最新版 TekRADIUS v5.8.0 更新於 2024/2/25
最新版 TekRADIUS LT (SQLite Edition)
TekRADIUS 是款 RADIUS 伺服器,可以支援 RFC 2865 和 RFC 2866。RADIUS(遠端使用者撥號認證系統)是一種在網路接入伺服器(Network Access Server)和共用認證伺服器間傳輸認證、授權和配置資訊的協定。運行環境需要在 Windows 系統下安裝 TekRADIUS,同時需要自行安裝和配置 MS SQL 或 SERVER 2000 及以上的資料庫。TekRADIUS 擁有強大的功能,能夠按時間、按流量計費,控制帳號線上數,綁定MAC、NAS、VLAN,控制頻寬,設置有效期等。
TekRADIUS 內建 DHCP 伺服器的 Windows RADIUS 伺服器,支持 Microsoft Windows Vista、Windows 7-11 和 Windows 2008-2022 server。TekRADIUS 販售 2 個版本:TekRADIUS SQL (Microsoft SQL Server Edition) 版 和 TekRADIUS LT (SQLite Edition) 版。其運作類似 Windows Service,並搭載了 Windows 管理界面。
Authentication & Authorization
- PAP, CHAP, MS-CHAP v1-v2, EAP-MD5, EAP-TLS, LEAP, EAP-SIM, EAP-AKA, EAP-MS-CHAP v2, PEAP (PEAPv0-EAP-MS-CHAP v2), EAP-TTLS and Digest (draft-sterman-aaa-sip-00.txt) authentication methods are supported. TekRADIUS supports TLS 1.3, TLS 1.2, TLS 1.1 and TLS 1.0. TekRADIUS supports EAP-TLS 1.3 (RFC 9190). TekRADIUS TLS 1.3 implementation with EAP-TLS, PEAP and EAP-TTLS is tested using wpa_supplicant and Windows 11.
- Limiting number of simultaneous sessions for the users.
- TekRADIUS can proxy RADIUS requests to other RADIUS servers based on username suffix / prefix and NAS IP address ranges.
- Authentication only or Authorization only mode.
- IPv6 attribute support (RFC 3162, RFC 4818 and RFC 6911).
- Generates MS-MPPE Keys for VPN connections.
- Supports OTP (One Time Password) authentication based on RFC 2289 and Google Authenticator.
- Expire Date and Time / Data volume based quota definition for the users.
- Specify how much time user account will be valid after the first logon (Time-Limit) and you can specify allowed logon days and hours (Login-Time).
- Authenticate users against Active Directory and LDAP domains.
- Automatically disabling user profile after user configurable number of unsuccessful login attempts.
- Run and check result of an external executable as a check item.
- OCSP Stapling for EAP authentication methods. OCSP responses are cached till nextUpdate returned in OCSP responses.
- RFC 2868 - RADIUS Attributes for Tunnel Protocol Support and RFC 3079 - Deriving Keys for use with Microsoft Point-to-Point Encryption (MPPE). You can authenticate and authorize PPTP/L2TP connections using TekRADIUS.
Accounting
- You can execute and action to send a notification to user, when user’s credit consumption reaches to a certain level. This can be an SMS or e-mail message. You can invoke an external executable to send such a notification message. Please see External-Executable attribute for the syntax (SP Edition only).
- Specify credit limits for daily, weekly or monthly periods.
- TekRADIUS can send Packet of Disconnect Packet of Disconnect (PoD), Change of Authorization (CoA) or execute user defined session kill command when a user consumes all credit. You can change connection speed without disconnecting user session by sending a CoA request. This allows you to apply "Fair Usage Policy (FUP)" to user sessions (SP Edition only).
Monitoring & Diagnostics
- Audit log under Windows Event Log / Application and Services Log / TekRADIUS Audit.
- Logs system messages, errors and session information to a daily rotated log file and Windows Event log.
- TekRADIUS can send e-mail notifications to system administators for certain system events and resource utilization.
Database & Management
- RADIUS Dictionary can be edited through TekRADIUS Manager.
- Creation of SQL database and tables through TekRADIUS Manager.
- Mapping RADIUS Accounting attributes to Accounting table fields.
- Custom Authentication & Authorization query definitions.
- TekRADIUS provides user level restriction to GUI access. Windows users in "Administrators" group can access to all functions on TekRADIUS Manager GUI but Windows users in built-in "Users" group can access restricted set of functions on TekRADIUS Manager GUI.
