[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Working with LDAP, radius clients, users, etc
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2019-08-21 17:16:26
Message-ID: B21F66DB-6941-4417-8F68-51AC1098BDDB () deployingradius ! com
[Download RAW message or body]

On Aug 21, 2019, at 12:46 PM, Paul Pathiakis via Freeradius-Users \
<freeradius-users@lists.freeradius.org> wrote:
> It is quite possible about my having 'misconceptions'. :)

  Everyone began somewhere.

> However, with the response you gave, it's pretty clear now.  It's just asking if \
> the 'client' aka infrastructure machine or service is allowed to proceed and \
> nothing more.

  I'm not sure what you mean by "allowed to proceed".  There are many, many, things \
which are necessary for RADIUS to work.

> My misconception comes from being a sysadmin of 30 years.  Every time I see \
> 'client', I tend to think of a 'hard asset'.  With regards to authentication, I \
> have to wrap my mind around the 'verification concept' which is 'authentication' \
> and nothing more.

  Client here means "client / server".  FreeRADIUS is a RADIUS server.  A NAS / \
switch / AP is a RADIUS client.

  End-user systems aren't RADIUS clients.

> It is just the first step in getting 'onto' systems/services, etc in the \
> 'authentication' 'authorization' 'access' where, in my world, the final piece is \
> the actual allowing of login to proceed... yes?

  Authentication here means that the RADIUS server receives an Access-Request packet \
with some authentication data in it.  (EAP, User-Password, CHAP-Password, etc.).  The \
RADIUS server receives that packet from a RADIUS client.  The RADIUS client receives \
the authentication data from an "end user" system.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]