RADIUS stands for Remote Authentication Dial in User Service. It is used to authenticate remote users. Instead of authenticating users at individual RAS server, we pass a request to central server (RADIUS server), and let the authentication happen there.
All RAS servers pass authentication requests to this central server (RADIUS server) that is doing the authentication. It is authenticating users based on Active Directory. It is also doing reporting, so it is doing .accounting and authentication. With RADIUS authentication will takes place at a central location. Now there is no need to maintain a local database of users for each RAS server. When ever authentication needed RAS server forwards query to RADIUS server.
Accounting means we keep tracking who is connected, how long, why they failed to
connect etc., the information is all centralized here.
By centralizing accountability and authentication we are doing our RAS servers
as dumb devices. So when RAS server fails then there is no need to worry about the 100 or 1000 accounts we manually created on the RAS server, so that we can authenticate. All you need to do is swap out this device with another and configure it to pass the authentication to RADIUS server.
Note: Terminology wise the central server is RADIUS server. Clients for RADIUS are RAS servers.
No comments:
Post a Comment