One thing to keep in mind is Freeradius is basically just a framework that you chuck plugins into: there are numerous plugins to do most any task included with it to make things easier - and if you don't find what you need, you can make your own (or, if you're lazy, you can build one in a programming language module such as rlm_perl - which, being Perl, you can also do pretty much anything in, including AD, LDAP, custom SQL stuff, or even entirely custom implementations (eg, query an external webserver to authenticate a user - so theoretically, 'ebay integration' is possible!).)
It's best not to think of Freeradius as a "monolithic product" (ie, everything built in, with strict compatibility/functionality limitations, as you'd buy off the shelf), and instead think of it as an unfilled server rack, where you can plug and choose based on your requirements. But yes, as Dennis pointed out, you have quite a bit of reading (and I should also mention testing) to do. It should be trivial to build a very simple test-bed installation of Freeradius once you understand what's going on, then you can figure out what your APs and VPN servers are saying (and wanting in return), from which you can choose and configure modules to suit your needs. Jan On 22/05/07, Dennis Skinner <[EMAIL PROTECTED]> wrote:
Ouahiba MACHANI wrote: > Hi, > > Can anyone give me details about FreeRadius compatibility? My questions > are : > > > 1- Dose radius operate easily with Cisco equipments (including > firewalls, VPN, … ) and other hardware VPN servers? > > 2- The same question for software VPN, such as Microsoft Routing and > Remote Access Server (RRAS)? > > 3- the same question for access points? > > 3- What version or variants of the following standards and methods dose > radius support : X802.1X, EAP-X? > > - Is there available plug-in that allow to interface with > ActiveDirectory ? LDAP directories ? Databases (Oracle, MySQL, etc) ? > > Where can I find the features of the actual version of radius? FreeRADIUS is one of, if not the most widely deployed RADIUS server in the world. I can't speak to the specifics of RRAS, but the answer to most of your questions is yes. > I want to develop a plug-in for FreeRadius. This plug-in should be able > to handle authentication requests send from a VPN server (either > hardware, Cisco or a Software (MS RRAS) implementation) or an AccessPoint. > > The second requirements, is that this plug-in should be able to > interface with the different users Data store including ActiveDirectory, > LDAP directories and Databases, to accomplish user authentication. So, you want something to listen for and process requests and then based on that request, do a lookup of some kind to get the user's account information and then do some sort of comparison between them and send an Accept or Reject back. Yep. Sounds exactly like what freeRADIUS does. There are already plugins for LDAP, SQL, Oracle, etc. Time to do some reading I think: http://www.freeradius.org/ http://wiki.freeradius.org/Main_Page http://deployingradius.com/ especially: http://deployingradius.com/documents/protocols/compatibility.html Then grab the tarball and read the files in the doc dir, the man pages, and the comments in the config files. If you still have questions, google+list archive and asking on this list can help. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
