Archive for the 'Musings' Category

Why the server succeeded.

Saturday, September 2nd, 2006

When I started FreeRADIUS, there were a few open source RADIUS servers in development. Yet a few years later, almost all of them are not actively developed or maintained. What qualities did FreeRADIUS have that allowed it to succeed and grow, when many open source project stagnate?

I think it's because of the architecture. Not just of the software (though that helps), but of the larger social group surrounding it. The following qualities are vital to getting community involvement in an Open Source project:

  1. Modularized code.
    Not only must the code be easy to understand, it must be easy to add new features. The pluggable module interface ensured that it was easy to add new modules. The benefit of the design was shown quickly, when many modules (LDAP, SQL, etc) were added quickly after the project started.
  2. Fast acceptance of patches.
    There's nothing worse than submitting a patch for a bug fix or feature enhancement to an open source project, and having it ignored. It's discouraging, and usually means that you'll move your efforts to something that's more productive. In the end, the project loses, because it loses features and bug fixes that everyone needs.
  3. Public mailing lists.
    Not only the “users” or “help” list has to be public, the developers list has to be public too. The developers have to be active on both lists, to help users, and to have public discussions about the design and direction of the project. A welcoming attitude to open discussion means that more people contribute, which means that the project gains the benefit of everyones expertise.
  4. Public CVS repository and bug site.
    Allowing people to submit bugs and view the source code ensures that they can find out if other people have run into the same issues they see, and what the solutions are. People are more likely to use a piece of software if they see that it is under active development. They can use an unstable version from CVS to get the feature they need, which means thay don't use another piece of software.
  5. Fast development.
    An incremental approach to development is better than the “big bang” approach. Don't underestimate the power of a series of small fixes. The small fixes means that the project almost always works, which means people use it and debug it. The small fixes also mean that new features are available quickly, which again means people use those features and debug them.

All of the items discussed above are important, but it's interesting what I left out: documentation. While documentation is useful, it doesn't help most developers, who are the ones driving bug fixes and new features. Documentation is useful to end users, of course, which is why I'm writing the book.

Finally, the items discussed above are all really variants of a common theme: Low barrier to entry. The easier it is to get work done, the more work people get done.

It's not rocket science, but it's amazing how many open source projects fail because the founders run the project with high barriers to entry.

How big is FreeRADIUS?

Sunday, August 6th, 2006

I can't tell for sure, but there are a lot of people using FreeRADIUS. The main FreeRADIUS page says it's in the “top 5″ servers, but that's really a guess based on the following information:

RADIUS Server Software

Maybe the main web page needs updating. I can't think of other RADIUS servers that have as big a market share as the four listed above. And many commercial RADIUS products not listed above use FreeRADIUS as the protocol engine for their product.

In terms of cusomer base, I know of at least 4 deployments with 2 to 8 million users. I know of hundreds of small sites (universities, etc) with tens of thousands of users. Most sites won't let their names be used publicly (for a number of reasons), but if you're planning on deploying FreeRADIUS, you're not alone.

So FreeRADIUS looks to have a significant portion of the RADIUS server market. Without doing more detailed analysis, the best guess is that somewhere between 10% and 50% of RADIUS server installations world-wide are for FreeRADIUS. And with 802.1x deployments becoming ubiquitous, there are likely many, many more people installing FreeRADIUS in home networks with less than 10 users.

That's not bad for a software product with no support staff, no development budget, and no marketing.

I was sure RADIUS was dying…

Friday, August 4th, 2006

5 years ago, I was sure RADIUS was dying. Since then, I've discovered why I was wrong.

Everyone wants RADIUS. You can go to Best Buy, and pick up a Linksys WRT54G for less than $100. You can run OpenWRT on it, which includes packages for FreeRADIUS!

That's cool.

You just can't kill a technology that is ubiquitous, and that everyone wants. Not that I want to do anything to RADIUS… I enjoy working in the space. But there have been many rumors over the past few years about the death of RADIUS.

Don't believe them.

I'm writing a RADIUS book.

Monday, July 24th, 2006

I've been working on FreeRADIUS for over 7 years, and RADIUS for over a decade. In that time, RADIUS has grown substantially. The wireless market (802.1x) has exploded in recent years, making it even more important for the average administrator to have a good RADIUS reference.

The O'Reilly book is a good introduction to many of the RADIUS basics, but it's starting to show it's age. It's almost 4 years old, and covers an ancient version of the server. The goal with a new book is to discuss new features that have been developed in the last few years, and to cover additional topics that the O'Reilly book didn't cover in detail.

The current plans are to cover the following topics, in as much detail as possible:

  • RADIUS background and history,
  • RADIUS network architecture,
  • Common deployment problems,
  • Ongoing maintenance issues,
  • FreeRADIUS installation,
  • Configuring radiusd.conf,
  • Configuring the users file,
  • Server modules, including writing custom modules,
  • Whatever else I have time for, and people need.

The book is titled Deploying RADIUS because its emphasis is helping administrators set up a functional and maintainable RADIUS infrastructure. It starts off with small systems, and gradually introduces new concepts to end up at a complex installation. Rather than being a collection of template “how-to's”, the book is designed to give the administrator the experience and knowledge to solve new problems in common RADIUS deployments.

The subtitle is Practices and Principles in order to highlight my experience that most deployment problems relate to methods, rather than knowledge. A lot of RADIUS knowledge can be found online via Google searches, or in existing documentation. I would refer to much of that information as trivia, because lists of attributes don't help the average administrator in their search for meaning.

What this means is that the book will summarize my decade of experience with RADIUS, and give you, the administrator, the tools to track down the problem, find the solution, implement it, test it, and deploy it quickly with minimal errors.

Oh, and it will contain trivia, too. There are a number of little details and “gotcha's” in FreeRADIUS that aren't documented anywhere else.