[nycbug-talk] RADIUS experiences

[Isaac Levy]

Hi All,

I'm wondering if anyone here has experience with RADIUS servers?  I'm  
setting one up for a fun project (wireless captive portal), and not  
all that exited about using FreeRADIUS- lots of unanswered questions  
in my brain...
That stated, my concerns are with ease of management, and redundant  
replication for high-availability.

I'm basically concerned about scale issues-

1) For a network of 300-5000 users, do the standard unix /etc/ 
password files scale sanely?  I mean, the docs have this as the  
default config for user db, which is a type of data backend I'd  
usually have in some other kind of DB.  It just seems like a recipe  
for poor scalability.

2) LDAP backends?  Is this common practice? (I'm concerned about over- 
complexity)

3) SQL backends?  Is this common practice? (Again, concerned about  
over-complexity)

4) Custom RADIUS implementations- RADIUS is more or less just a  
protocol, with defined parameters for how it manages the big AAA.   
Since it's the data backend I'm concerned about, (and know a lot  
about how to deal with), I'm thinking of just implementing a simple  
RADIUS server on top of databases I know and love?  I've found a good- 
looking RADIUS library in Python, my favorite language, and I was  
thinking of rolling my own server with a tiny, easily replicatable,  
Python embedded DB.  It seems the simplest route to me, but I'm  
hesitant because I feel there may be best-practicices for heavy  
RADIUS users?  (ISP's, Telcos, anyone managing remote AAA)

Any thoughts, URLS, as always are much appreciated!

Best,
.ike