Updated: 2022-06-30

General questions

What is the best RADIUS server?

From our point of view, Radiator AAA Server is the best choice for RADIUS, Diameter and other AAA server needs. Because of the flexibility of Radiator, our customers call it the Swiss Army knife of RADIUS servers. More info on Radiator can be found from Radiator product site https://radiatorsoftware.com/products/radiator/

Is Radiator open source?

Radiator is not open source, but when you purchase Radiator, full source code is always supplied.

How much does Radiator cost?

You can see selected Radiator licence prices at https://radiatorsoftware.com/pricelist/. Pricing for the Radiator add-on modules is provided upon request by contacting Radiator sales.

Who is using Radiator?

Radiator AAA server is used for user and network authentication by a huge range of different organisations: educational institutions, cities, governmental organisations, ISPs and telecom companies, managed service providers, utility companies, and private businesses in various fields such as hospitality, finance, defence and medical industries.

References

Radiator has a large and active worldwide customer base. Please see our website for customer references: https://radiatorsoftware.com/customers/ and https://radiatorsoftware.com/use-cases/

Is there an online demo available?

There is a Radiator Demo Cloud online demo - you can book a timeslot to go through typical Radiator use cases (or possibly your own use case) with Radiator experts.

Where is the Radiator team based?

The Radiator team is based in Finland, where development and sales are done. At the same time, we also have a worldwide partner network providing support and consultation.

Who is behind Radiator?

Radiator was developed by Australian-based Open System Consultants (OSC) 1998-2013, until the Finnish team acquired OSC in 2013 and took over Radiator development and business. The resulting company is Radiator Software.

Who is the manufacturer for Radiator?

Radiator Software Oy is the sole manufacturer of Radiator AAA Server software. Radiator Software sells Radiator licences globally and you can buy a licence directly from the Radiator team. Radiator licences are also sold through various distribution partners all over the world.

Features

Which RFCs, protocols and authentication methods are supported by Radiator?

Full list can be seen from our technical documentation, but short listing is here:

  • Complies with RFCs 2548, 2619, 2621, 2865, 2866, 2867, 2868, 2869, 3579, 4669, 4671, 5176, 5997
  • Dictionary or other applicable support for RFCs 4372, 4849, 4675, 4849, 5080, 5447, 5580, 5607, 5904, 6158, 6929, 6519, 6572, 6677, 7055, 7268, 8044
  • Supports RFC 6614, also known as RadSec – secure, reliable RADIUS proxying
  • Acts as a Diameter to RADIUS gateway for NAS authentication and accounting. Supports Diameter RFCs 3588, 6733, 4072, 4005, 7155
  • Acts as a RADIUS to Diameter gateway for NAS authentication and accounting.
  • Supports EAP in accordance with RFC 3748
  • Supports EAP-MD-Challenge, EAP-OTP and EAP-GTC, RFC 3748
  • Supports EAP TLS, RFC 5216
  • Supports EAP TTLS, RFC 5281
  • Supports PEAP, IETF drafts and MS-PEAP
  • Supports EAP-MSCHAP-V2
  • Supports Cisco LEAP
  • Supports EAP-FAST, RFC 4851
  • Supports EAP-pwd, RFC 5931
  • Supports EAP-PSK, RFC 4764
  • Supports EAP-PAX, RFC 4746
  • EAP-SIM, EAP-AKA, EAP-AKA’, 3GPP AAA Server and other related features are available through Radiator SIM Pack
  • Acts as authentication server for IEEE 802.1X with support for IEEE 802.1AE, also known as MACsec
  • Supports HOTP, RFC 4226
  • Supports TOTP, RFC 6238, sometimes referred as Google Authenticator
  • RADIUS SIP Digest authentication per draft-sterman-aaa-sip-00.txt and RFC 5090
  • Diameter 3GPP EIR and other carrier features are available through Radiator Service Provider Pack
  • Diameter 3GPP GBA/BSF support for VoLTE Supplementary Services and other related features are available through Radiator GBA/BSF Pack
  • Diameter 3GPP PCRF, PCEF, OCS, and other Diameter and RADIUS related policy and charging features are available through Radiator Telco Pack
  • Complies with 3GPP2 P.S0001-A Wireless IP Network Standard up to version 3GPP X.S0011

What platforms are supported by Radiator?

Radiator supports all the most used operating systems (Unix, Linux, Windows and Mac OS). For a complete list for different operating systems and for example Linux distributions, please see https://radiatorsoftware.com/supported-platforms/

Database

What databases are supported by Radiator?

Radiator supports SQL and LDAP databases. Database support includes a wide selection of popular databases, including but not limited to MySQL, MariaDB, Oracle, PostgreSQL, Microsoft SQL Server, and Active Directory, OpenLDAP, etc.

Why is there no database included?

