RADIUS Operation
When a user attempts to log in and authenticate to an access server using RADIUS, the following steps occur:
-
The user is prompted to enter the username and password.
-
The username and encrypted password are sent over the network to the RADIUS server.
-
The user receives one of the following responses from the RADIUS server:
-
ACCEPT—The user is authenticated.
-
CHALLENGE—A challenge is issued by the RADIUS server. The challenge collects additional data from the user.
-
CHANGE PASSWORD—A request is issued by the RADIUS server, asking the user to select a new password.
-
REJECT—The user is not authenticated and is prompted to reenter the username and password, or access is denied.
-
-
Services that the user can access, including connections such as Telnet, rlogin, or local-area transport (LAT), and services such as PPP, Serial Line Protocol (SLIP), or EXEC services.
-
Connection parameters, including the host or client IP address, access list, and user timeouts.