After configuring our wireless access point with WPA2-Enterprise and successfully authenticating via PEAP, we poked around the advanced ClearBox settings. We found it supported multiple realms, so incoming requests can be handled via a different set of authentication, authorization and accounting settings based upon the username, client IP, RADIUS attributes, Windows group membership or custom SQL result. Additionally, it supported username rewriting in case you require processing requests without a domain name.
Authorization settings can always be manually created in the Black, Check, Response and Reject-Response lists using any RADIUS attributes and values. But authorization settings are also configurable via the Users Manager, if you're using the ClearBox internal user database, which include settings to enforce login hours, set time credits, set per-user concurrent session limits and restrict logins to a specific client using its MAC address.
In the Accounting settings, we could log accounting details to the internal database, an external database or a file. Interestingly, it also included the ability to cache accounting data if the database is unavailable. Though not indicated in the GUI, ClearBox also supports third-party billing systems, including DTH Billing and Customer Management, Advanced ISP Billing and Platypus Billing System.
Other logging features include a Server Statistics page to view a rundown of packet types sent and received, an Online Logging page to view real-time activity and text-file logging of server errors and RADIUS packets.
In the main Server Settings, ClearBox supports remote administration, server replication in case you want to set up a backup server, advanced RADIUS settings and advanced logging settings. And another notable feature is the ability to enable monitoring and alerting that can automatically restart the server and send an email alert if ClearBox stops responding.
Overall ClearBox is feature-rich and easy-to-use. Its thorough documentation and help (although needing some updating) and the internal user database make it user-friendly for smaller organizations that might lack RADIUS experience. And its customization and wide database support allow use by larger organizations or service providers as well. Realms and RADIUS clients can even be dynamically chosen using SQL queries, and data for user accounts, authorization, accounting and logging can be stored in external databases as well.
Microsoft Windows Server 2008 R2 NPS