This is an old revision of the document!

  • RADIUSdesk is a modern frontend for FreeRADIUS.
  • This page is intended to give you an overview.
  • The components are described in more detail on their own pages.

Components of the RADIUS server

  • When a RADIUS client contacts RADIUSdesk, the following components are involved.

RADIUS Client

  • RADIUS clients must be defined and added to the list of RADIUS clients that RADIUSdesk is allowed to process.
  • We use a server-wide shared secret and then identify a RADIUS client using the Nas-Identifier attribute in the RADIUS request.
  • This allows the server to process requests even if the incoming IP address of the client changes.

RADIUS User (Authentication)

  • The RADIUS authentication request contains a user name.
  • RADIUSdesk offers the following user types
    • Permanent Users
    • Vouchers
    • BYOD
  • For authentication to be successful, the user name in the authentication request must match one of the users defined in RADIUSdesk.

RADIUS Profile (Authorization)

  • Each RADIUS user has to belong to a RADIUS profile.
  • This profile will typically determine the service that the user will be assigned when they connect to the network.
  • The profile can for instance specify the bandwidth assigned to a PPPoE user.

RADIUS Realm (Grouping)

  • Each RADIUS user also has to belong to a RADIUS Realm.
  • Realms are a method used to group users together and may also used to determine if a RADIUS request have to be forwarded to another RADIUS server to process the request.
  • So a realm name might be detrimental in the routing of RADIUS traffic to other RADIUS servers.
  • radius/rad_overview.1707706491.txt.gz
  • Last modified: 2024/02/12 04:54
  • by system