Radiator doesn’t include its own database, as it is designed to be integrated with existing databases so that customer’s data, and database tools and frontends can be utilised without duplicating information to different systems. This saves effort as there is no need to manage and backup several different databases, and for example user data can be edited with familiar tools by non-technical staff.

How is database HA ensured?

Radiator leverages customer’s existing database infrastructure. High-availability is achieved through database backend’s own mechanics and tools, be it a redundant server in next cabinet or n-way replication on different datacenters.

Multiple database sources can be specified for Radiator. Whenever Radiator connects to a database, connection to the first listed source is tried. If that connection fails, Radiator tries the second, third and so on, until all the databases are tried, and finally gives up without replying to the NAS. This gives the NAS the opportunity to fall back to another RADIUS server if all SQL databases are down.

See also How is RADIUS high-availability achieved?

Installation

Perl versions

Radiator requires Perl 5.8.8 or newer to function. Radiator is written entirely in Perl and is therefore highly portable. We also provide full source code. Many Unix distributions include Perl as part of the standard installation. Common Windows Perl distributions include ActivePerl and Strawberry Perl. For easy deployment on Windows environments, the Radiator MSI package contains a Strawberry Perl portable version.

How do I install Radiator?

Radiator offers a wide selection of installation packages in various formats, for example RPM, deb and MSI. In case a suitable format is not available, Radiator can also be installed from the archive package. In addition of Radiator releases, we also have testing packages available. Testing packages contain changes planned for the next Radiator release.

Radiator installation packages are available for download and also from our repositories.

Installation instructions for various cases are available in our reference manual chapter Installing and upgrading Radiator as well in our web pages https://radiatorsoftware.com/products/radiator/installation/

Where the packages end up on Linux distributions?

When Radiator is installed on Linux, several locations are created. Radiator default configuration is available for modifications on /etc/radiator/radiator.conf, logs by default go to Radiator log directory /var/log/radiator/ and the full source code to /opt/radiator/. For full list of all locations created, see installation instructions on Radiator reference manual chapter Installing and upgrading Radiator, for example Installing and upgrading on Linux.

The Radiator goodies which has several example configurations is available in /opt/radiator/radiator/goodies/

Where the packages end up on Windows environment?

When Radiator is installed on Windows, the installation package automatically uses the disk with the most space available. The exact installation location is shown on the installation dialog once the installation is finished. Radiator is installed to the \Radiator\Radiator\ directory, for example if E drive was used the location would be E:\Radiator\Radiator\. The Radiator MSI package also includes Strawberry Perl, which is installed to the \Radiator\StrawberryPerl-Radiator\ directory. The Radiator default configuration and default log directory is \Program Files\Radiator\ directory.

The Radiator goodies which has several example configurations is available in \Radiator\Radiator\goodies\

See more from Radiator reference manual chapter Installing and upgrading on Windows.

Where to add licence key (evaluations)?

Radiator offers an evaluation license which allows trying out and testing Radiator easily. With the evaluation version, the license key must be available in the Radiator configuration. The license key contents can be copied directly to the Radiator configuration, but the recommended option is to have the license information as a separate file, which is then included in the Radiator configuration.

  • First copy the license key carefully to the Radiator server under /etc/radiator on Linux environments or \Program Files\Radiator\ on Windows environments.
  • Then edit the Radiator configuration usually located in the same directory to include the license file by adding to the Radiator configuration the lines. These lines should be located in the upper part of the Radiator configuration, but not before DbDir definition. A good place is right after the LogFile definition but before the DictionaryFile definition.
    # Read possible license configuration parameters from this file
    LicenseFile %D/license.conf
    
  • Once the lines are added to the Radiator configuration, Radiator must be restarted so the new content of the license file is read. Use systemctl restart radiator on Linux environments or restart Radiator service from Services on Windows environments.

Can I run Radiator in a Docker container?

Radiator can be run in a Docker container. Starting from Radiator 4.25 we have included Dockerfiles with the distribution to make it easier for running Radiator in a container. Check out more details from our blog: https://blog.radiatorsoftware.com/2020/10/radiator-dockerfiles-now-available.html

Configuration

How to configure Radiator

When Radiator starts, it reads its configuration from a file. This configuration file is typically named /etc/radiator/radiator.conf and it can be edited with a text editor. Radiator configuration files can include additional parts of configuration from one or many other files. On Windows the Radiator configuration goes to \Program Files\Radiator\ folder.

Where can I find Radiator sample configurations?

When you install Radiator from a .deb or a .RPM archive, see directory /opt/radiator/radiator/goodies/. This directory has configuration samples, some utility programs and other configuration related files. On Windows, see \Radiator\Radiator\goodies\ on the drive Radiator installs on.

