Solved

Looking for recommendations for a suitable RADIUS server

Posted on 2016-09-12
10
73 Views
Last Modified: 2016-09-27
I am looking for a RADIUS server, but I have some quite specific requirements.

1. Ideally Windows based, we only have Windows Servers / Skills, and don;t really have the time to learn Linux.

2. Simple to install, and easy to maintain.

3. Must have an API or Web service, that I can use for remote applications to create user accounts.  I have seen a few RADIUS Client APIs, but they all seem to be around creating sessions and gaining end user access, I am looking for one that allows me to use a hotel system to create user accounts for the hotel guests to use.

4. Must work with Mikrotik, or similarly RADIUS enabled, Routers.

Any and all suggestions welcomed.

Many thanks.
0
Comment
Question by:townsma
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41793952
it seems the certain choice is Microsoft Internet Authentication Service (IAS), a component of Windows Server operating systems that provides centralized user authentication, authorisation and accounting.

per my understanding, IAS meets your requirements 1 to 3. for the 4th one, it should be compatible with Mikrotik, but I never tried it myself.
0
 
LVL 6

Author Comment

by:townsma
ID: 41793958
Hi Bing,  IAS does not exist anymore, I think Server 2003 was the last server to include it.  They have NPS now, but I am not sure that works as a pure RADIUS Server, it seems to do a lot more, but for LAN environment, not across on the Internet.

But I will certainly dig deeper into it to see if it does what I need.

Many thanks
0
 
LVL 37

Assisted Solution

by:Bing CISM / CISSP
Bing CISM / CISSP earned 125 total points
ID: 41794059
you were correct. NPS officially replaced IAS in W2K8, but for me IAS is always the word in my mind when referring to MS version of RADIUS. actually even MS itself still uses "IAS" in its Windows 2012 documents, e.g. here.

technically NPS fully replaces IAS, and works the same way as a standard RADIUS. therefore my comments from 1 to 4 still apply.

also be aware that Windows 2012 Foundation and Essentials versions only support up to 50 IAS connections, you need to work out your concurrent limit per your hotel need. the limits does not apply to its standard and datacentre versions.
0
 
LVL 6

Author Comment

by:townsma
ID: 41794207
Many thanks for the follow up.  We will need substantially more than 50 connections. One of our small hotels frequently has over 300 connections.

Best regards
0
 
LVL 7

Assisted Solution

by:aamodt
aamodt earned 125 total points
ID: 41795582
NPS works fine on a windows server. using it for a customer with 10,000+ employees.
But also Cisco ACS is a good choice.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 41807898
NPS is a RADIUS server component of the Windows server.  It only does RADIUS.  You can't do user admin or account creation via NPS though, so you'd need to create a web front-end that interacts with either AD or the local user database on a standalone NPS server that isn't joined to a domain.
0
 
LVL 6

Author Comment

by:townsma
ID: 41807917
Many thanks for the advice, but as previously mentioned, I need an API interface of some kind to allow me to create and remove accounts automatically from our PMS system.  We have too many accounts changing everyday to make this a manual process of any kind.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 41807923
This is the problem.  There's no Windows-based RADIUS server (at least that I know of, and I deal with pretty much all flavours of RADIUS) that can do what you need.  You'd need to look at a unix-based distro such as FreeRADIUS or Cisco ISE.
0
 
LVL 6

Author Comment

by:townsma
ID: 41807938
Do either of these distro have an api that allows me to create accounts from a windows application?
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 250 total points
ID: 41807942
FreeRADIUS has lots of open source addons but really FreeRADIUS itself runs on Unix/Linux.  There is a Windows-based port but I don't know if it's current so it may have vulnerabilities.

As for APIs, you may need a custom API to do what you want.  Cisco ISE supports API interaction and so does FreeRADIUS, although it's less-documented.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
VLAN question 7 44
Independent domain networks for setup 6 83
Network Connection 5 34
RDP Sonicwall 8 31
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now