What does a "Shared secret is incorrect" error mean? The root cause for both messages is the same, and is unambiguous: The shared secret on the RADIUS server and the NAS are not the same . However, there can be some confusion because, depending on what ...
Virtual servers with FreeRADIUS Virtual servers provide a powerful way to define unique policies for different traffic sources . When policy rules for each traffic source are defined in their own separate configuration file, it’s a ...
Configuring FreeRADIUS authentication with PAP (Password Authentication Protocol) Introduction to PAP authentication Password Authentication Protocol (PAP) is one of the most fundamental authentication methods used in Remote Authentication Dial-In User Service (RADIUS). Despite bei... FreeRADIUS Technical Guides
Creating server certificates for FreeRADIUS Once the initial EAP testing has been performed, it's time to create the production-grade server certificates for your FreeRADIUS environment. These certificates form the foundation of secure communic... FreeRADIUS Technical Guides
How one-time passwords work One-time passwords (OTP) and multi-factor authentication (MFA) are important mechanisms used to improve security. Both these strategies can combine the username and password credentials with a one-tim... Network Security Protocols
RADIUS for Universities University environments present challenges for RADIUS system design. Every hour, on the hour, thousands of students close their laptops, move to a different location, and open them again. This unique ... Education
What are TLS session tickets? In many environments, the same group of users will authenticate to the Wi-Finetwork multiple times a day. TLS session tickets help to streamline this process by doing a full authentication only once a... Network Security Protocols
Scaling your RADIUS ecosystem Not all RADIUS systems are the same, and the system architecture can vary wildly. For example, a network design which works well for 10,000 users will likely not work well for 10,000,000 users. It can... Internet Service Providers Network Architecture
Designing your network for fail-over An essential part of good network design is to plan for failures. In a RADIUS ecosystem, one major requirement is that clients can always connect to a RADIUS server, and that the system can continue t... Network Architecture
Enterprise ransomware prevention starts with network authentication When properly implemented, network authentication can serve as a powerful barrier against ransomware attacks, stopping bad actors before they gain the initial foothold they need. In 2024, the number o... Enterprises Security Threats and Vulnerabilities
IETF Bangkok 122 recap: What we're doing to advance RADIUS standards I've recently returned from IETF Bangkok, the Internet Engineering Task Force (IETF) 122 meeting, where I spent a week working with implementers, operators, and standards authors who are defining the ... IETF and RADIUS Standards
Database design principles for RADIUS systems Database design is often overlooked as a critical element of a RADIUS ecosystem. In practice, when we work with our clients, we usually spend the bulk of our time optimizing the database architecture.... Internet Service Providers Network Architecture