|
RadiusNT/RadiusX V5 Frequently Asked Questions (FAQs)
Can I upgrade directly from a previous version of RadiusNT/RadiusX V5?
Yes! You can upgrade directly from V3.0 or 4.0 to
RadiusNT/RadiusX Professional or Enterprise editions. We are offering
special introductory pricing on product upgrades for valued existing
customers. Please contact your IEA Software Sales Team for more
information. Sales@iea-software.com or (509) 444-2455 You may also
download a trial version from our Download Center.
What if I just purchased or upgraded to RadiusNT/RadiusX V4?
We are offering price protection for up to 30 days
prioir to V5 release (Oct 1, 2003). If you have recently purchased V4 and would
like to upgrade to V5, please contact your IEA Software Sales Team.
Do I need to modify the database I currently use with Emerald or RadiusNT/X to work with V5?
If you are using Emerald 2.5 you will first need to run the emer25_up.sql script
included with the RadiusV5 distribution. Existing Emerald V4, RadiusNT V3 and V4 databases are
compatible with RadiusNT/X V5 without any database changes. However if your using MS SQL Server or Sybase
and wish to take advantage of the new filtering functionality you can optionally run up_radfilters_mssql.sql
against your existing database to add support for these new features.
I already have Emerald, and want to try the new version of RadiusNT/RadiusX. Do I need another license key?
Yes. You will need to install the RadiuNT/RadiusX
version 5 key. Please contact your IEA Software Sales team for more
information.
Does RadiusNT/X support secure wireless technology?
Yes! RadiusNT/X supports Cisco propriatary EAP-LEAP as well as EAP-PEAP (v0 - Microsoft and v1 - IETF)
for which clients are included with the Microsoft windows platform and avaliable for Linux & MAC.
They provide secure authentication and dynamic session encryption keys needed to secure wireless LANs.
We have successfully tested with Cisco, Microsoft and the Meetinghouse AEGIS clients.
Note: An access point supporting RADIUS and 802.1x authentication is required to take advantage of these features.
Does RadiusNT/RadiusX integrate with any filtering service?
Yes! If you use the 8e6 Technologies' X-Stop Internet
filtering service, Emerald provides an easy interface to apply X-Stop
filters to any Service account. An X-Stop configuration link will appear
on the screen whenever the RADIUS Standard 'Class' Attribute is selected
from the RADIUS Attribute selection screen.
Does RadiusNT/RadiusX support LDAP authentication?
Yes, in the Enterprise editions. If you have users
stored in an LDAP directory, you can have RadiusNT/RadiusX
authentication directly from the LDAP server, rather than copy the user
information. The RadiusNT/RadiusX LDAP Interface is flexible enough to
operate with nearly all LDAP-based directory servers by way of a
configurable search filter and LDAP-> RADIUS attribute/value mapping
system.
Does RadiusNT/RadiusX support token-based security?
Yes, in the Enterprise editions. We are compatible
with Symantec/Axent Defender, Secure Computing's Safeword, and RSA
Security's ACE/Server
What features are in the RadiusNT/RadiusX Professional Edition?
 |
Based on industry-standard RADIUS protocols supporting the following IETF RFCs:
RFC 2284,
RFC 2548,
RFC 2619,
RFC 2621,
RFC 2759,
RFC 2865,
RFC 2866,
RFC 2867,
RFC 2868,
RFC 2869,
RFC 2882,
RFC 3078,
RFC 3079,
RFC 3162,
RFC 3576,
RFC 3579,
RFC 3580,
RFC 4590,
RFC 4679
and RFC 5090.
|
|
Supports multiple authentication protocols: PAP, CHAP, MSCHAPv1 and MSCHAPv2, HTTP digest/SIP, Wireless 802.1x/EAP
authentication: EAP-LEAP (Cisco aironet), EAP-PEAP (v0 and v1), EAP-TTLS, EAP-GTC, EAP-MD5 and EAP-MSCHAPv2.
|
|
Authenticate users from a wide range of sources, multiple sources can be used concurrently on a per-user or per-domain basis.
Open Database Connectivity (ODBC) support for Microsoft SQL Server, Sybase, Oracle, MySQL, PostgreSQL and others as configured.
Standard RADIUS Users text file, UNIX password file,
Windows authentication (SAM,AD..etc) (RadiusNT only), UNIX authentication (local, NIS+..etc) (RadiusX Only).
