Radius packets – RSA Security 6.1 User Manual

Page 16

background image

4

About RSA RADIUS Server

September 2005

If the user ID is not found or if the passcode is not appropriate for the
specified user, the RSA Authentication Manager returns a message indicating
the passcode is not accepted (6b).

7

If the RSA RADIUS server receives a message indicating the passcode is
accepted, it forwards a RADIUS Access-Accept message to the RAS (7a).

Z

If the RSA Authentication Manager specified a profile name with the
accept message, the RSA RADIUS server sends the return list attributes
associated with that profile to the RAS.

Z

If the RSA Authentication Manager did not specify a profile name with
the accept message, the RSA RADIUS server sends the return list
attributes associated with the default profile to the RAS.

For example, the Access-Accept message might specify that the access client
must use a specific IP address or be connected to a specific VLAN on the
network.
If the RSA RADIUS server receives a message indicating the passcode is
rejected, it forwards a RADIUS Access-Reject message to the RAS (7b).

NOTE: If the user requesting the network connection is in New Pin mode
or New Token mode (not shown), the RSA Authentication Manager sends
a message asking for more information, which the RSA RADIUS server
forwards to the user. When the user responds with values the
RSA RADIUS server can accept, the authentication sequence continues.

8

Depending on what information the RAS receives from the RSA RADIUS
server, the RAS accepts and configures the user connection or rejects the
user connection.

9

Based on the information it receives from the RSA RADIUS server, the RAS
grants or denies the connection request.

After the user is authenticated and the connection established, the RAS might
forward accounting data to the RSA RADIUS server to document the
transaction; the RSA RADIUS server can store or forward this data to support
billing for services provided during the network connection.

RADIUS Packets

A RADIUS client and a RADIUS server communicate by means of RADIUS
packets. RADIUS packets carry messages between the RADIUS client and
RADIUS server in a series of request and response transactions: the client sends a
request and expects a response from the server. If the response does not arrive,
the client can retry the request periodically.