FreeRADIUS
High-performance and highly configurable RADIUS server supporting authentication via local files, SQL, Kerberos, LDAP, PAM, and more. Includes powerful policy language, proxying, EAP types, and vendor-specific attributes.
Description
FreeRADIUS is a high-performance RADIUS server used for Authentication, Authorization, and Accounting (AAA). It supports diverse authentication backends including local files, SQL databases, Kerberos, LDAP, PAM, and others. The server features a powerful policy configuration language, request proxying and replication by various criteria, support for numerous EAP types like TLS, PEAP, TTLS, vendor-specific attributes, and regexp matching in string attributes.
Common use cases include setting up RADIUS servers for network access control, Wi-Fi authentication (WPA Enterprise), VPNs, and dial-up services. Kali Linux provides the core freeradius package along with modules for DHCP, LDAP, MySQL, PostgreSQL, Redis, and more specialized components like Yubikey support. Client utilities in freeradius-utils enable testing, debugging, and management of RADIUS interactions.
The tool ecosystem includes binaries like checkrad for user login checks, raddebug for server debugging, radmin for administration, and utilities such as radtest, radclient for sending test packets to RADIUS servers.
How It Works
FreeRADIUS operates as a daemon listening on UDP/TCP ports for RADIUS packets, processing Authentication, Authorization, and Accounting requests. It evaluates policies defined in its configuration language, checks credentials against configured backends (local files, SQL, LDAP, etc.), supports EAP methods for secure authentication, proxies requests, and logs/maintains counters in databases like rlm_counter. Modules extend functionality for DHCP, database drivers, and caching via memcached or Redis.
Installation
sudo apt install freeradiusFlags
Examples
checkrad -hfreeradius -hrad_counter -hraddebug -hradmin -hradclient --helpradtest -h