The users of METU services may frequently encounter the terminology FreeRADIUS while they are making use of these services. We have prepared this article so as to
further familiarize this service to our users.
To get a grasp of what FreeRADIUS is, it would help to firstly understand what the concept RADIUS stands for:
RADIUS (the acronym for Remote Authentication Dial In User Service') it is a protocol devised to perform the AAA (authentication, authorization, accounting) i.e. performing the management of identification verification, providing the
permissions and users' data accounting, for those users who provide remote access to other networks. The protocol was developed in 1991 by the manufacturer Livingstone
to verify identification and to follow up accounting and was later implemented as a standard by IETF (Internet Engineering Task Force). With its perfect support and
wide usage it is being used by ISPs (Internet Service Providers) and establishments to manage access to Internet, Intranet, wireless network and integrated e-mail
At the application level RADIUS is a server / client protocol which uses UDP (User Datagram Protocol) for transmission. They are densely used for network access like
RAS (Remote Access Server) and network gateways VPN (Virtual Private Network) servers. They, basically, have three functions:
- ID verification of users before providing access to the network
- The authentication of these users or devices for certain services
- Keeping an account of the usage data of these services
FreeRADIUS is a modular, rich in features, highly efficient in performance version, or model, of the RADIUS protocol mentioned above. The FreeRADIUS which is open source
code software can run under various operating systems (AIX, Cygwin, FreeBSD, HP-UX, Linux, MAC OS-X, NetBSD, OpenBSD, Solaris gibi). With its multiple AAA servers, it has wide range applications that provide service to millions of users. The server supports LDAP (Lightweight Directory Access
Protocol), SQL(Structured Query Language) and other database types and has been operating with EAP (Extensible Authentication Protocol) since 20001 and PEAP (Protected
Extensible Authentication Protocol) and EAP-TTLS (EAP-Tunneled Transport Layer Security) since 2003. Currently, the FreeRADIUS supports all ID authentication protocols
and data bases.
The FreeRADIUS whose 2.0.0 version was released at the beginning of 2008 has its latest version, 2.1.6, since its release in September 2009.
FreeRADIUS in METU
We as the CC METU make use of the FreeRADIUS AAA application for the access supervision of two of our services. The first and the most used of these is the
wireless network service. Those users who wish to connect to the wireless network service, may it be via the ng2ktransmission or via the eduroam
transmission, can not access to the wireless network without being verified and authorized by the FreeRADIUS ID verification and authentication system. On the
wireless network ID verification is performed based on MAC address for ng2k and based on 802.1.x for eduroam.
Our second service making use of FreeRADIUS is the dial-up network connection. Those users that wish to connect to our system via 2104300 analog and 0822 3141014 digital PRI lines using a dial-up modem can only do so after they have
passed the ID confirmation again performed by the FreeRADIUS system.
Furthermore, at the Northern Cyprus Campus 802.1.x based ID verification program is running on FreeRADIUS for both wired and wireless network access