Following
step-by-step procedure explains radius protocol in detail.
Step 1: User sends his/her credentials to Radius client
Step 2: Client receives credentials from user and creates
an "Access-Request" contains user credentials, id of the radius
client, and the Port ID which the user is accessing. Password is hidden using a
method based on the RSA Message Digest Algorithm MD5.
Properly
generated Access_Request packet sent to radius server.
If client
didn’t receive any response from Radius server in given time, then client
resends Access_Request packet to server.
If primary
Radius server is unreachable/down, client sends Access_Request to any other
available radius servers.
Step 3: Once Radius server receives “Access_Request” packet
from Radius client, it validate Radius client. If radius client is valid, then
Radius server validates user credentials against user store (database). The
RADIUS server MAY make requests of other servers in order to satisfy the
request, in which case it acts as a client.
If any
Proxy_State attributes present in the Access_Request, they MUST be copied
unmodified and in order into the response packet.
Depends on information
in the Access_Request packet, Server can send Access-Accept, Access-Reject,
Access-Challenge responses.
If server
found invalid credentials, then server send Access-Reject response.
If server
found valid credentials, server may issue a challenge to the user. User must
respond to the challenge. Access_challenge may include a text message to be
displayed by the client to the user prompting for a response to the challenge,
and MAY include a State attribute.
Client
receives Access_Challenge message and display the text message to the user, prompt
user for a response. Once client receives response from user, client resubmits its
original Access-Request with a new request ID, with the User-Password Attribute
replaced by the response (encrypted). The server can respond to this new
Access-Request with either an Access-Accept, an Access-Reject, or another
Access-Challenge.
No comments:
Post a Comment