Chapter 18 RADIUS - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Chapter 18 RADIUS

Description:

Supports authentication, authorization, and accounting. Defined in RFC 2865. Features of RADIUS ... NAS sends Access-Request message to RADIUS server containing ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 11
Provided by: edmun9
Category:

less

Transcript and Presenter's Notes

Title: Chapter 18 RADIUS


1
Chapter 18 RADIUS
2
RADIUS
  • Remote Authentication Dial-In User Service
  • Protocol used for communication between NAS and
    AAA server
  • Supports authentication, authorization, and
    accounting
  • Defined in RFC 2865

3
Features of RADIUS
  • Client/Server model
  • NAS operates as a RADIUS client by passing user
    info to RADIUS server and acting on response from
    server
  • RADIUS server receives connection requests,
    authenticates user, and provides configuration
    settings to client
  • RADIUS server can act as a proxy client to other
    authentication servers
  • Flexible authentication mechanisms
  • Can support PPP PAP or CHAP, Unix login, and
    other authentication mechanisms
  • Extensible
  • All transactions con attribute/value tuples
  • New attributes can be added to existing protocol

4
RADIUS Architecture
  • Defined in RFC 2865
  • Uses UDP port 1645 or 1812
  • Communication between RADIUS server and client is
    in clear-text except for passwords

5
RADIUS Packet Format
  • Code field used to identify type of packet
    access-request, access-accept, access-reject,
    accounting-request, accounting-response,
    access-challenge
  • Identifier field used to match requests with
    replies
  • Authenticator field contains a 16-byte random
    number used to authenticate the reply from the
    RADIUS server and to hide the password

6
Password Encryption
  • Encrypted password transmitted is equal to
  • (Hash_A) XOR (padded user password)
  • Where Hash_A MD5 request authenticator,
    preshared secret
  • Receiver calculates Hash_A on its own and XORs it
    with the encrypted password to get the padded
    password back in clear-text

7
RADIUS Authentication
  • NAS sends Access-Request message to RADIUS server
    containing username, encrypted password, IP
    address of NAS, and type of service
  • RADIUS server replies with Access-Accept,
    Access-Reject, or Access-Challenge message

8
RADIUS Authentication
9
RADIUS Accounting
  • Start/Stop records sent at start/end of sessions
    using UDP port 1646 or 1813
  • RFC 2866

10
RADIUS Authorization
  • Authorization data in Accept message lists user
    authorized services (eg. telnet, rlogin, PPP) and
    client IP address
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Chapter 18 RADIUS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!