Authorization in RADIUS, Authorization in freeradius

Guy Fraser guy at incentre.net
Tue Sep 4 17:09:12 CEST 2007


On Sun, 2007-09-02 at 15:36 +0100, George Beitis wrote:
> Hi everyone,
> I have a general question regarding Authorization in the RADIUS protocol
> and how it is implemented in freeradius.  What does the RADIUS protocol
> refer to when it talks about Authorization, does it actually refer to
> users being probably authorized after being authenticated, using the
> protocol?  Are there RADIUS specific attributes that are for
> authorization? (not authentication).  There are ways of implementing
> authorization into freeradius, but do those simply overwrite the
> authentication decision?  DIAMETER provides such authorization messeges
> from my understanding but the RADIUS protocol does not talk about any,
> is this correct?
> 

As far as I understand, Radius is not a AAA server in the way
you put it. Radius Authenticates, Accounts and sends Authorization 
configuration information to the NAS, which implements the 
Authorization. Radius does not enforce or restrict anything the 
NAS is not configured to perform, and can in fact the Authentication 
and Authorization can be overridden by the local configuration on the 
NAS or requesting Radius Proxy if in use.

> thank you very much
> 
> regards
> George






More information about the Freeradius-Users mailing list