RADIUS WACREN Training February 2019 Lagos RADIUS Stands
RADIUS WACREN Training | February 2019 | Lagos
RADIUS • Stands for “Remote Authentication Dial In User Service” • Network Protocol for remote user authentication • Used by ISPs, Cellular Network Providers and educational networks Three primary functions (AAA) • Authenticates user or devices before allowing them access to network • Authorizes those users/devices for specific network services • Accounts for and tracks usage of these services WACREN Training | February 2019 | Lagos
AAA – Authentication, Authorization & Accounting • Authentication: Validating the identity of a user by matching the credentials supplied by user to those found in user directory • Authorization: Determine what permissions are granted to the user, eg. specific VLAN, bandwidth limit, … • Authentication vs. Authorization example: Police road check, you can authenticate yourself with ID, but only show that you are authorized to drive a car with your drivers license • Accounting not relevant in eduroam context, as it is a free service WACREN Training | February 2019 | Lagos
Supplicant RADIUS – Components Authenticator User Directory Registry WACREN Training | February 2019 | Lagos
Free. RADIUS • Most widely used open source RADIUS server, but there are others • Created and maintained by Alan De. Kok, a no-nonsense type Benefits • Features usually only seen in commercial servers: EAP, Virtual Servers • Modular - Easy to enable/disable functionalities • Scalable – Thousands of requests handled by a single instance WACREN Training | February 2019 | Lagos
Support Free. RADIUS • Online Documentation • Mailing List (Don’t be put off by the tone) eduroam • Your NRO (National Roaming Operator): Ng. REN • African eduroam confederation operated by Af. REN (UA & WACREN) • eduroam Wiki, OT (Operations Team) and Slack channel WACREN Training | February 2019 | Lagos
RADIUS – Session Process • User connects to NAS using PPP or other Data Layer link protocol • NAS send an Access-Request message to the RADIUS server, contains user credentials and additional attributes (MAC address, host name) using either PAP, CHAP or EAP protocol • RADIUS server verifies request against user directory • RADIUS server sends back Access Reject, Access Challenge, or Access Accept WACREN Training | February 2019 | Lagos
RADIUS – Internal Packet Processing pre-auth WACREN Training | February 2019 | Lagos
- Slides: 8
