Authorization in RADIUS, Authorization in freeradius
Guy Fraser
guy at incentre.net
Tue Sep 4 17:09:12 CEST 2007
On Sun, 2007-09-02 at 15:36 +0100, George Beitis wrote:
> Hi everyone,
> I have a general question regarding Authorization in the RADIUS protocol
> and how it is implemented in freeradius. What does the RADIUS protocol
> refer to when it talks about Authorization, does it actually refer to
> users being probably authorized after being authenticated, using the
> protocol? Are there RADIUS specific attributes that are for
> authorization? (not authentication). There are ways of implementing
> authorization into freeradius, but do those simply overwrite the
> authentication decision? DIAMETER provides such authorization messeges
> from my understanding but the RADIUS protocol does not talk about any,
> is this correct?
>
As far as I understand, Radius is not a AAA server in the way
you put it. Radius Authenticates, Accounts and sends Authorization
configuration information to the NAS, which implements the
Authorization. Radius does not enforce or restrict anything the
NAS is not configured to perform, and can in fact the Authentication
and Authorization can be overridden by the local configuration on the
NAS or requesting Radius Proxy if in use.
> thank you very much
>
> regards
> George
More information about the Freeradius-Users
mailing list