Archive for July, 2007

Open Source is winning

Wednesday, July 25th, 2007

I recently heard an interesting story about a large FreeRADIUS deployment. The company started using FreeRADIUS a number of years ago after some investigation into alternatives. One commercial solution would have been over a million dollars, which seemed a bit much. When they chose FreeRADIUS, their partners responded with “Oh, no! You're using Open Source? That's not good!”.

Their partners were, of course, using commercial solutions.

Today, all of their partners are using FreeRADIUS. Things change.

When I talk to people, the attitude now is “Of course you're using FreeRADIUS.” On top of that, FreeRADIUS is setting standards in the RADIUS space. Switch vendors are pushing to add more features to the server, such as WiMAX.

Honestly, I don't see an end in sight. The server will continue to get more useful, more powerful, and will continue to increase its market share and its industry leadership.

2.0 is cool…

Tuesday, July 3rd, 2007

OK, so it's been a while since I posted that 2.0 should be available “soon”. The wait has been worth it, though. The first “magic” feature is in: VMPS support. It's not a huge addition, but it's useful in certain contexts. The next “magic” feature is in testing, and should be deployed in sites totalling 100k users within a month.

The other changes have made 2.0 feel a lot more like a major revision over 1.x. There is now virtual server support, similar to Apache's virtual servers. But we feel it's more powerful. FreeRADIUS can now have completely different personalities for each port it listens on. For EAP-TTLS and PEAP, the inner tunnel session can be run through a completely different configuration that the outer session.

And there's a new “un-language” in the configuration files. See “man unlang” in the recent CVS versions. It supports complex conditions for matching policies. It can edit any attribute list (request, response, etc) with ease. It removes the ~256 character limitation on expanded strings…

It's at the point where I can't see how I could go back to using even 2.0 from 3 months ago. I think everyone should take a serious look at 2.0 when it's finally released.

I can't finish this blog entry without mentioning the people who's feedback has helped enormously. Arran, Milan, and Doug, your efforts are appreciated enormously. Thanks.