Additional sources available in Enterprise version.
|
| IPv6 transport and attributes |
| Multiple database password formats supporting plain text, Emerald encrypted (AES), unix crypt, unix bigcrypt, MD5, SMD5, SHA1 and SSHA1. |
| Distributed session concurrency control on a per-user and per-group basis. |
| Integrated support for SNMP queries to capable NASes to verify session status. |
| Extensive logging and debug options including packet and encrypted tunnel level logging and support for syslog hosts. |
| Takes advantage of an unlimited number of ODBC databases for fault tolerant authentication and accounting services. |
| Main memory indexing provides fast response times for large numbers of users and session profiles. |
| Cisco VOIP attribute parsing for accounting. |
| 'Smart caching' optionally keeps external ODBC database accounts synchronized with fast internal database for higher performance and an additional layer of fault tolerance against external database failure. |
| Self-tuning ODBC accounting spooler dynamically provides high throughput or high concurrency based on current accounting load. |
| Attribute filtering support rules based modification of attributes as well as external ODBC access allowing complex decisions to be made based on attributes coming in, going out or proxied through RadiusNT/X. Attribute filtering enables new classes of operator specific applications without custom programming or scripting. |
| Rule based attribute proxy of authentication or accounting requests |
| Alternate failure profiles allow bad requests to be acknowledged with a custom set of attributes. This allows the configuring of limited network access for customers whose accounts may have lapsed or need to pay for additional network access. |
| Strip domain capabilities for flexible roaming support |
| IP address pool management |
| DNIS restriction and access |
| Server and port access controls with individual time of day and session limits |
| Intelligent database interface - Dynamic parameter checking allows authentication stored procedure full access to RADIUS attributes. All internal queries are documented and configurable through the administrative web interface. They provide complete control over the ODBC database interface and make integration with third-party systems easy. |
| Attribute based authentication reject list |
| Real-time view of all established user sessions |
| User-updatable RADIUS dictionary. Included dictionary contains specific VSAs for over thirty popular vendors. Need support for an unknown vendor? Simply send us the vendors RADIUS dictionary and our support staff will provide you with an automated update script to support the new vendor. |
| SNMP Statistics provides detailed information in real-time about the RADIUS server to an external monitoring station such as WhatsUp, MRTG, Openview, Solarwinds and other SNMP capable monitoring packages. |
| Extensive, Scalable proxy roaming /w proxy server load balancing, rate limiting, failover, proxy loop detection, accounting store & forward modes, complete proxy replay at all stages and retry dampening to proxy targets provides a higher level of efficiency and reliability in large roaming/aggregation networks. |
| Packet replay for local requests improves performance over congested networks and improves consistency of accounting data by better detecting duplicate requests |
| Virtual Class correlation provides best-effort Class attribute support for both local and proxy requests in cases where NAS devices are not capable of supporting the Class attribute |
| Eliminates the need to maintain separate subscriber lists for security and billing, and enables enhanced billing schemes such as network usage, prepaid and VOIP |
| All local RADIUS server configurations can be stored in an ODBC database allowing central management of any number of RadiusNT/X servers |
| Comphrensive datatype support includes standard RADIUS, Ascend binary filters, Tunnel (Tag) attributes, IPv6 and RedBack 64-bit integers. |
| Compatible with RADIUS-compliant NAS, VPNs and wireless APs including those from ACC, Cisco, Lucent, Microsoft, 3Com/USR, Ascend, Bay Networks, Nortel, Shiva and many more. Please contact us if you have questions about compatibility. |
| Includes our RADIUS test client. The test client provides valuable testing and NAS simulation facilities in addition to health monitoring and notification for up to hundreds of RFC compliant RADIUS servers. |
| Includes Emerald! Our easy to use web based centralized management platform providing RadiusNT/X configuration, account management, CRM, reporting, customer self-management and signup. Emerald provides a complex operator access model allowing operators to be restricted to accessing specified groups of accounts with separate fine grain access controls for each operator and group. Emerald supports SSL encryption and operator sensitive IP-based access restrictions. NOTE: Billing features of Emerald are not available with a RadiusNT/X only license. When using Emerald with a RadiusNT/X only license there are no licensing restrictions on the number of accounts that can be managed. |
What features are in the RadiusNT/RadiusX Enterprise Edition?
Includes all Professional Edition features plus:
What are the system requirements for RadiusNT and RadiusX?