- Built-in DHCP server. You can use TekRADIUS' built-in DHCP server to assign IP addresses to your wired or wireless devices on your network. Commercial editions of TekRADIUS provide a unique feature; assignment of static IP addresses to wired/wireless clients authenticated using EAP authentication.
- Command line utility for adding, deleting and editing users and RADIUS clients.
- HTTP user management and reporting interface.
TekRADIUS 內建 DHCP 伺服器的 Windows RADIUS 伺服器,支持 Microsoft Windows Vista, Windows 7-11 and Windows 2008-2022 server。
System Requirements
1. A Windows system with 4 GB of RAM.
2. Microsoft.NET Framework 4.8 (Min.)
3. 10 MB of disk space.
4. Administrative privileges.
TekRADIUS SQL (SQL Server Edition) 版 requires Microsoft SQL Server. Any version of Microsoft SQL server, including Express editions, may be used. The disk space required and SQL edition necessary depends on the application. Please see section entitled ‘SQL Server Configuration’ for instructions on how to configure the SQL Server foruse with TekRADIUS.
Although an “sa” equivalent SQL user is needed to create the initial database and tables, a less privileged SQL user may be used for regular operations.
TekRADIUS LT (SQLite Edition) 版 does not require an additional database server. TekRADIUS LT uses its own built-in SQLite database. TekRADIUS LT Manager creates database at first run automatically.
An SC/PC compatible smart card reader is required for importing SIM triplets from a SIM card.
Supported Standards
RFC 2131 Dynamic Host Configuration Protocol
RFC 2246 The TLS Protocol Version 1.0
RFC 2284 PPP Extensible Authentication Protocol (EAP)
RFC 2433 Microsoft PPP CHAP Extensions
RFC 2548 Microsoft Vendor-specific RADIUS Attributes
RFC 2607 Proxy Chaining and Policy Implementation in Roaming
RFC 2617 HTTP Authentication: Basic and Digest Access Authentication
RFC 2622 PPP EAP TLS Authentication Protocol
RFC 2809 Implementation of L2TP Compulsory Tunneling via RADIUS
RFC 2865 RADIUS Authentication
RFC 2866 RADIUS Accounting
RFC 2867 RADIUS Accounting Modifications for Tunnel Protocol Support
RFC 2868 RADIUS Attributes for Tunnel Protocol Support
RFC 2869 RADIUS Extensions
RFC 3079 Deriving Keys for use with Microsoft Point-to-Point Encryption
(MPPE)
RFC 3162 RADIUS and IPv6
RFC 3575 IANA Considerations for RADIUS
RFC 3579 RADIUS (Remote Authentication Dial In User Service) Support for
Extensible Authentication Protocol (EAP)
RFC 3580 IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines
RFC 3748 Extensible Authentication Protocol
RFC 4284 Identity Selection Hints for the Extensible Authentication Protocol
RFC 4346 The TLS Protocol Version 1.1
RFC 4603 Additional Values for the NAS-Port-Type Attribute
RFC 4818 RADIUS Delegated-IPv6-Prefix Attribute
RFC 5281 EAP-TTLSv0
RFC 5246 The TLS Protocol Version 1.2
RFC 5997 Use of Status-Server Packets in RADIUS Protocol
RFC 6613 RADIUS over TCP
RFC 6614 Transport Layer Security (TLS) Encryption for RADIUS
RFC 6911 RADIUS Attributes for IPv6 Access Networks
draft-kamath-pppext-eap-mschapv2-02.txt Microsoft EAP CHAP Extensions
draft-kamath-pppext-peapv0-00.txt Microsoft PEAP version 0 (As implemented in Windows XP SP1’)
RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3
RFC 9190 EAP-TLS 1.3
TekRADIUS Service Provider (SP) Edition
VoIP Billing feature supported only by SP Edition. Requirements for SP edition:
- Vendor: Supported RADIUS Vendors are Cisco, Quintum and Epygi. (Your Access Server is not needed to be one of these vendors, most VoIP vendors support Cisco VoIP attributes).
- RADIUS Attributes: There must be Cisco, Quintum or Epygi VSA 24 (H323-Conf-Id) found in RADIUS Authentication and Accounting request packets in order TekRADIUS to assume that incoming packet belongs to a VoIP session. Accounting made based on “originate” call leg (VSA 26).
- TekRADIUS Configuration: VoIP Billing must be enabled in order TekRADIUS to process incoming RADIUS packets belong to VoIP sessions. You can enable VoIP Billing using TekRADIUS Manager; check Settings / Service Parameters / Accounting / VoIP Billing Enabled option.
