News:

Tekforums.net - The improved home of Tekforums! :D

Main Menu

In Theory.. how does RADIUS work?

Started by PuNk, May 31, 2007, 01:18:41 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

PuNk

May 31, 2007, 01:18:41 AM
Im supposed to be making a prototype of a RADIUS server, and in all honestly ive no idea how it works, or even the theory behind it.

I have so much material and information on how to set up a RADIUS server, but no idea what it does.

Do I need a specific switch, or a domain controller to work with the RADIUS server? so that when somebody plugs hardware into the network, the switch or something point them in the direction of the authentication server?

My lecturer said to me "all you need is a server, you dont need a switch"
but i dont understand how that will work? something needs to take control of the network and make sure the users are authenticated surely?!

im so confused and i think its because my lecturer is talking balls or misunderstanding what im saying.

Tongy

#1
May 31, 2007, 07:23:23 AM
http://en.wikipedia.org/wiki/RADIUS that should get you started.

Radius is essentially an authentication server, alot of organisations use them for VPN and wireless authentication and ISPs use them to verify connections to their services.

Cheers
Tongy

Porch Monkey

#2
May 31, 2007, 10:14:06 AM
Radius is an authentication method. In the same way that any other method operates you need to tell the authenticating device that its method of authentication is Radius and use use the following server ....

M$ provide a free one as an add on to server called IAS which allows you to querie the local user database as a radius server.

The authenticating device (can be VPN device, authenticating firewall, wireless or even a switch if youre using 802.1x) will ask a client to authenticate itself. When the client replies with the username/password combo the device will ask the Radius server if this is a valid username/password.

Most Radius servers allow you to assign a number of conditions (member of a specific group, specific user atributes etc.) to the permit/deny action but basically if the username and password are correct and the user on the Radius server meets the conditions it will reply to the authenticating device with a yes or no.

If your task it to build a Radius server you dont need to worry about the authenticating device. As Radius is now an industry standard (RFC 2865) if you write your server to the standard it should be interoperable with any device that also conforms to the Radius standard,
Print
Go Up Pages1
User actions