Entry
Network: Security: Server: Radius: What is: What is a RADIUS server? [protocol]
Mar 26th, 2005 00:27
Knud van Eeden,
----------------------------------------------------------------------
--- Knud van Eeden --- 26 March 2005 - 12:23 am ----------------------
Network: Security: Server: Radius: What is: What is a RADIUS server?
[protocol]
---
---
RADIUS = 'R'emote 'A'uthentication 'D'ial-'I'n 'U'ser 'S'ervice
---
---
A RADIUS 'server' is part of a system to authenticate, authorize and
account for users who want to access some (network) system.
---
---
Originally developed for dial-up remote access, RADIUS is now used by
systems like:
1. authenticating Ethernet switches
2. Digital Subcriber Line (DSL) access
3. virtual private network (VPN) servers
4. wireless access points
5. Other network access types
---
---
This whole system has been standardized by using e.g.
1. a standard protocol (RADIUS)
2. standard package (UDP)
3. standard ports (1645 and 1812, 1646 and 1813)
---
The 'client' communicates direction of the 'server' using some
standard protocol, so that the server can understand it.
This standard protocol (similar to other protocols like HTTP, FTP, ...)
has been called RADIUS.
---
---
A RADIUS 'server' is part of a 4 tier system, consisting of
1. a 'client' who asks for access
2. a 'server' which accepts the request and checks it
3. a 'database' which contains the data to make the checking possible.
4. a 'system' the 'client' wants to connect to
---
figure: 4 tier system
1 2 3
+----------+ +----------+ +----------+
| | | | | |
| | | | | |
| 'client' | <-------- | 'server' | <-------> |'database'|
| | --------> | | | |
| | | | | |
| | | | | |
+----------+ +----------+ +----------+
^
|
V
4
+----------+
| |
| |
| 'system' |
| client |
| wants to|
|connect to|
+----------+
---
---
A typical situation in this system will be that:
1. some 'client' asks for access to the 'system'.
2. The request (in the form of a UDP packet containing this request) is
sent away via a certain port (1645 or 1812)
3. The (RADIUS) 'server' will continuously listen on that certain port
4. When the 'server' receives the request it will check it in
his 'database'
5. If the 'server' finds the data (e.g. username + password of the
client)
it will accept this request
1. The server will then allow access to the system
(e.g. by letting some information go through)
6. If the server does not find the data (e.g. username + password of
the
client) if will not accept this request
1. The server will then not allow access to the system
(e.g. by not letting some information go through)
---
---
Per design, RADIUS messages are never sent between the access 'client'
and the access 'server'.
Thus the only thing the RADIUS server does is acting like a 'switch',
or 'relay', it lets some other information (e.g. TCP/IP packets) go
through, or just blocks it.
---
---
The 'client' and the 'server' both communicate via certain standard
ports.
---
figure: 4 tier system, where the 'server' communicates with
the 'client' via
a certain port
1 2 3
+----------+ +----------+ +----------+
| | | | | |
| | | | | |
| 'client' | --------> | 'server' | <-------> |'database'|
| |port port| | | |
| |1812 1812| | | |
| | | | | |
+----------+ UDP packet+----------+ +----------+
^
|
V
4
+----------+
| |
| |
| 'system' |
| client |
| wants to|
|connect to|
+----------+
---
---
The 'server' and the 'database' both communicate with each other using
the correct standard database drivers and the standard database
language, SQL.
---
figure: 4 tier system, where the 'server' typically communicates with
the 'database' using a database language (e.g. some SQL query),
gets connected via some driver, and receives some data back.
1 2 3
+----------+ +----------+ +----------+
| | | | | |
| | | | | |
| 'client' | --------> | 'server' | <-------> |'database'|
| | | |SQL-> <-data| |
| | | | | |
| | | | driver | |
+----------+ +----------+ +----------+
^
|
V
4
+----------+
| |
| |
| 'system' |
| client |
| wants to|
|connect to|
+----------+
---
---
1. The 'client' can typically be:
-network switch
-dial-up server
-VPN server
-wireless access point
2. The 'server' is typically a software program (written in e.g. ASP,
C++, ColdFusion, JSP, Perl, PHP or Python) continuously listening on
some ports and taking appropriate action.
1. On Linux e.g. the 'FreeRadius' program is used
2. On Windows e.g. the 'WinRadius' program is used
3. The 'database' containing the data typically is
-a flat file
-an XML file
-a relational database
(like Microsoft SQL Server, MySql, Oracle, ...)
-or in general some data storage system
---
---
Book: see also:
---
[book: author: Hassell, Jonathan - title: RADIUS - publisher: O'Reilly]
---
---
Internet: see also:
---
[search: Internet: http://www.google.com: search for 'what is the best
radius server':
http://www.microsoft.com/technet/itsolutions/network/security/radiusec.
mspx]
---
Network: Links: Overview: Can you give me an overview of links?
http://www.faqts.com/knowledge_base/view.phtml/aid/34809/fid/625
---
Operating system: Microsoft Windows: WAMP: Link: Overview: Can you
give an overview of links? [LAMP]
http://www.faqts.com/knowledge_base/view.phtml/aid/33803/fid/772
----------------------------------------------------------------------
