is a RADIUS server for Windows with built-in DHCP server. TekRADIUS is tested on Microsoft Windows Vista, Windows 7-10 and Windows 2008-2019 server. Please see installation requirements at Support section and don't forget to read Readme file comes with the distribution. TekRADIUS complies with RFC 2865 and RFC
2866. TekRADIUS also supports TCP (RFC 6613) and TLS (RFC 6614-RadSec) transports. TekRADIUS has two editions; TekRADIUS (First edition; supports Microsoft SQL Server) and TekRADIUS LT (Second edition; supports SQLite). It runs
as a Windows Service and comes with a Windows management
- Logs system messages, errors and session information to a daily rotated log file and Windows Event log.
- Limiting number of simultaneous sessions for the users.
- RADIUS Dictionary can be edited through TekRADIUS Manager.
- Creation of SQL database and tables through TekRADIUS Manager.
- Mapping RADIUS Accounting attributes to Accounting table fields.
- Authentication only or Authorization only mode.
- Custom Authentication & Authorization query definitions.
- PAP, CHAP, MS-CHAP v1-v2, EAP-MD5, EAP-TLS, LEAP, EAP-SIM, EAP-MS-CHAP v2, PEAP (PEAPv0-EAP-MS-CHAP v2), EAP-TTLS and Digest (draft-sterman-aaa-sip-00.txt) authentication methods are supported.
- VoIP Authentication, Authorization and Accounting. VoIP rating (SP Edition).
- TekRADIUS can proxy RADIUS requests to other RADIUS servers.
- IPv6 attribute support (RFC 3162, RFC 4818 and RFC 6911).
- Generates MS-MPPE Keys for VPN connections.
- Supports OTP (One Time Password) authentication based on RFC 2289 and Google Authenticator.
- Built-in DHCP server.
- Expire Date and Time Quota for the users.
- Authenticate users against Windows Domain or Active Directory.
- Command line utility for adding, deleting and editing users and RADIUS clients.
- Simple reporting interface for browsing Accounting records.
- TekRADIUS can send Packet of Disconnect Packet of Disconnect (PoD), Change of Authorization (CoA) or execute user defined session kill command when a user consumes all credit. You can change connection speed without disconnecting user session by sending a CoA request. This allows you to apply "Fair Usage Policy (FUP)" to user sessions (SP Edition only).
- You can execute and action to send a notification to user, when user’s credit consumption reaches to a certain level. This can be an SMS or e-mail message. You can invoke an external executable to send such a notification message. Please see External-Executable attribute for the syntax (SP Edition only).
- Specify how much time user account will be valid after the first logon (Time-Limit) and you can specify allowed logon days and hours (Login-Time).
- Disabling user profile after user configurable number of unsuccessful login attempts.
- Specify credit limits for daily, weekly or monthly periods.
- Audit log under Windows Event Log / Application and Services Log / TekRADIUS Audit.
- Run and check result of an external executable as a check item.
- OCSP Stapling for EAP authentication methods. OCSP responses are cached till nextUpdate returned in OCSP responses.
- Quick and easy installation.
You can use TekRADIUS' built-in DHCP server to assign IP addresses to your wired or wireless devices on your network. Commercial editions of TekRADIUS provide a unique feature; assignment of static IP addresses to wired/wireless clients authenticated using EAP authentication.
TekRADIUS also supports RFC 2868 - RADIUS Attributes for Tunnel Protocol Support and RFC 3079 - Deriving Keys for use with Microsoft Point-to-Point Encryption (MPPE). You can authenticate and authorize PPTP/L2TP connections using TekRADIUS.
TekRADIUS provides user level restriction to GUI access. Windows users in "Administrators" group can access to all functions on TekRADIUS Manager GUI but Windows users in built-in "Users" group can access restricted set of functions on TekRADIUS Manager GUI.
Please see TekRADIUS SP Rate Editor Manual for TekRADIUS SP features.