Remote Authentication Dial-In User Service
What does it do?
Provides AAA management for users connecting to a network service.
What is it?
A client/server protocol that uses TCP or UDP as transport.
How would we utilize RADIUS to allow users registered on a web application to access a Wireless Access Point?
How does it work?
User sends a request containing access credentials to a NAS (Network Access Server) via a link-layer protocol (e.g. - PPP, HTTPS). The NAS sends a RADIUS Access Request message to the RADIUS server, requesting authorization via the RADIUS protocol. This requests contains a username and password, and additional information the NAS knows about the user (e.g. - network address, phone number, etc). The RADIUS server verifies the credentials using a authentication scheme (such as PAP, CHAP, or EAP). Then, the RADIUS server returns one of three responses:
- Access Reject
- Access Challenge
- Access Accept
Verify the identity of a user.
What permissions are granted to this user?
e.g. - Grant the user permission to use the local network and access the Internet.
Track when someone signs on to the WiFi or logs off of the WiFi with this feature of RADIUS.