The users of METU services may frequently encounter the terminology FreeRADIUS while they are making use of these services. We have prepared this article so as to further familiarize this service to our users.

To get a grasp of what FreeRADIUS is, it would help to firstly understand what the concept RADIUS stands for:

RADIUS:
RADIUS (the acronym for Remote Authentication Dial In User Service') it is a protocol devised to perform the AAA (authentication, authorization, accounting) i.e. performing the management of identification verification, providing the permissions and users' data accounting, for those users who provide remote access to other networks. The protocol was developed in 1991 by the manufacturer Livingstone to verify identification and to follow up accounting and was later implemented as a standard by IETF (Internet Engineering Task Force). With its perfect support and wide usage it is being used by ISPs (Internet Service Providers) and establishments to manage access to Internet, Intranet, wireless network and integrated e-mail services.

At the application level RADIUS is a server / client protocol which uses UDP (User Datagram Protocol) for transmission. They are densely used for network access like RAS (Remote Access Server) and network gateways VPN (Virtual Private Network) servers. They, basically, have three functions:

1. ID verification of users before providing access to the network
2. The authentication of these users or devices for certain services
3. Keeping an account of the usage data of these services

FreeRADIUS: FreeRADIUS is a modular, rich in features, highly efficient in performance version, or model, of the RADIUS protocol mentioned above. The FreeRADIUS which is open source code software can run under various operating systems (AIX, Cygwin, FreeBSD, HP-UX, Linux, MAC OS-X, NetBSD, OpenBSD, Solaris gibi). With its multiple AAA servers, it has wide range applications that provide service to millions of users. The server supports LDAP (Lightweight Directory Access Protocol), SQL(Structured Query Language) and other database types and has been operating with EAP (Extensible Authentication Protocol) since 20001 and PEAP (Protected Extensible Authentication Protocol) and EAP-TTLS (EAP-Tunneled Transport Layer Security) since 2003. Currently, the FreeRADIUS supports all ID authentication protocols and data bases.

The FreeRADIUS whose 2.0.0 version was released at the beginning of 2008 has its latest version, 2.1.6, since its release in September 2009.

FreeRADIUS in METU

We as the CC METU make use of the FreeRADIUS AAA application for the access supervision of two of our services. The first and the most used of these is the wireless network service. Those users who wish to connect to the wireless network service, may it be via the ng2ktransmission or via the eduroam transmission, can not access to the wireless network without being verified and authorized by the FreeRADIUS ID verification and authentication system. On the wireless network ID verification is performed based on MAC address for ng2k and based on 802.1.x for eduroam.

Our second service making use of FreeRADIUS is the dial-up network connection. Those users that wish to connect to our system via 2104300 analog and 0822 3141014 digital PRI lines using a dial-up modem can only do so after they have passed the ID confirmation again performed by the FreeRADIUS system.

Furthermore, at the Northern Cyprus Campus 802.1.x based ID verification program is running on FreeRADIUS for both wired and wireless network access management.

Sources:

• http://wiki.freeradius.org/RADIUS
• http://www.freeradius.org
• http://wiki.freeradius.org/Other_RADIUS_Servers

Suna Yılmaz