Educause Security Discussion mailing list archives

Re: RADIUS Products

From: "Craig T. Hancock" <chancock () ND EDU>
Date: Tue, 12 Apr 2005 11:18:27 -0500

Hart, Lee Anne wrote:

Hello all,

Does anyone have experience using any of the following RADIUS products:
Microsoft Windows Server 2003 Internet Authentication Service (IAS),
Novell's BoarderManager, or Steel Belted Radius? We are researching
different RADIUS products to use with our Nortel network infrastructure
equipment, but I expect our need will grow in the near future as we
implement wireless and VPNs. Any information and experiences you have
are appreciated. Thanks,

Lee Anne Hart

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Hello Ms Hart,

Here at University of Notre Dame we currently have deployed Microsoft
IAS, for 802.1X project (wireless & wired).
Its been working ok for us, but as far a feature set it lacks the following.
1) Support of multiple EAP types native support is only PEAP
2) For PEAP-TTLS you have to MS Certificate Authority (which doesn't
work well in our environment)
3) Still trying to verify this, but I haven't been able to segment
users by group IAS doesn't seem to
allow for any filters. For example if I wanted authenticated users to be
authorized to a certain network
if they belong to an AD Group
4) Proxying to other Radius systems has been a little unstable not sure
if its the remote Radius
System or IAS.

Besides from those comments above configuration is very straight
forward. I can't speak
on Novell's BoarderManager, but I hear very good things about Steel
Belted Radius, but
its kinda of pricy.

We plan to migrate IAS functionaility to our production radius system
using freeradius. The goal
is to have all network based authtentication (VPN, 8021X, dialup) use it.

Please let me know if you have any further questions

--
******************************************************
Craig T. Hancock
Systems Engineer, Infrastructure Services
Office of Information Technology
University of Notre Dame
******************************************************

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at
http://www.educause.edu/groups/.

Current thread:

RADIUS Products Hart, Lee Anne (Apr 12)
- <Possible follow-ups>
- Re: RADIUS Products Craig T. Hancock (Apr 12)
- Re: RADIUS Products Scholz, Greg (Apr 12)
- Re: RADIUS Products Cal Frye (Apr 12)
- Re: RADIUS Products Michael Lymbery (Apr 15)
- Re: RADIUS Products Krassos, Michael (Apr 18)
- Re: RADIUS Products Michael Lymbery (Apr 18)
- Re: RADIUS Products Steve Bernard (Apr 18)