How Authorization, Authentication, and Accounting requests are handled
-----------------------------------------------------------------------
+======================================================================
There are a lot of questions about misconfigured FreeRADIUS servers
because of misunderstanding of FreeRADIUS operations. This document
explains how the server operates.
-
Normally there are 2 steps in processing authentication request coming
from NAS in FreeRADIUS (plus additional steps to proxy request if we
use FreeRADIUS as a proxy): authorization and authentication.
AUTHORIZATION
+-------------
Authorization is a process of obtaining information about the user
from external source (file, database or LDAP), and checking that the
AUTHENTICATION
+--------------
Authentication is simply a process of comparing user's credentials in
request with credentials stored in database. Authentication usually
PROCESSING A REQUEST
+--------------------
During authorization and authentication processes, there are 3 lists
of RADIUS attributes supported by FreeRADIUS: request items, config
value of 'MS-CHAP' into same list. The same goes for NT-Password
(before calling MS-CHAP Password attribute should be converted to
NT-Password, it may be achieved by calling mschap module in
-authorization section after module which does actual authorization).
-
-
-$Date$
-by 3APA3A <3APA3A@SECURITY.NNOV.RU>
+authorization section after module which does actual authorization).
\ No newline at end of file
projects / freeradius.git / blobdiff