RADIUS server authentication: How does it work?

0
165
RADIUS server authentication: How does it work?


The content material of this submit is solely the duty of the creator.  AT&T doesn’t undertake or endorse any of the views, positions, or info supplied by the creator on this article. 

A radius server makes use of a community protocol for distant consumer authentication and authorization. It is a consumer/server protocol that permits a distant consumer to entry a community utilizing a shared secret (normally a password). RADIUS servers are usually situated on the perimeter of a community and use port 1812 (UDP) or 1645/1813 (TCP).

RADIUS was initially developed by Livingston Enterprises, Inc. in 1991. It is now an IETF commonplace (RFC 2865). The following are a very powerful issues to learn about RADIUS server authentication.

  •  RADIUS is a distant authentication dial-in consumer service

It was developed to offer centralized authentication, authorization, and accounting administration for networked gadgets comparable to routers and switches.

What does dial-in check with right here? Dial-in is a kind of authentication that permits a consumer to hook up with a community remotely utilizing a cellphone line or different connection. RADIUS servers are used to handle consumer entry to a community. They can be utilized to manage who can entry the community, what providers they will use, and the way a lot bandwidth they will eat.

  •  RADIUS is an alternative choice to TACACS and is commonly used at the side of TACACS+ for authentication and authorization

The purpose for that is that RADIUS is usually used for distant entry, whereas TACACS+ is normally used for gadget administration. While each protocols can be utilized for each functions, RADIUS is normally the popular protocol for distant entry.

  •  A RADIUS server usually makes use of UDP port 1812 (or TCP port 1645/1813) to speak with purchasers

RADIUS servers usually hear on UDP port 1812 (or TCP port 1645/1813). When a RADIUS consumer sends a request to the server, it contains the key key within the request. The server makes use of this key to authenticate the consumer and authorize the request.

RADIUS is a consumer/server protocol, which implies that every RADIUS consumer will need to have a corresponding RADIUS server. A RADIUS consumer is usually a community gadget comparable to a router or change. A RADIUS server is a pc that runs the RADIUS software program and manages consumer entry to the community.

What this implies is that for a consumer to have the ability to entry the community, they have to first authenticate with the RADIUS server. The RADIUS server then authorizes the consumer’s entry to the community and controls what providers they will use.

  •  RADIUS makes use of a consumer/server structure

The RADIUS server is answerable for authenticating customers and sustaining their account info, whereas the RADIUS consumer is usually a community gadget that forwards authentication requests to the server. The purpose this distinction issues is that it permits the server to be centrally situated and managed, whereas the purchasers might be distributed all through the community. This structure additionally makes it doable for the server to authenticate customers in opposition to a number of databases, comparable to an LDAP server or a neighborhood file.

The implications of this are that if the server goes down, all the community will probably be unavailable to customers. This is why it is very important have redundant RADIUS servers in a manufacturing atmosphere.

  •  A RADIUS server can authenticate customers in opposition to a number of databases

RADIUS helps a number of authentication strategies, together with PAP, CHAP, MS-CHAP, and EAP. PAP is the only authentication technique and sends the username and password in clear textual content. CHAP encrypts the password however sends it over the community in plain textual content. MS-CHAP encrypts each the username and password. EAP is a safer authentication technique that makes use of digital certificates.

  •  RADIUS makes use of UDP for transport

RADIUS makes use of UDP as its transport protocol. UDP is a connectionless protocol, which implies that every packet is distributed independently and doesn’t require a connection to be established beforehand. This makes RADIUS very scalable, as it may assist numerous purchasers with out requiring quite a lot of assets on the server.

It issues that RADIUS makes use of UDP for transport as a result of UDP is a much less dependable protocol than TCP. This implies that RADIUS packets might be dropped or misplaced in transit. However, that is normally not an issue as a result of RADIUS makes use of retransmission and error checking to make sure that packets are delivered reliably.

  •  The RADIUS server will need to have a shared secret with the purchasers

The RADIUS server and purchasers will need to have a shared secret, which is used to encrypt and decrypt packets. This shared secret is usually a password or phrase that’s identified solely to the server and purchasers. Without the shared secret, an attacker wouldn’t be capable to learn or modify the packets being exchanged between the server and purchasers.

  •  RADIUS makes use of Access-Request and Access-Accept packets

When a consumer sends an authentication request to a RADIUS server, it does so utilizing an Access-Request packet. The server then responds with an Access-Accept or Access-Reject packet, relying on whether or not the authentication was profitable. If the authentication was profitable, the server will even embrace an Access-Challenge packet, which comprises a problem that the consumer should reply to show its id.

  •  RADIUS can be utilized for AAA

RADIUS can be utilized for AAA, which stands for Authentication, Authorization, and Accounting. Authentication is the method of verifying a consumer’s id, authorization is the method of figuring out what assets a consumer is allowed to entry, and accounting is the method of monitoring and billing for a consumer’s utilization.

AAA is a typical safety mannequin that’s used to manage entry to community assets.

  •  RADIUS is standardized by the IETF

RADIUS is a standards-based protocol, which implies that it’s outlined by an Internet Engineering Task Force (IETF) specification. The most up-to-date model of the RADIUS specification is RFC 2865, which was revealed in June 2000.

  •  RADIUS is usually utilized by ISPs

RADIUS is usually utilized by Internet service suppliers (ISPs) to authenticate and authorize customers who’re making an attempt to entry the web. RADIUS can be utilized by company networks to authenticate and authorize customers who’re making an attempt to entry the community.

  •  There are just a few totally different RADIUS implementations

There are just a few totally different RADIUS implementations, together with FreeRADIUS, Microsoft NPS, and Cisco ACS. FreeRADIUS is the most well-liked open-source RADIUS server. Microsoft NPS is the RADIUS server included in Windows Server. Cisco ACS is a industrial RADIUS server from Cisco Systems.

Conclusion

These are a very powerful issues to learn about RADIUS server authentication. RADIUS is a important a part of many community safety programs, and understanding the way it works is important for anybody who’s answerable for managing a community.

LEAVE A REPLY

Please enter your comment!
Please enter your name here