Working with LDAP, radius clients, users, etc

Alan DeKok aland at
Wed Aug 21 19:16:26 CEST 2019

On Aug 21, 2019, at 12:46 PM, Paul Pathiakis via Freeradius-Users <freeradius-users at> wrote:
> It is quite possible about my having 'misconceptions'. :)

  Everyone began somewhere.

> However, with the response you gave, it's pretty clear now.  It's just asking if the 'client' aka infrastructure machine or service is allowed to proceed and nothing more.

  I'm not sure what you mean by "allowed to proceed".  There are many, many, things which are necessary for RADIUS to work.

> My misconception comes from being a sysadmin of 30 years.  Every time I see 'client', I tend to think of a 'hard asset'.  With regards to authentication, I have to wrap my mind around the 'verification concept' which is 'authentication' and nothing more.

  Client here means "client / server".  FreeRADIUS is a RADIUS server.  A NAS / switch / AP is a RADIUS client.

  End-user systems aren't RADIUS clients.

> It is just the first step in getting 'onto' systems/services, etc in the 'authentication' 'authorization' 'access' where, in my world, the final piece is the actual allowing of login to proceed... yes?

  Authentication here means that the RADIUS server receives an Access-Request packet with some authentication data in it.  (EAP, User-Password, CHAP-Password, etc.).  The RADIUS server receives that packet from a RADIUS client.  The RADIUS client receives the authentication data from an "end user" system.

  Alan DeKok.

More information about the Freeradius-Users mailing list