This is an old revision of the document!

  • RADIUSdesk is a modern front-end to FreeRADIUS.
  • This page will serve as an overview.
  • The components are then discussed in more depth in their own dedicated pages.

Components of the RADIUS server

  • When a RADIUS client contacts RADIUSdesk the following components will be involved.

RADIUS Client

  • RADIUS Clients have to be defined and added to the list of RADIUS clients that are allowed to be processed by RADIUSdesk.
  • We use a server wide common shared secret and then identify a RADIUS Client based on the Nas-Identifier attribute in the RADIUS request.
  • This allows the server to process requests even if the incoming IP Address of the client changes.

RADIUS User (Authentication)

  • RADIUS Authentication request will contain a username.
  • RADIUSdesk features the following user types
    • Permanent Users
    • Vouchers
    • BYOD
  • For the Authentication to succeed, the username in the authentication request must match one of the users defined in RADIUSdesk.

RADIUS Profile (Authorization)

  • Each RADIUS user has to belong to a RADIUS profile.
  • This profile will typically determine the service that the user will be assigned when they connect to the network.
  • The profile can for instance specify the bandwidth assigned to a PPPoE user.

RADIUS Realm (Grouping)

  • Each RADIUS user also has to belong to a RADIUS Realm.
  • Realms are a method used to group users together and may also used to determine if a RADIUS request have to be forwarded to another RADIUS server to process the request.
  • So a realm name might be detrimental in the routing of RADIUS traffic to other RADIUS servers.
  • radius/rad_overview.1707679362.txt.gz
  • Last modified: 2024/02/11 21:22
  • by system