[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Working with LDAP, radius clients, users, etc
From: Alan DeKok <aland () deployingradius ! com>
Date: 2019-08-21 17:16:26
Message-ID: B21F66DB-6941-4417-8F68-51AC1098BDDB () deployingradius ! com
[Download RAW message or body]
On Aug 21, 2019, at 12:46 PM, Paul Pathiakis via Freeradius-Users \
<freeradius-users@lists.freeradius.org> wrote:
> It is quite possible about my having 'misconceptions'. :)
Everyone began somewhere.
> However, with the response you gave, it's pretty clear now. It's just asking if \
> the 'client' aka infrastructure machine or service is allowed to proceed and \
> nothing more.
I'm not sure what you mean by "allowed to proceed". There are many, many, things \
which are necessary for RADIUS to work.
> My misconception comes from being a sysadmin of 30 years. Every time I see \
> 'client', I tend to think of a 'hard asset'. With regards to authentication, I \
> have to wrap my mind around the 'verification concept' which is 'authentication' \
> and nothing more.
Client here means "client / server". FreeRADIUS is a RADIUS server. A NAS / \
switch / AP is a RADIUS client.
End-user systems aren't RADIUS clients.
> It is just the first step in getting 'onto' systems/services, etc in the \
> 'authentication' 'authorization' 'access' where, in my world, the final piece is \
> the actual allowing of login to proceed... yes?
Authentication here means that the RADIUS server receives an Access-Request packet \
with some authentication data in it. (EAP, User-Password, CHAP-Password, etc.). The \
RADIUS server receives that packet from a RADIUS client. The RADIUS client receives \
the authentication data from an "end user" system.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic