Radius
stands for Remote Authentication Dial-In User Service, it is a widely deployed
protocol for enabling centralized authentication, authorization, and accounting
for network access.
Triple A(AAA) frame work
AAA stands
for Authentication, Authorization and Accounting. Radius protocol implements
AAA framework. Radius protocol provides centralized Authentication,
Authorization, and Accounting (AAA) management for users who connect and use a
network service..
As shown in
the above figure following are the key components in Radius protocol
a.
User
b.
Radius
client
c.
Radius
server
d.
User
store (Database)
Step1: User submits his credentials (username and password) to Radius
client.
Step2: Radius client sends user credentials in the form of
radius message to a radius server. Radius client can be a dial-up server, VPN
server, or wireless access point.
Step3: Radius server receives radius request message from
radius client and process the request (Mostly validates user credentials
against database like MySQL, LDAP etc.,), sends back radius response to radius
client.
Step 4: Based on response from Radius server, Radius client
grant/deny access to the user.
Next sub
sequent post explains about Radius protocol, later posts explain about
FreeRadius.
Note:
1. RFC 2865
covers Radius protocol
2. RFC 2866
covers Radius accounting.
3. The
officially assigned port number for RADIUS is 1812.
4. Radius
accounting server runs on port 1813.
No comments:
Post a Comment