For current system requirements, please click HERE.
Does RadiusX have a Web-based Administrator?
Yes. The Web-based administrator provides an
easy-to-use Graphical User Interface (GUI) via your Web browser for
configuring RadiusX for your RADIUS authentication, authorization, and
accounting needs.
Does RadiusNT/RadiusX V5 support IP Pooling?
Yes. Usually, the NAS auto-assigns IP addresses to
users as they log in from an internal address pool. If possible, we
recommend this method for assigning dynamic IP addresses.
RadiusNT/RadiusX also provides its own IP address pooling facility. It
works by relying on accounting data to determine which addresses are in.
Will RadiusNT V5 authenticate from Windows NT (SAM) or Active directory?
Yes.
Does RadiusNT/RadiusX support External Authentication API?
Yes. In addition to built-in authentication methods,
RadiusNT/RadiusX Enterprise edition also includes the ability for
additional authentication modules to be defined. Each module has the
ability to see authentication packets received by the server, and either
act upon the request, or pass on the request to another module.
How do I know if RadiusNT/RadiusX will work with my specific NAS or terminal server?
RadiusNT/RadiusX is designed to work with any RADIUS
compatible terminal server. Since the RADIUS should look in the
documentation of your NAS to find out if it supports the RADIUS
protocol. There is also a list of known vendors and links to helpful
areas of the vendor's web site from our partners listing.
Please remember that not all vendors support all RADIUS attributes outlined in the RFCs.
Does RadiusNT/RadiusX support filters?
RadiusNT/RadiusX supports the standard RADIUS filter
attribute as well as the Ascend Binary Filter attribute. For further
information on supported filters, please contact your NAS vendor.
Filters themselves are configured on the NAS; RADIUS as a protocol only
tells the NAS the name of the filter to apply through the Framed-Filter
attribute.
Can RadiusNT/RadiusX use encrypted passwords in the database?
RadiusNT/RadiusX can use UNIX crypt passwords in the
database similar to those found in a UNIX passwd file as well as MD5, SMD5
SHA and SSHA hashes. Please note that this is an advanced feature and is only
for those who have a thorough understanding of this encryption.
RadiusNT/RadiusX does not include any tools to facilitate the creation
or management of passwords in encrypted form.
Can I use WhatsUp to monitor the status of RadiusNT running as a service?
WhatsUp Gold can monitor your RADIUS servers and
inform you of an outage. The WhatsUp Gold documentation includes details
on configuring this function.
Can RadiusNT authenticate from a UNIX password file?
RadiusNT can authenticate from a UNIX passwd, spasswd
or comparable file, similar to the way UNIX RADIUS servers function. For
RadiusNT to authenticate a user from the "passwd" file, you
will need to make the user's or DEFAULTs password "UNIX" in the
RadiusNT/RadiusX users file or database.
Does RadiusNT/RadiusX support an Oracle database?
RadiusNT supports operation with Oracle just
as it does with Microsoft's SQL Server. The difference lies within the
scripts used to create the database itself. A set of scripts for creating a database under Oracle is
included with the RadiusNT/RadiusX distribution (radius5_oracle.sql).
Note: Currently RadiusX does not support Oracle. We're working with
vendors to add Oracle support for our UNIX based RadiusX products.
Can RadiusNT/RadiusX reject users?
Conveniently, you can define a set of attribute/value
matches that RadiusNT/RadiusX will reject immediately, without having to
actually process a request. For instance, if you want to reject any user
calling from a specific phone number, you could add an entry to the
RadReject table with the Caller-ID attribute and the phone number.
Please note that the Reject List is not enabled by default. You must
enable Reject List in the Advanced section of RadiusNT/RadiusX
Configuration Administrator and then restart RadiusNT/RadiusX.
What is Smart Cache?
The primary feature of the Smart Cache is the ability
to maintain operations in the event of a database (or connection to the
database) failure. This feature allows RadiusNT/RadiusX to continue
operating until the problem can be fixed. It also includes the ability
to have connections to multiple databases, similar to a replication or
cluster scenario, whereby RadiusNT/RadiusX can automatically failover to
a second database should the first database fail.
Does RadiusNT/RadiusX have Syslog Support?
Yes. Rather than logging information locally on each
server, all log information can be sent to a central syslog server. This
feature allows for greater manageability of multiple servers, since you
can look in one central log file for potential or current problems.
|
