Radiator supports a wide range of features not found on many other RADIUS servers
- Full source code provided
- Extreme flexibility and configurability with web based GUI for configuration and monitoring
- Over 60 different authentication methods are supported, which can
be mixed and chained to suit almost any authentication need
- Unlimited users
- Complies with RFCs 2548,
- Dictionary or other applicable support for RFCs
- Supports RFC 6614,
also known as RadSec - secure, reliable RADIUS proxying
- Acts as a Diameter to RADIUS gateway for NAS authentication and accounting.
Supports Diameter RFCs 3588,
Diameter support includes TLS encryption, TCP or SCTP transport, accounting,
PAP, CHAP, MSCHAP, MSCHAP-V2 and EAP types. Interoperates with Cisco, NSN, Juniper, Huawei and other vendors
- Acts as a RADIUS to Diameter gateway for NAS authentication and accounting.
- Supports EAP in accordance with RFC 3748
- Supports EAP-MD-Challenge, EAP-OTP and EAP-GTC, RFC 3748
- Supports EAP TLS, RFC 5216
- Supports EAP TTLS, RFC 5281
- Supports PEAP, IETF drafts and MS-PEAP
- Supports EAP-MSCHAP-V2
- Supports Cisco LEAP
- Supports EAP-FAST, RFC 4851
- Supports EAP-pwd, RFC 5931
- Supports EAP-PSK, RFC 4764
- Supports EAP-PAX, RFC 4746
- EAP-SIM, EAP-AKA, EAP-AKA', 3GPP AAA Server and other related features are
available through Radiator SIM Pack
- Acts as authentication server for IEEE 802.1X with support for IEEE 802.1AE, also known as MACsec
- Supports HOTP, RFC 4226
- Supports TOTP, RFC 6238, sometimes referred as Google Authenticator
- RADIUS SIP Digest authentication as per draft-sterman-aaa-sip-00.txt
and RFC 5090
- Diameter 3GPP EIR and other carrier features are available through Radiator Carrier Pack
- Diameter 3GPP GBA/BSF support for VoLTE Supplementary Services and other
related features are available through Radiator GBA/BSF Pack
- Diameter 3GPP PCRF, PCEF, OCS, and other Diameter and RADIUS related policy and charging
features are available through Radiator Telco Pack
- Complies with 3GPP2 P.S0001-A Wireless IP Network Standard up to version 3GPP X.S0011
- Supports iPass and GoRemote roaming services
- Supports SIP2 - the 3M Standard Interchange Protocol (SIP) 2.0
- Supports many ISP billing packages
- Supports most Vendor Specific Attributes
- Supports most SQL databases
- Supports most platforms
- Supports Radar monitoring for RADIUS
- Test command line and GUI utility allows you to test user passwords and to load test your server
- Works with any RADIUS server and RADIUS client
- Performance and scalability for large systems (Examples
of commercial installations)
- Integrates with complete Lawful Interception systems
providing RADIUS-based triggering, traffic interception, mediation and
- Supports IPv4 and IPv6 on RADIUS, proxy, TACACS+, SNMP connections
etc. Supported RFCs include
- Supports VOIP authentication such as Asterisk
- Supports a number of EAP authentication methods as used in 802.1X
wireless LANs. This means that secure wireless authentication
and communication can be easily configured.
- Free Private server and client certificates for testing 802.1X authentication
- Can act as a gateway between PEAP-MSCHAPV2 clients and non-EAP RADIUS
- Interoperates with Coova - the open
source captive portal for wireless hotspot management including CoovaAP
- open source hotspot access point firmware.
- Supports Novell eDirectory with
universal passwords. Universal passwords can be used with PAP, CHAP,
MSCHAP, MSCHAPV2, TLS, TTLS-*, PEAP, EAP-MD5, etc.
- SNMP support for the IETF Radius Server MIB: gather server stats
- Full suite of load balancing algorithms for RADIUS proxying.
- Grouping, chaining, diverting and reusing of authentication methods
is easy and means you can authenticate users even with very unusual
collections of user databases.
- Flexible and extensible event logging.
- Utilities for creating and updating user databases in various formats
- Simultaneous-Use check item can optionally verify logins for most
- Automatic IP address allocation from SQL database and DHCP.
- Check items can be regular expressions.
- Automatically choose authentication methods based on any combination
of request attributes.
- Ascend abinary Filter attributes, including generic, ip and ipx.
- Plug-in authentication handlers.
- Username rewriting and realm stripping.
- Object-Oriented design and understandable code (with many comments).
- Works with almost any SQL database schema.
- Fault tolerant connection to your SQL server recovers when your SQL
- Logging to log files, STDOUT, SQL, syslog, or your your own logging
- Proxy-State and Proxy-Action support.
- Proxy to primary/secondary radius servers with multiple fallbacks
and round-robin DNS.
- Multiple DEFAULT users with optional Fall-Through.
- Auth-Type cascades authentication to another user database of any
type. Checks authentication in a multitude of ways: if user is in any
database, if user is in all databases or any combination.