You must have “Rates” SQL table under TekRADIUS database with at least “Default” Rate table. You can use TekRADIUS Rate Editor to create “Rates” SQL table and its entries. Use User-Credit (Add as a check attribute in user profiles) attribute to assign credits to VoIP users in TekRADIUS. You can optionally add Credit-Type unit to user or group profiles.
TekSIP
TekSIP is a SIP Registrar and SIP Proxy for Windows. TekSIP supports UDP, TCP, TLS and WebSocket (IPv4 & IPv6) transports. TLS and Secure WebSocket are supported in only commercial editions. TekSIP is tested on Microsoft Windows Vista, Windows 7/8/10 and Windows 2008-2019 server. TekSIP can be deployed as a signaling server for WebRTC based SIP phones. Please see installation requirements at Support section and don't forget to read Readme file comes with the distribution.
SipCLI
SipCLI is a command line SIP (Session Initiation Protocol) user agent runs under Windows (Vista, 7/8/10, 2008-2019 Server) which enables making SIP (Based on RFC 3261) based calls. You can use SipCLI for:
- Test phone numbers (Penetration test for a SIP network). You can use Visual Basic Scripts to run SipCLI recursively. See Running section for a sample VB script.
- Broadcast your recorded audio or text message to SIP/PSTN users. Most of network monitoring system supports invoking external executables for event notification.
SIPob
SIPob is a SIP (Session Initiation Protocol) outbound dialer that provides User Agent (SIP-UA) functions (Based on RFC 3261) for Windows (Vista, 7/8/10, 2008-2019 Server).
SMPPCli
SMPPCLi is a command line SMPP (Short Message Peer-to-Peer) client runs under Windows (Vista, 7/8/10, 2008-2019 Server) which enables making GSM SMS messages.
TekIVR
TekIVR is a SIP (Based on RFC 3261) Interactive Voice System (IVR) for Windows. TekIVR is tested on Microsoft Windows Vista, Windows 7/8/10 and Windows 2008-2019 server. Please see installation requirements at Support section and don't forget to read Readme file comes with the distribution.
TekFax
TekFax is a SIP (Session Initiation Protocol) fax receiver server (Based on RFC 3261) for Windows (Windows Vista, 7/8/10, 2008-2019 Server).
TekConSer
TekConSer is a SIP (Session Initiation Protocol) conference server (Based on RFC 3261) for Windows (Vista, Windows 7/8/10, 2008-2019 Server).
TekTape
TekTape is an audio recorder and call detail records (CDR) generator for Windows server editions (2003-2019 Server).
Tekaba
Tekaba is a SIP (Session Initiation Protocol) VoIP gateway (Based on RFC 3261) for Windows (Vista, Windows 7/8/10, 2008-2019 Server).
TekCERT
TekCERT is a X.509 Certificate / Certificate Signing Request (CSR) Generator and Signing Tool runs under Windows (Vista, 7/8/10, 2008-2019 Server).
WebKilit
WebKilit is a HTTP interface for Windows Firewall (Vista, 7/8/10, 2008-2019 Server) to control Intranet access and URL filter for Internet access. You can authorize remote hosts with WebKilit if you need to access a firewalled server from a host with dynamic IP address. You just need to allow access to WebKilit HTTP interface in Windows firewall.
TelCLI
TelCLI is a command line TELNET client runs under Windows (XP, Vista, 7/8/10, 2003-2019 Server) which enables making automated TELNET connections to remote host.
TekENUM
TekENUM is a ENUM [The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)] server (Based on RFC 3761) runs under Windows (Vista, Windows 7/8/10, 2008-2019 Server).
ARPMiner
ARPMiner is a simple captive portal / hotspot software runs under Windows (Vista, Windows 7/8/10, 2008-2019 Server).
ARPMiner consists of a GUI and a service application called TekSpot. TekSpot has built-in HTTP server and a proxy DNS server. RADIUS Accounting is supported in only SP edition.
TekSIP Route Server(TSR Server)
TekSIP Route Server is an SIP Redirect Server (Based on RFC 3261) runs under Windows (Vista, Windows 7/8/10, 2008-2019 Server) and can be used as a routing server for a SIP network. TekSIP Route Server can be deployed as a routing server for Local Number Portability (LNP) [LNR Dipping] or Mobile Number Portability (MNP) systems.
TekSIP Route Server can be run with built-in Microsoft Access database or an external Microsoft SQL Server database. All Microsoft SQL Server editions are supported. TekSIP Route Server also supports ENUM.
TekSIP Route Server returns 302 responses for located SIP destinations. If a route can not be located for an incoming SIP call, a 404 response will be returned.