User manual
RADIUS Authentication and Accounting E-
3
If you enable:
• Local authentication only - the NETServer grants or denies
access based on the information in the local user table only.
• RADIUS authentication only - the NETServer sends a request
to the RADIUS server and grants or denies access based on
the response.
• Both local and RADIUS authentication - the NETServer first
checks the local user table. If the user is defined in the local
user table, the NETServer grants or denies the user access
based on the information in the table. If the user is not
defined in the user table, the NETServer sends a request to
the RADIUS server and grants or denies access based on the
response.
RADIUS Authentication Process
When a user dials into the NETServer, and local authentication
is enabled, the NETServer first checks its own user table. If the
NETServer can not find the user, it then checks with the
RADIUS server. If a local entry is found, RADIUS authentication
will not be attempted.
The NETServer encrypts the user's password using an
encryption key shared by both the NETServer and the RADIUS
server, and passes the user name and encrypted password on to
the RADIUS server. The RADIUS server then checks the user
name and password against its users file, determines whether to
grant or deny access, and passes this information back to the
NETServer.
If access is denied, the NETServer disconnects the user. If access
is granted, the RADIUS server will forward the appropriate user
configuration information (such as what host or what protocol
the user needs) to the NETServer.