What is a RADIUS server?
its a server which is used to authenticate clients using the RADIUS (Remote Authentication Dial In User Service) client/server protocol. it uses a AAA (Authentication, Authorization, Accounting) concept. RADIUS servers are used by many companies, organizations, universities and especially ISPs. When you dial in to the ISP you must enter your username and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system. it uses UDP ports 1812 for RADIUS Authentication and 1813 for RADIUS Accounting.

Why RADIUS server used?
RADIUS serves three functions:
1. to authenticate users or devices before granting them access to a network,
2. to authorize those users or devices for certain network services and
3. to account for usage of those services.


RADIUS server in Wireless Networks.
RADIUS server used in wireless networks manages the wireless clients. for wireless, it uses 802.1X authentication scheme. The big advantage of WPA/WPA2-RADIUS authentication is that wireless encryption keys are issued by the RADIUS server and are unique to each connection and session. That eliminates distributing a shared key to all users, which might easily be compromised. The RADIUS protocol does not transmit passwords in cleartext between the NAS and RADIUS server. Rather, a shared secret is used along with the MD5 hashing algorithm to obfuscate passwords.

Difference between WPA-Enterprise and WPA2-Enterprise.
The main difference between WPA-Enterprise and WPA2-Enterprise is the same as WPA & WPA2-Personal except that in Enterprise both needs a RADIUS server to authenticate the client.
*NOTE WPA uses TKIP Cipher with MD5 hashing algorithm but WPA2 uses AES-CCMP Cipher with SHA1 hashing algorithm.
Its mostly recommended to choose WPA2-Enterprise over WPA-Enterprise.


Types of Authentication Mechanism in RADIUS server.
There are many authentication mechanisms in RADIUS server but the most common and widely used are as follows:
EAP-MD5
LEAP
EAP-TLS
PEAP
EAP-TTLS and
EAP-FAST


EAP-MD5
EAP-MD5-Challenge enables a RADIUS server to authenticate a connection request by verifying an MD5 hash of a user's password. The server sends the client a random challenge value, and the client proves its identity by hashing the challenge and its password with MD5. EAP-MD5-Challenge is typically used on trusted networks where risk of packet sniffing or active attack are fairly low. Because of significant security vulnerabilities, EAP-MD5-Challenge is not usually used on public networks or wireless networks, because third parties can capture packets and apply dictionary attacks to identify password hashes. Because EAP-MD5-Challenge does not provide server authentication, it is vulnerable to spoofing (a third party advertising itself as an access point).
Tool to crack this authentication mechanism : eapmd5pass, eapmd5crack

By default, the EAP-MD5-Challenge password protocol is available for use by the Native and Unix authentication methods.



LEAP (Lightweight Extensible Authentication Protocol)
LEAP was developed by Cisco Systems. LEAP uses a modified version of MS-CHAP( Microsoft version of the Challenge-Handshake Authentication Protocol), an authentication protocol in which user credentials are not strongly protected and are thus easily compromised.
Tool to crack this authentication mechanism : ASLEAP, THC-leapcracker

Cisco recommends to use newer and stronger EAP protocols such as EAP-FAST, PEAP, or EAP-TLS.


EAP-TLS (EAP-Transport Layer Security)
EAP-TLS uses the Transport Layer Security (TLS) protocol. EAP-TLS require the client to use X.509 certificates. TLS is generally accepted as the most secure, because it depends on certificates. A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side private key(Certificate). The highest security available is when client-side keys are housed in "smart cards". This is because there is no way to steal a certificate's corresponding private key from a smart card without stealing the card itself.


PEAP (Protected Extensible Authentication Protocol)
PEAP is similar to EAP-TTLS. It encapsulates EAP within a potentially encrypted and authenticated Transport Layer Security (TLS) tunnel. PEAP requires only a server-side PKI (Public Key Infrastructure) certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server.
Tool to crack this authentication mechanism : ASLEAP



EAP-TTLS (EAP-Tunneled Transport Layer Security)
EAP-TTLS (Tunneled Transport Layer Security) is designed to provide authentication that is as strong as EAP-TLS, but it does not require that each user be issued a certificate. Instead, only the authentication servers are issued certificates. User authentication is performed by password, but the password credentials are transported in a securely encrypted tunnel established based upon the server certificates. It does not require the client be authenticated to the server with a digitally signed certificate by the CA. The server uses the secure TLS tunnel to authenticate the client with password and key exchange mechanism. TTLS implementations today support all methods defined by EAP, as well as several older methods
(CHAP, PAP, MS-CHAP and MS-CHAPv2).
Tool to crack this authentication mechanism : ASLEAP



EAP-FAST (EAP-Flexible Authentication via Secure Tunneling)
It was a replacement for LEAP. EAP-FAST uses a Protected Access Credential (PAC) to establish a TLS tunnel in which client credentials are verified. When automatic PAC provisioning is enabled, EAP-FAST has a slight vulnerability that an attacker can intercept the PAC and subsequently use that to compromise user credentials. There is also a vulnerability where an attacker's AP can use the same SSID, reject the users PAC and supply a new one. Most supplicants can be set to prompt the user this credentials using the inner method to the hacker, who will then get either a cleartext password or a vulnerable to dictionary attack MSCHAPv2 hash.


Reference: Google