- Block authentication according to time of day and day of week, and
force disconnection at the end of valid time blocks.
- Rewriting of requests and replies during forwarding and proxying.
- Run-time variable substitution in reply items.
- Multi-homed hosts.
- Primary/secondary and multiple redundant servers.
- Connect-Rate limits maximum permitted connection speed.
- Flat file (or any other method) backup database in the case of SQL
- Supports plaintext, Unix Crypt, MD5 crypt, Radmin RCRYPT, SHA crypt
passwords in any combination.
- Block logins based on any combination of NAS and port.
- Ascend Tunnel-Password encryption.
- Radiator supports Rcrypt reversibly encrypted passwords.
- Prefix and Suffix check items.
- Honours the "Dialin Privilege" flag on NT User Manager.
- Easily configurable rejection messages: tell your user why they can't
- Authentication logging lets you capture plaintext passwords from
- Supports IETF RADIUS Tunnelling attributes.
- Session management works even with multiple server instances, via
internal, DBM or SQL session databases.
- Supports ADSL.
- Supports GPRS, UMTS and 4G/LTE
- Can optionally act as a TACACS+ server, converting TACACS+ requests
into RADIUS requests.
- Optional tunnelling of Radius requests using SOAP over HTTP or HTTPS
for improved security.
- Handles special mapping of Breezecom/Alvarion accounting VSAs.
- And much, much more.....
- Unix and Linux
- Solaris 8, 9, 10, 11. 32-Bit or 64-Bit. SPARC or Intel
- Windows 7/8/8.1/10 and Server 2008/2012/2016
- Mac OS X
Radiator has strong support for a wide range of 802.1X/RADIUS devices such as Wireless LAN Access Points and wired LAN switches.
- Radiator supports a wide range of standard EAP authentication methods,
including MD5, One-Time-Password (OTP), Generic Token Card (GTC), TLS,
TTLS (including PAP, CHAP, MSCHAPV1 and MSCHAPV2), PEAP and LEAP compatible.
- EAP-SIM, EAP-AKA and EAP-AKA' authentication support for Radiator is available through Radiator SIM Pack
- Supports IEEE 802.1AE, also known as MACsec
- Radiator includes free private server and client certificates for testing
| Wireless Controllers and Access
||Any 802.1X Radius compatible Wireless Controllers and Access Points
||3Com SR AP 8000
|Airborne Enterprise Wireless Device Servers and Bridges
|Apple Airport Base Station
|Cisco WLC and Aironet APs
|D-Link DWL-900AP+, D-Link DWL-1000AP+
|LANCOM - supports RADIUS and RadSec
|Linksys WRT54G etc
|Orinoco/Proxim AP-2000, AP-2500, AP-1000, AP-500
|ZyXEL ZyAIR B-3000
| Wireless Cards
Any 802.1X compatible wireless card including:
| LAN (wired) Switches
||Any 802.1X Radius compatible wired LAN switch including:
||3Com SuperStack 3 4400 ethernet switch family
|Cisco Catalyst 3550
|HP Procurve 2524 and 2650 series
| Clients on:
|| EAP types supported
| Linux, Open BSD, etc
||TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2, TTLS-EAP-MSCHAPV2,
TTLS-MD5, PEAP-MSCHAPV2, PEAP-GTC, PEAP-TLS, LEAP, FAST, GTC, TLS,
EAP-MSCHAPV2, MD5, PSK, PAX. EAP-SIM, EAP-AKA and EAP-AKA' (with Radiator
add-on EAP-SIM support package)
||Depends on Windows version: at least TLS, PEAP (MSCHAPV2, TLS)
||Depends on the client: typically EAP-Generic-Token,
TLS, PEAP (MSCHAPV2, EAP-Generic-Token), LEAP. FAST, EAP-SIM,
EAP-AKA and EAP-AKA' (with Radiator add-on EAP-SIM support package)
||TLS, PEAP (EAP-MSCHAPV2), TTLS, FAST
||TLS, PEAP (EAP-MSCHAPV2), TTLS, pwd
||Windows Phone Native
||Depends on WP version: at least PEAP (EAP-MSCHAPV2)
|Mac OS X
||OS X Native
||MD5, TLS, TTLS (PAP, CHAP, MSCHAP, MSCHAPV2), PEAP (MSCHAPV2), FAST,
Radiator can authenticate for many different realms and clients at the
same time, with different databases, options and authentication methods
in each realm. Multiple proxy targets, with packet and attribute filtering
allow you to service both small and large ISP and carrier environments.
Radiator can authenticate users from a wide variety of different user
databases, such as
- Flat files in standard RADIUS user database format
- DBM files in Merit DBM file format
- Unix password format files (including shadow files)
- Most commercial and free SQL databases
- Proxying to other RADIUS servers by UDP
- Proxying to other RADIUS servers by RadSec for secure reliable delivery
- LDAP (including Umich, iPlanet/Netscape, OpenLDAP, Open Directory).
