Radius Authentication Servers
The following programs do Radius authentication only. They are console based 'command line' programs. They are meant to permit configuration and development without the need of a real Radius server. RadIIS is gaining in popularity not only because of the popularity of Radius, but also because users can do total authentication on Windows asp without the expensive CAL licensing. Work is currently underway on a freeware high performance Radius authentication server which will run as a service and feature remote administration. A number of COM based facilities for user data base management are under construction.
Radserv1
This is the simplest Radius authentication server possible. This is intended to take some of the 'mystery' out of the configuration process. Prospective users can get Radiis configured without bugging whoever is administering the Radius server.
Simply specify a listening port number on the command line (or it defualts to 21812). Any UDP packets it receives will be answered with a basic Radius PAP access accept or access reject packet. It does not decode the request packet so it has no way of checking the password. It looks for the username in the location of the packet where Radiis and NtRadPing put this information. If the first character of the username is 'x' or 'X', an access reject response is sent. Otherwise, an access accept is sent.
Radserv2
radserv2 is a more serious Radius authentication server, as opposed to radserv1. Authentication requests are decoded using the shared secret specified. Username/password is checked against a list of up to 100 users. Using this tool, a great deal of serious configuration and development can be done without using a real Radius server.
The command line takes 3 parameters:
The username/password file is a simple text file. A line of this file consists of a username followed by a password separated by one or more white spaces. When the program starts, the parse of this file is printed to the standard output:
Radas
This is a full scale, high capacity freeware Radius authentication server. It runs as a service and includes a secure admin client and a high capacity 'builder' for creating large user databases. Radas does authentication only. Radas was written to enable full asp based authentication without Microsoft's expensive CAL requirement. The overhead required for querying a database for authentication can be prohibitive. With Radas, a simple query can be used to generate the input file for the builder. Together with RadIIS, the result is a high capacity web authentication system whose IIS logs contain all record of user access (the Radius username appears in the IIS logs). Radas is offered free to promote the licensing of RadIIS.
Radprox
Radprox is a radius authentication request proxy. It distributes a single authentication request to a specified list of target radius servers. It returns the first authentication-accepted packet to RadIIS. In the event of no successful authentications, it returns a 'generic reject packet'.
Radprox runs as an NT-service. A simple input data file specifies its listening port and target Radius servers.
Radprox, together with Radas, can be used to bring entire groups of users on and offline in existing RadIIS installations. As an example, consider an existing arrangement where RadIIS is authenticating from IAS with 1200 users. With Radprox and Radas, 100 additional users can be added by building a Radas input file and specifying the additional server in a Radprox input file. With Radprox, RadIIS can query both Radius servers.