While the RADIUS server is processing the authentication request, it can perform authorization functions such as verifying the user's telephone number and checking whether the user already has a session in progress. This configuration information is composed of "authorizations" and contains, among others, the type of service NAS may provide to the User (for example, PPP, or telnet). If a RADIUS server authenticates the User successfully, the RADIUS server returns configuration information to the NAS so that it can provide network service to the user. The request sent by the NAS to the RADIUS server in order to authenticate the User is generally called an "authentication request." The RADIUS client, that is, the NAS, passes information about the User to designated RADIUS servers, and then acts on the response that the servers return. Servers that support the RADIUS protocol are generally referred to as the RADIUS servers. The NAS and the NPS server communicate using the RADIUS protocol.Ī NAS operates as a client of a server or servers that support the RADIUS protocol. In order to authenticate the User, the NAS contacts a remote server running NPS. The following diagram shows an authenticating client ("User") connecting to a Network Access Server (NAS) over a dial-up connection, using the Point-to-Point Protocol (PPP). The RADIUS protocol is the de facto standard for remote user authentication and it is documented in RFC 2865 and RFC 2866. NPS fully supports the Remote Authentication Dial-In User Service (RADIUS) protocol. Throughout the text, NPS is used to refer to all versions of the service, including the versions originally referred to as IAS.
The content of this topic applies to both IAS and NPS. Internet Authentication Service (IAS) was renamed Network Policy Server (NPS) starting with Windows Server 2008.
0 kommentar(er)
