Authorization in FreeRADIUS
This section can be seen as an overview of subjects we have covered up to now and as a refresher before moving on to more hands-on exercises with authorization.
- Requests are sent from an NAS (the client) to FreeRADIUS (the server).
- These requests are handled by virtual servers, which are defined in the FreeRADIUS configuration. The default virtual server is called
default. - The manner in which incoming requests are handled depends on the configuration of the various sections inside a virtual server file.
- The request itself is handled by the various sections in a logical order. The
authorizesection always handlesAccess-Requestpackets before theauthenticatesection does. Thepreacctsection likewise always handlesAccounting-Requestpackets before theaccountingsection does. - Although the section order cannot be changed, we have much flexibility inside the section to manipulate the request.
The next part will be a basic introduction to ways to process a request. With...