Here’s an example on Linux of how to set up a basic configuration that uses a text file for user credentials and authorisation settings. On Windows, adjust the paths accordingly.

cd /etc/radiator
sudo cp -a -i radiator.conf radiator.conf.dist
sudo cp /opt/radiator/radiator/goodies/simple.cfg radiator.conf
sudo cp /opt/radiator/radiator/goodies/simple-users users
sudo systemctl restart radiator
/opt/radiator/radiator/radpwtst -trace 4 -noacct

Sample files in goodies directory typically show just one topic. To add authentication logging, see authlog.cfg in goodies directory and add the logging specific parts into your radiator.conf file. File README in goodies gives a brief description of each goodies file.

Our advice is to start with a simple configuration that can be tested while you add more features to it. See Configuring Radiator in Radiator reference manual for more information.

Deployment

Does Radiator offer repositories?

Radiator repositories are available for various Unix/Linux distributions like RedHat, Ubuntu and Debian. See more from our blog https://blog.radiatorsoftware.com/2020/03/introducing-new-radiator-repository.html

How do I deploy Radiator?

Radiator can be deployed in multiple ways. We offer both repositories as well as ready made packages for various platforms. For other systems we have the tar.gz package available.

The ready made packages for Unix/Linux environments can be used with the Radiator Software Ansible playbooks for automating not only the deployment but also the set up and management. More information on our Ansible playbooks can be found from our blog: https://blog.radiatorsoftware.com/2020/10/radiator-software-ansible-playbooks-for.html

Both repositories and ready made packages can also be used when deploying Radiator on Docker containers. Check out more details from our blog: https://blog.radiatorsoftware.com/2020/10/radiator-dockerfiles-now-available.html

For manual Radiator package deployment, see our installation instructions from https://radiatorsoftware.com/products/radiator/installation/

Management

How do I manage Radiator instances on multiple hosts?

Radiator instances on multiple hosts can be managed with Ansible playbooks available in Radiator distribution packages from Radiator 4.25. The Radiator Software Ansible playbooks offer a more automated way to manage Radiator installation, set up, and instance management and they can be either used as is or tailored when needed. See more from our blog: https://blog.radiatorsoftware.com/2020/10/radiator-software-ansible-playbooks-for.html

How do I manage Radiator instances on a single host?

Multiple Radiator instances on a single host can be managed either with Ansible playbooks available in Radiator distribution packages from Radiator 4.25 or with systemd.

The Radiator Software Ansible playbooks offer a more automated way to manage Radiator installation, set up, and instance management and they can be either used as is or tailored when needed. See more from our blog: https://blog.radiatorsoftware.com/2020/10/radiator-software-ansible-playbooks-for.html

In addition to managing Radiator instances with Ansible, the Radiator instances running on the same host can be managed manually with systemd. We also offer a systemd service file which allows grouping the Radiator instances. Once grouped, all Radiator instances on the host can be controlled with a single systemctl command. Check out instructions for set up and usage from our blog: https://blog.radiatorsoftware.com/2019/06/grouping-and-controlling-multiple.html

Can I use Ansible?

Starting from Radiator 4.25 we have included Radiator Software Ansible playbooks with the distribution for installation, set up, and instance management. These playbooks can be used as is or then as a starting point and tailored for specific needs. See more from our blog: https://blog.radiatorsoftware.com/2020/10/radiator-software-ansible-playbooks-for.html

How is RADIUS high-availability achieved?

HA is based on running multiple parallel RADIUS servers (only active-active model is used). The selection of an active RADIUS server or load-balancing of the requests between RADIUS servers is commonly decided by the RADIUS clients. The authentication backend (e.g. LDAP, SQL) redundancy and high availability is provided by the backend and backend drivers, not the RADIUS server.

How to implement HA and redundancy in Radiator?

High-availability is a combined result of proper:

  • RADIUS client configuration
  • RADIUS server configuration
  • backend driver configuration
  • backend design and configuration
  • geographical and network positioning of RADIUS and backend servers
  • network connectivity
  • testing

Without considering all of these together, the RADIUS infrastructure high-availability and redundancy cannot be ensured.

Monitoring

How SNMP is supported in Radiator?

Radiator includes SNMP agent support. The agent supports SNMP versions 1 and 2c and all the SNMP objects described in the following RFCs:

  • RFC 2619 - RADIUS Authentication Server MIB
  • RFC 2621 - RADIUS Accounting Server MIB
  • RFC 4669 - RADIUS Authentication Server MIB for IPv6
  • RFC 4671 - RADIUS Accounting Server MIB for IPv6

How can I monitor Radiator?

Radiator monitoring can be done with the information available in various log files. The recommended approach is to log the information in suitable format, for example JSON and then visualise the information with a 3rd party tool like Splunk or Elasticsearch. See more from our blog: Make your Radiator log data searchable, part 1 and part 2.

Is there a dashboard?

