During the process where the user requests access to the RADIUS server, RADIUS authorization and authentication happen simultaneously. An “authentication request” occurs when the Network Access Server (NAS) sends a request to the RADIUS server.
If the server’s request for authentication is accepted, the RADIUS server sends a series of configuration information to the Network Access Server in order to grant the user access. This configuration information is comprised of various “authorizations”.
The exact type of authorization differs depending on the RADIUS configuration, the overall network, and the user.
RADIUS authorizations may include verifying the user’s telephone number, checking to see whether the user already has a session in progress by contacting a state server, or requesting a secondary password or a PIN.
Authorization can also be personalized for each unique user or user type. For instance, a user may be authorized to access a company’s wireless network but not its Virtual Private Network (VPN). Authorization information may be stored directly on the RADIUS server or may be looked up in an external source, such as Active Directory.
Need more help?
InkBridge Networks has been at the forefront of network security for over two decades, tackling complex challenges across various protocols and infrastructures. Our team of seasoned experts has encountered and solved nearly every conceivable network security issue. If you're looking for insights from the architects behind some of the internet's most foundational authentication systems, you can request a quote for network security solutions here.
Related Articles
Authorization: Authorized personnel only
The first article in our series described the authentication process, whereby the RADIUS server prevents unauthorized users from accessing the system. In today’s article, we’ll examine the second link in the RADIUS security chain: authorization.
How does RADIUS Accounting work?
RADIUS accounting is a critical component of the RADIUS protocol that collects data for statistical purposes, network monitoring, and accurate billing of users. This process works alongside RADIUS authentication and authorisation to create a comprehensive network security solution.