Radius
client send Access-Request packet to radius server. Access-Request packet looks
like following.
Code field
Code filed
must has value 1 for Access-Request packet.
Identifier field
Identifier
field of size 8 bits, used in matching requests and replies. The RADIUS server
can detect a duplicate request if it has the same client source IP address and
source UDP port and Identifier within a short span of time.
For
retransmissions, the Identifier MUST remains unchanged.
The Identifier field MUST be changed whenever the
content of the Attributes field changes, and whenever a valid reply has been
received for a previous request.
Request Authenticator
It is a 16
octet random number in Access-Request Packets. It is used in the
password-hiding algorithm. The Request Authenticator value MUST be changed each
time a new Identifier is used.
Attributes field
This field
length is not fixed, it can vary. Following are the attributes, that
Access-Request contains.
Attribute
|
Description
|
User-Name
|
Specifies
the name of the user to be authenticated.
|
NAS-IP-Address
|
Specifies
IP address of radius client. Either NAS-IP-Address or NAS-Identifier MUST be
present in an Access-Request packet.
|
NAS-Identifier
|
This
Attribute contains a string identifying the radius client originating the
Access-Request. Either NAS-IP-Address or NAS-Identifier MUST be present in an
Access-Request packet.
|
User-Password
|
Attribute
specifies the password of the user to be authenticated (or) the user's input
following an Access-Challenge. An Access-Request MUST contain either a
User-Password or a CHAP- Password or a State.
|
CHAP-Password
|
This
Attribute indicates the response value provided by a PPP Challenge-Handshake
Authentication Protocol (CHAP) user in response to the challenge. An
Access-Request MUST contain either a User-Password or a CHAP- Password or a
State.
|
state
|
A packet
must have only zero or one State Attribute. This Attribute is available to be
sent by the server to the client in an Access-Challenge and MUST be sent
unmodified from the client to the server in the new Access-Request reply to
that challenge,if any.
An
Access-Request MUST contain either a User-Password or a CHAP- Password or a
State.
|
NAS-Port
|
Specifies
physical port number of the radius client, which is authenticating the user.
|
NAS-Port-Type
|
This
Attribute indicates the type of the physical port of the radius client, which
is authenticating the user.
Go through
following link for more details.
|
Additional
attributes
|
An
Access-Request MAY contain additional attributes as a hint to the server, but
the server is not required to honor the hint.
|
No comments:
Post a Comment