By M.A. Dockter
RADIUS is first and foremost a protocol, and it really doesn’t show its benefits unless there is more than one RADIUS server on the network.
A RADIUS server at its simplest is a computer configured in a certain way that can “speak” the RADIUS language over the network with NAS and other RADIUS servers. All it takes is an NT Service or Linux Daemon properly configured for a computer to be a RADIUS server.
Combine this feature with what seems to be the corporate world’s most popular authentication scheme, Windows 2000 Active Directory, and remote user authentication is greatly simplified. For example: “Z Inc.” has domain controllers for each of its departments (e.g., accounting, shipping and receiving, and development). Each has its own unique domain name (e.g., accounting.z.net). The administrator can then set up a RADIUS server service (which is built into Windows 2000 server) on each domain controller, as well as one on the main controller of the forest.
Next, the administrator can set up a NAS server and modem pool to go along with it; set up the NAS to communicate with the main controller’s RADIUS service; and set restrictions like, “accounting may only connect via TCP/IP, but development can connect via any protocol the server supports.” This will yield a single-access number that allows any employee of Z Inc. to dial-up from home, or on the road, and use the same username and password he or she does every morning when logging in to the departmental domain and accessing work files, presentations, and other items needed for working out of the office.
If a user has a broadband connection at home or is lucky enough to have one while on the road, RADIUS can also integrate with a virtual private network (VPN). If the employee has a VPN client installed, she can simply connect to the VPN server via an IP address or DNS name and log in to the domain the same as from her office workstation.
In the above example we used Windows 2000 as the server operating system because of our personal familiarity with the operating system and comfort level with it — as well as its inherent popularity. RADIUS is built into Windows 2000 Server but must be properly configured in Add/Remove programs or during the operating system setup.
There are, however, alternative RADIUS servers.
Interlink (formerly Merit) RADIUS Server is the leading alternative for the Sun Solaris platform. It includes such features as, dial-up, roaming, mobile IP, quality of service, Fax over IP, and Voice over IP.
Cistron RADIUS server (http://www.radius.cistron.nl/) is a very popular GNU GPL licensed version for Linux platforms. For a list of features, and about any other question we recommend, referring to http://www.radius.cistron.nl/faq/ for its extremely large FAQ.