HP-UX AAA Server A.07.01 Administrator's Guide

Figure 1-2 Client-Server RADIUS Transaction

When the user's device connects to the client, the client sends a RADIUS Access-Request

to the AAA server. When the server receives the request, it validates the sending client.

If the client is permitted to send requests to the server, the server then takes information

from the Access-Request and attempts to match the request to a user profile. If all

conditions are met, the server sends an Access-Accept packet to the client; otherwise,

the server sends an Access-Reject packet. An Access-Accept data packet often includes

authorization information that specifies the services the user can access and other

session information, such as a timeout value that indicates when the user must be

disconnected from the system.

When the client receives an Access-Accept packet, it generates an Accounting-Request

to start the session and send the request to the server. The Accounting-Request data

packet describes the type of service being delivered and the user of the service. The

server then responds with an Accounting-Response to acknowledge that the request

was successfully received and recorded. The user's session ends when the client

generates an Accounting-Request that is triggered by the user, the client, or an

interruption in service-to stop the session. The server acknowledges the

Accounting-Request with an Accounting-Response.

Establishing a RADIUS Session 33