About RADIUS
Remote Authentication Dial In User Service (RADIUS) is an industry-standard networking protocol for providing Authentication, Authorisation, and Accounting (AAA) management for users that connect and use a network service.
The RADIUS client is typically a Network Access Server (NAS). The client passes user information to the RADIUS server and acts on the response that is returned. The RADIUS server receives user connection requests and authenticates the user with information in a trusted database.
If a match is found and the user's credentials are correct, the RADIUS server sends an Access-Accept message to the NAS and the configuration information necessary for the client to deliver service to the user. The NAS may then forward accounting information to the RADIUS server to document the transaction. The RADIUS server may store or forward this information as needed to support billing for the services provided.
If a match is not found or a problem is found with the user's credentials, the server returns an Access-Reject message. The NAS then terminates the user's connection.
A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers.
Authentication
Authentication is the process of verifying a user's identity.
Authorisation
Authorisation is the process of determining whether the user is allowed on the network and applying network access values based on a defined security policy.
Accounting
Accounting is the process of generating log files that record session statistics used for billing, system diagnosis, and usage planning.