From Logs to Intelligence: Rethinking FreeRADIUS

FreeRADIUS is everywhere. It silently authenticates millions of devices every second across Wi-Fi networks, VPNs, enterprise identities, guest access, and IoT fleets. It is the invisible checkpoint that decides who gets onto a network, when, and how.

And yet, from an operational perspective, FreeRADIUS remains one of the least visible critical services.

If something goes wrong, such as timeouts, bad policies, IdP slowness, or device-client bugs, operators often piece together clues manually from syslog, raddebug, accounting traces, or frustrated user complaints.

But what if RADIUS could speak?

What if it could tell you, in real time:

• “Users on SSID Staff at the Bristol site are struggling to log in.”

• “Your upstream IdP is running slow today. Expect higher failure rates.”

• “Multiple organisations are seeing failures from iOS 17.5 after the update.”

• “This isn’t your fault. Three peer tenants are seeing the same timeout pattern.”

This is not wishful thinking. It is the natural evolution enabled by MNOC/SMX data products, privacy-preserving data sharing, and agentic AI.

Let’s explore what this looks like.

FreeRADIUS Emits More Signals Than Most Organisations Realise

Every Access-Request, Accept, or Reject contains the story of a user’s experience:

• Was the password wrong, or was the backend slow?

• Was it a policy issue, a lockout, a timeout, a cryptographic failure, or a TLS bug?

• Was this a one-off or part of a pattern?

• Is this user having issues only on Wi-Fi, or across VPN as well?

• Is the NAS misconfigured? Is the IdP degraded?

• Is a particular device type failing, such as iOS, Intel Wi-Fi stack, Android captive portal, eduroam supplicant, and so on?

Yet almost none of this becomes meaningful telemetry.

Operators typically see:

• Raw logs

• Per-server counters

• Latency samples

• Reject reasons, sometimes

But they do not see experience.
They do not see intent.
They do not see patterns.

And they cannot see “is it just us?” without looking outward.

Turning RADIUS Events into Data Products

NetMinded’s MNOC/SMX architecture treats each domain of operations, from Y.1731 Ethernet OAM to syslog to gNMI, as scored, enriched, first-class data products.

FreeRADIUS fits this perfectly.

A single authentication event becomes a data product when enriched with:

Core Event Metadata

• User / Realm / Tenant (hashed or pseudonymised)

• Device type and operating system

• NAS IP, SSID, VLAN

• Authentication method (EAP, PEAP, TLS, and so on)

Performance and Behaviour

• Authentication latency

• Retry counts

• Timeouts and backend failures

• “Friction” signals, such as wrong password versus policy versus cryptographic errors

Context

• Site and geography

• Access network type

• IdP or directory used

• Local scoring thresholds

These are then wrapped into experience scoring:

• Login Experience Score

• Infrastructure Health Score

• Policy Friction Score

• Device-Type Reliability Score

Scored data products allow operators to see:

• Patterns across time

• RAG status of each site or SSID

• Behaviour trendlines

• Root-cause indicators, distinguishing user errors from infrastructure issues

They turn FreeRADIUS into something it has never been before:
a user experience telemetry source.

Shared Awareness: The Most Valuable Blind Spot to Fix

FreeRADIUS is deployed in silos.

Each customer sees only their own logs.
But a huge amount of operational pain is shared:

• Upstream IdP outages

• Firmware regressions

• Device-client bugs

• Regional ISP issues

• Industry-wide client updates that break EAP

• Azure AD, Okta, or LDAP performance dips

• VPN certificate expiry events

• IPv6 misbehaviour in certain supplicants

Most operators discover these only through:

• Support tickets

• Reddit threads

• Slack groups

• Guesswork

With SMX-style federation, organisations can share insights without sharing data.

They share:

• Scores

• Patterns

• Anomalies

• Device-type failure signatures

• Time-correlated spikes

• Policy friction trends

They do not share:

• Raw logs

• User identity

• Authentication secrets

• Packet captures

This creates a new operational concept:

Federated RADIUS Awareness

“Am I the only one seeing this?” becomes
“We see what our peer group sees.”

A cluster of shared signals might say:

• “Five organisations have rising EAP-PEAP failures from iOS devices. Likely a client update regression.”

