other than the AD stuff, I'm confident I can
support it myself.

Opinions are greatly appreciated.
cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

Scanned for viruses and dangerous content at http://www.oneunified.net and
is believed to be clean.

Scanned for viruses and dangerous content at 
http://www.oneunified.net and is believed to be clean.

More information about the cisco-nsp mailing list