is a RADIUS server for Windows with built-in DHCP server. TekRADIUS is tested on Microsoft Windows Vista, Windows 7-11 and Windows 2008-2022 server. Please see installation requirements at Support section and don't forget to read Readme file comes with the distribution. TekRADIUS complies with RFC 2865 and RFC
2866. TekRADIUS also supports TCP (RFC 6613) and TLS (RFC 6614-RadSec) transports. TekRADIUS has three editions; TekRADIUS (First edition; supports Microsoft SQL Server) and TekRADIUS LT (Second edition; supports SQLite) and TekRADIUS OD (Second edition; supports MySQL, MariaDB, PostgreSQL and Oracle databases through ODBC). It runs
as a Windows Service and comes with a Windows management
Authentication & Authorization
- PAP, CHAP, MS-CHAP v1-v2, EAP-MD5, EAP-TLS, LEAP, EAP-SIM, EAP-AKA, EAP-MS-CHAP v2, PEAP (PEAPv0-EAP-MS-CHAP v2), EAP-TTLS and Digest (draft-sterman-aaa-sip-00.txt) authentication methods are supported. TekRADIUS supports TLS 1.3, TLS 1.2, TLS 1.1 and TLS 1.0. TekRADIUS supports EAP-TLS 1.3 (RFC 9190). TekRADIUS TLS 1.3 implementation with EAP-TLS, PEAP and EAP-TTLS is tested using wpa_supplicant and Windows 11.
- Limiting number of simultaneous sessions for the users.
- TekRADIUS can proxy RADIUS requests to other RADIUS servers based on username suffix / prefix and NAS IP address ranges.
- Authentication only or Authorization only mode.
- IPv6 attribute support (RFC 3162, RFC 4818 and RFC 6911).
- Generates MS-MPPE Keys for VPN connections.
- Supports OTP (One Time Password) authentication based on RFC 2289 and Google Authenticator.
- Expire Date and Time / Data volume based quota definition for the users.
- Specify how much time user account will be valid after the first logon (Time-Limit) and you can specify allowed logon days and hours (Login-Time).
- Authenticate users against Active Directory and LDAP domains.
- Automatically disabling user profile after user configurable number of unsuccessful login attempts.
- Run and check result of an external executable as a check item.
- OCSP Stapling for EAP authentication methods. OCSP responses are cached till nextUpdate returned in OCSP responses.
- RFC 2868 - RADIUS Attributes for Tunnel Protocol Support and RFC 3079 - Deriving Keys for use with Microsoft Point-to-Point Encryption (MPPE). You can authenticate and authorize PPTP/L2TP connections using TekRADIUS.
- You can execute and action to send a notification to user, when user’s credit consumption reaches to a certain level. This can be an SMS or e-mail message. You can invoke an external executable to send such a notification message. Please see External-Executable attribute for the syntax (SP Edition only).
- Specify credit limits for daily, weekly or monthly periods.
- TekRADIUS can send Packet of Disconnect Packet of Disconnect (PoD), Change of Authorization (CoA) or execute user defined session kill command when a user consumes all credit. You can change connection speed without disconnecting user session by sending a CoA request. This allows you to apply "Fair Usage Policy (FUP)" to user sessions (SP Edition only).
Monitoring & Diagnostics
- Audit log under Windows Event Log / Application and Services Log / TekRADIUS Audit.
- Logs system messages, errors and session information to a daily rotated log file and Windows Event log.
- TekRADIUS can send e-mail notifications to system administators for certain system events and resource utilization.
Database & Management
- RADIUS Dictionary can be edited through TekRADIUS Manager.
- Creation of SQL database and tables through TekRADIUS Manager.
- Mapping RADIUS Accounting attributes to Accounting table fields.
- Custom Authentication & Authorization query definitions.
- TekRADIUS provides user level restriction to GUI access. Windows users in "Administrators" group can access to all functions on TekRADIUS Manager GUI but Windows users in built-in "Users" group can access restricted set of functions on TekRADIUS Manager GUI.
- Built-in DHCP server. You can use TekRADIUS' built-in DHCP server to assign IP addresses to your wired or wireless devices on your network. Commercial editions of TekRADIUS provide a unique feature; assignment of static IP addresses to wired/wireless clients authenticated using EAP authentication.
- Command line utility for adding, deleting and editing users and RADIUS clients.
- HTTP user management and reporting interface.
Please see TekRADIUS SP Rate Editor Manual for TekRADIUS SP features.