• “Two tenants are seeing increased timeouts towards Azure AD. Likely upstream.”

• “Multiple organisations report accounting gaps from a particular NAS firmware.”

This is MNOC’s shared awareness applied to authentication.

Agentic AI on Top: From Insight to Action

Once FreeRADIUS emits structured, scored data, an AI agent can do the jobs humans currently perform manually.

AI Co-Pilot for Support

When a user calls:

“Tell me about user alice@example.com over the last 24 hours.”

The AI summarises:

• 14 attempts

• 11 successes

• 3 failures on “Staff Wi-Fi” due to bad passwords

• No infrastructure issues

It suggests advising the user to reset their password.

AI Co-Pilot for NOC

• Detects anomalies

• Correlates across tenants

• Explains likely causes in natural language

• Identifies whether the problem lies in Wi-Fi, IdP, supplicant behaviour, or RADIUS itself

AI Co-Pilot for Engineering

Answers questions such as:

• “Which policy changes caused increased rejects?”

• “Which NAS models have rising TLS handshake failures?”

• “Where are accounting records drifting?”

AI Co-Pilot for Management

Generates:

• Weekly performance summaries

• Experience heatmaps

• Policy friction analysis

• SLA and SLO compliance insights

The AI becomes a shared, federated sense-maker across FreeRADIUS estates.

The Bigger Picture: FreeRADIUS as a Data Intelligence Platform

FreeRADIUS is already a world-class AAA server.
The next evolution is to make it a world-class operational intelligence source.

This happens when we:

• Extract structured events using MNOC collectors

• Turn them into scored data products

• Combine them into shared awareness signals

• Feed them into agentic AI that explains and diagnoses

This transforms:

And importantly, this is achievable right now with minimal changes to FreeRADIUS itself.

Why This Matters

Authentication is the first moment a user experiences a network.

If logging in is slow, confusing, or broken, everything else is irrelevant.

MNOC/SMX combined with agentic AI unlocks:

• Faster root cause identification

• Fewer support tickets

• Better SLA compliance

• Improved customer experience

• Stronger operational maturity

• Safer, more predictable authentication environments

Most organisations already have the data.They simply need a way to turn it into insight, and a way to share awareness without sharing secrets.

Final Thought

FreeRADIUS has always been foundational.

But in a world of rising authentication complexity, including Wi-Fi 6 and 7, BYOD, SSO and IdP chains, and zero trust, operators need more than logs.

They need awareness.
They need explainability.
They need intelligence.

By treating FreeRADIUS outputs as data products, and enabling federated, privacy-safe sharing, we can give every operator something they have never had before:

A complete picture of login experience across time, across systems, and across organisations.

And with agentic AI, we can go further still:
turn RADIUS into an active participant in operations, not a passive back-end component.

About NetUtils

NetUtils are a UK managed service provider and systems integrator with over thirty years’ experience securing and supporting business critical networks. They help organisations reduce risk, strengthen resilience and simplify their IT operations through a security-first approach.

Their specialist AAA Radius products and services ensure secure, standards-based authentication across wired and wireless environments, giving IT teams the visibility and control they need to protect user access at scale. Delivered by experienced network and security engineers, their Radius solutions integrate cleanly with existing infrastructure and form a core part of a Zero Trust strategy.

From networking and cloud to endpoint protection and 24/7 managed security, NetUtils deliver trusted solutions built on responsiveness, expertise and measurable outcomes.

netutils.com

About NetMinded

NetMinded is a UK-based technology company that helps network operators, ISPs, and MSPs understand what is really happening in their networks, in real time and with confidence.

Modern networks already generate vast amounts of telemetry, but raw data alone does not deliver resilience, assurance, or regulatory confidence. NetMinded turns low-level signals such as ICMP, Y.1731, RFC 6349 indicators, and device telemetry into structured data products with built-in context, scoring, and evidence.

Our focus is on shared awareness. We enable multiple parties to safely contribute, compare, and reason over network signals while respecting privacy, security, and commercial sensitivity. This allows organisations to move faster during incidents, establish clearer accountability, and provide credible, evidence-backed answers to operational and regulatory questions, while complementing existing tools and operational models rather than replacing them.

netminded.co.uk