Summary
This chapter is the introduction and foundation on which we will build that. As a rehash on important points discussed, be sure to know the following facts:
|
Name |
Stands for |
Short description |
|---|---|---|
|
AAA |
Authentication, Authorization, and Accounting |
The three components required for proper control of access and usage. |
|
NAS |
Network Access Server |
A device controlling access to the network for example, a VPN server. Acts as the RADIUS client. |
|
AVP |
Attribute Value Pair |
A three-field component inside a RADIUS packet used to contain a specified field and its data. |
|
VSA |
Vendor-Specific Attributes |
An extension of the AVP managed by a specific vendor. |
- AAA is a security architecture model.
- RADIUS is a specific implementation of AAA.
- FreeRADIUS is a practical application of RADIUS.
- Thus we have AAA → RADIUS → FreeRADIUS.
- RADIUS is all about central control and is the de facto standard supported by NAS vendors.
- RADIUS is a client/server protocol. It uses UDP and listens on port 1812 for authentication and port 1813 for accounting requests.
- RADIUS data packets have a code field, which specifies the type of RADIUS packet.
- RADIUS data packets have zero or more AVPs, which contain the data used in RADIUS.
- FreeRADIUS implements the RADIUS protocol along with its various extensions as specified in RFCs.
- FreeRADIUS is a very popular, widely used, and very flexible RADIUS server.
This chapter was a FreeRADIUS starter. The main course begins with the next chapter where we'll be installing FreeRADIUS and starting to use it.
Pop quiz – RADIUS knowledge
- Explain the term NAS device.
- What are the start and end points of a session?
- Which protocol and ports does RADIUS use?
- What do the RADIUS client and server require for successful communication?
- What packet does the RADIUS client send when authenticating a user?
- Who initiates a Disconnect Request packet and who receives it?
- Name three components of an Attribute Value Pair (AVP).
- Alice connects with username
alice@freeradius.orgto a network. What is the name of the realm to which Alice belongs?