Supports SSL and TLS connections, simple and SASL binding.
- Tacacs Plus (PAP and CHAP)
- Native Windows NT user database and domains (even from Unix!)
- Active Directory on Windows 2000 and later
- AFS Kerberos
- Heimdal Kerberos (supports PAP, EAP-MD5, EAP-MSCHAPV2, etc)
- Microsoft Windows LSA
- PAM, and thus any authentication method supported by PAM
- Custom One-Time-Password systems including auto password generation
and customisable back-channel password delivery such as SMS (SMS gateway not included)
- RAdmin User Administration
- saslauthd authentication server from Cyrus SASL
- Your legacy user database
- SIP2 - 3M Standard Interchange Protocol (SIP) 2.0 for authenticating and authorising library patrons
- External programs and scripts
- iPASS Roaming Network both inbound and outbound authentication and accounting.
- Other methods contributed by Radiator users
- RSA Security RSA Mobile and Authentication Manager
- Telstra DialConnect
- CHAP authentication
- Apache htgroup files
- OPIE one-time-passwords
- MSCHAP (v1 and v2) authentication and MPPE Keys as per RFC 2548.
- Cisco VOIP implementations
- Works with most EAP authentication protocols
- Compatible with MICROS-Fidelio OPERA Property Management System
- Novell eDirectory,
including support for Novell Universal Passwords and NMAS Methods such
as the Vasco Digipass NMAS Method.
|Token Based Authentication
SecurID authenticators provide two-factor security access. Support
for ACE/Server 5.0, 5.1 and 5.2, plus Authentication Manager (formerly
ACE/Server) 6.1, RSA Authentication Manager 7.1 and
||SafeWord PremierAccess with fixed (static) passwords
and SafeWord Silver and Gold tokens.
||SecureOTP - token-based 1 or 2 factor authentication
system by SecureMetric, offering event based, time based, hybrid and
CR (challenge response) Tokens.
|| Digipass Token-based authentication can be added to
new or existing RADIUS infrastructure. Read the Radiator
Digipass Support white paper for more information.
||WiKID Strong Authentication System - dual-source,
software-based two-factor authentication system. Available with both
soft- and hardware tokens. How
to use WiKID Strong Authentication with OSC's Radiator
||YubiKey - USB-key for instant access to
networks and services that works on multiple platforms and does not
need any client software.
Radiator works with any SQL database that has Perl DBD support, including:
- Microsoft SQL Server versions up to 2012
Radiator interoperates with
which provides high availability, scalability and manageability
services for MySQL, PostgreSQL and Sybase.
OSC can provide assistance with converting passwords from Cisco Secure
ACS database dumps or Juniper Networks Steel Belted Radius RIF export
files. Contact us for details
Radiator can store accounting information in a variety of formats including:
- flat files in standard Livingston radius accounting file format
- most free and commercial SQL databases
- proxying to other Radius servers
- RAdmin User Administration
- most ISP billing packages
- your legacy accounting database
- wtmp files
- proxying to a SOAP server
- compatible with MICROS-Fidelio
Opera Property Management System
Radiator supports many ISP billing packages including:
NAS's (Network Access Servers) supported
Radiator has been tested with a number of clients and servers and will
work with any RADIUS compliant client or server. A
partial list of clients is below:
- Alcatel DANA
- Apple AirPort
- Ascend (all models)
- Assured Access X1000
- Bay including RAC8000 and Annex Server 5399
- Cisco routers and NAS's
- Cisco Aironet AP340 and AP350 wireless Access Points
- Cisco SSG and SESM
- Enterasys SS2200, SSR8000 SSR8600
- Ericsson ACC
- Ericsson GSN
- Ericsson IMS Diameter
- GRIC AimTraveler
- iPASS Net Server and Roam Server
- Livingston Portmaster including 25 and 3
- Merit proxy server 2.4 and 3.5
- Microsoft PPTP
- Nokia Access Controller
- Nomadix USG II
- Nortel including CVX
- Orinoco/Proxim wireless Access Points
- Portslave 1.16
- Ravlin RedCreek
- Redback, including SMS and SE 800
- SecurityDynamics ACE/Server Radius
- Spring Tide
- USR/3Com Total Control (including HiPer ARC)
- Windows RRAS
- And any other RADIUS compatible device
VSA's (Vendor Specific Attributes)
Radiator supports standard and non standard Vendor Specific RADIUS attributes including:
- Cisco (including VOIP)
- CVX 4-byte Vendor Specific Attributes, including
the Vendor Specific boolean data type.
- Breezecom with broken VSA's
- DTag (Deutsche Telekom)
- Redback 64bit integers
- and many others...
Radiator interoperates with several Lawful Interception solutions including:
Minimum System Requirements
- Unix, Linux, Windows 7/8/8.1/10, Windows Server 2008/2012/2016 or Mac OS X
- Perl 5.8.8 or better, ActivePerl from ActiveState
or Strawberry Perl on Windows.
- 32MB of disk space for the Radiator distribution. Additional space for log files.