Radiator is a command line application and does not contain a dashboard itself. Due to the many options Radiator has for logging and statistics collection, creating a suitable dashboard with e.g. Splunk is possible.

How do I integrate external monitoring solutions with Radiator?

Simple way to integrate for example Splunk with Radiator is to log statistics information from Radiator to a JSON file with <StatsLog FILE>, and then use for example Splunk Universal Forwarder or a custom script to forward the needed statistics to Splunk. Similarly it is possible to integrate for example Kibana with Radiator. See more from our blog: https://blog.radiatorsoftware.com/2016/09/make-your-radiator-log-data-searchable.html

Logging

What logging formats Radiator supports?

Radiator has a default logging format, which can be configured either with Radiator configuration parameter LogFormat or with a Perl hook called LogFormatHook. In addition, Radiator supports JSON and CEF log formats by default. Radiator goodies directory has an example on how to configure different log formats in file logformat.cfg

Where does Radiator logging go?

Radiator has several options for logging. Logs can go to a flat file on Radiator server, to a SQL database, to syslog logging facility or in case of Microsoft Windows logs can go to Microsoft Windows Event Log. Statistics can also be logged to REDIS. Although Radiator can log directly to remote syslog facility/facilities, it can have performance impact on Radiator. So from performance point it is better to log to SYSLOG on the local Radiator host and then have SYSLOG itself forward logs to remote syslog facilities.

How do I configure Radiator logs?

Each Radiator log can be configured with Radiator configuration. Radiator can log authentication, accounting and general Radiator related information. Radiator configuration can have several different logging clauses defined at the same time. For example it is possible to log authentication to both file (<AuthLog FILE>) and SQL (<AuthLog SQL>) while at the same time logging accounting to file (<AcctLog FILE>), SQL (<AcctLog SQL>) and SYSLOG (<AcctLog SYSLOG>). All the same options apply also to Radiator general logs with clauses like <Log FILE> and <Log SYSLOG> and for statistics with clauses like <StatsLog FILE> and <StatsLog REDIS>. Radiator goodies directory has an example on how to configure several different logs in file logformat.cfg

Default configuration for log rorate is automatically configured by Radiator during installation. It is available in /etc/logrotate.d/radiator and can be edited when needed.

Licensing

How Radiator licensing works?

Radiator licensing is based on the number of servers used by the customer organisation. Radiator is available in different licence sizes starting from single server Radiator Single Pack and up to unlimited server count Radiator Enterprise Pack.

Radiator can be extended with Radiator Service Provider Pack, Radiator SIM Pack, Radiator Telco Pack and Radiator GBA/BSF Pack. Licensing for these add-on Diameter modules is based on the number of subscribers or alternatively concurrent sessions depending on the use case.

Other flexible licensing options are also available. Please contact Radiator sales if you’re interested in service provider licensing, VNF licensing, white-label OEM licensing or other models.

Is there a demo version of Radiator?

Radiator is available as an evaluation version. You can request a free 30 day evaluation licence by filling out our evaluation form: https://radiatorsoftware.com/evaluation/

What is the difference between the fully licensed and demo versions?

Evaluation software has the full functionality of Radiator. The difference is that evaluation software is time limited and requires a licence key to activate, and the source code is obscured.

Support

How can I contact Radiator support?

If you have a support contract, you may send email to radius-support (at) open.com.au. Include your support contract identifier in the Subject line. This email address is reserved for support contract holders only. For the detailed information about contacting support, please see https://radiatorsoftware.com/support/

What support options are available?

Radiator license package may include email support and telephone support. It’s also possible to purchase additional support packages, including consulting, training and custom coding. For more information about paid support, please see https://radiatorsoftware.com/support/

Latest Radiator reference manual and other information is available at https://radiatorsoftware.com/products/radiator/

How to submit feature requests?

We are interested in your feedback, both positive and negative, and bug reports. Please send them to info (at) radiatorsoftware.com.

How do I submit bug reports?

We are interested in your feedback, both positive and negative, and bug reports. Please send them to info (at) radiatorsoftware.com. Radiator download access holders are entitled to free upgrades, and we do fix bugs that are reported to us, so if you report a bug, you can expect to get an upgrade with a fix one day.

Security

Can I audit Radiator AAA Server source code?

We provide full source code for licensees so code can be audited, and it’s easy to track any changes between versions.

How do I submit security issues / questions?

All security related issues concerning Radiator Software products or services should be reported to the following email address: security (at) radiatorsoftware.com

You can find more information on page https://radiatorsoftware.com/security-contacts/

How can I validate the software downloads?

All Radiator Software software packages are signed with a Radiator Software key. You can download the key from https://radiatorsoftware.com/product-signing-keys/ and use it to verify the authenticity of the downloaded packages. When using Radiator Software supplied repositories, this verification is done automatically upon install or upgrade. There are also SHA256 checksums available for each file to help check that the file was downloaded successfully.