- New intro/landing page, xrefs to link with other sections in docs.
- Added components section to include server, nas, datastore info
- Added radius session/message/processing sections.docs:
- Rename Module >> Protocol>> LDAP section to Authentication with LDAP and added relevant subsections
== FreeRADIUS Overview
-FreeRADIUS is the worlds leading RADIUS server used by Internet Service Providers (ISPs), cellular providers, and corporate and educational networks. RADIUS, which stands for “Remote Authentication Dial In User Service”, is a network protocol used to manage network access using xref:concepts:modules/protocol/authproto.adoc[Authentication, Authorization and Accounting] processes.
+FreeRADIUS is the worlds leading RADIUS server used by Internet Service Providers (ISPs), cellular providers, and corporate and educational networks. RADIUS, which stands for “Remote Authentication Dial In User Service”, is a network protocol used to manage network access using xref:concepts:protocol/authproto.adoc[Authentication, Authorization and Accounting] processes.
FreeRADIUS is developed by a group of people who call themselves "The FreeRADIUS Project" and is sponsored by https://www.inkbridgenetworks.com/[InkBridge Networks].
=== What is FreeRADIUS and what is it supposed to do?
The FreeRADIUS Server is a daemon for unix and unix like operating systems which allows one to set up a radius protocol server. The RADIUS protocol manages the communication between network devices to facilitate remote user
-authentication and accounting practices. See xref:concepts:modules/components/architecture.adoc[Architecture] for more information on RADIUS components and interactions. The RADIUS protocol serves three primary functions:
+authentication and accounting practices. See xref:concepts:components/architecture.adoc[Architecture] for more information on RADIUS components and interactions. The RADIUS protocol serves three primary functions:
* Authenticates users or devices before allowing them access to a network.
* Authorizes those users or devices for specific network services.
* xref:index.adoc[Concepts]
** xref:overview.adoc[Overview]
-*** xref:modules/freeradius.adoc[What is FreeRADIUS]
-*** xref:modules/aaa/aaa.adoc[Authentication Authorisation Accounting (AAA)]
-**** xref:modules/aaa/authz.adoc[Authorisation]
-**** xref:modules/aaa/authn.adoc[Authentication]
-**** xref:modules/aaa/acct.adoc[Accounting]
-*** xref:modules/components/architecture.adoc[RADIUS System Components]
-**** xref:modules/components/nas.adoc[Network Access Server (NAS)]
-**** xref:modules/components/radius_servers.adoc[RADIUS Server]
-***** xref:modules/components/radius_servers.adoc#policy[Server Policies]
-**** xref:modules/components/datastore.adoc[Datastores]
-*** xref:modules/session/radius_session.adoc[RADIUS Sessions]
-**** xref:modules/session/radius_session_msg.adoc[Messages]
-**** xref:modules/session/processing.adoc[Processing]
-** xref:modules/protocol/authproto.adoc[Protocols]
+*** xref:freeradius.adoc[What is FreeRADIUS]
+*** xref:aaa/aaa.adoc[Authentication Authorisation Accounting (AAA)]
+**** xref:aaa/authz.adoc[Authorisation]
+**** xref:aaa/authn.adoc[Authentication]
+**** xref:aaa/acct.adoc[Accounting]
+*** xref:components/architecture.adoc[RADIUS System Components]
+**** xref:components/nas.adoc[Network Access Server (NAS)]
+**** xref:components/radius_servers.adoc[RADIUS Server]
+***** xref:components/radius_servers.adoc#policy[Server Policies]
+**** xref:components/datastore.adoc[Datastores]
+*** xref:session/radius_session.adoc[RADIUS Sessions]
+**** xref:session/radius_session_msg.adoc[Messages]
+**** xref:session/processing.adoc[Processing]
+** xref:protocol/authproto.adoc[Protocols]
** xref:modules/ldap/authentication.adoc[Authentication with LDAP]
*** xref:modules/ldap/password_storage.adoc[Password Storage]
*** xref:modules/ldap/novell.adoc[Integrate Novell]
== AAA request handling
-AAA request handling refers to the process by which a system manages xref:modules/aaa/authn.adoc[authentication], xref:modules/aaa/authz.adoc[authorisation], and xref:modules/aaa/acct.adoc[accounting] (AAA) services for users accessing computer resources or network services. This process involves verifying user identities, granting access based on permissions, and tracking their activities for auditing or billing purposes.
+AAA request handling refers to the process by which a system manages xref:aaa/authn.adoc[authentication], xref:aaa/authz.adoc[authorisation], and xref:aaa/acct.adoc[accounting] (AAA) services for users accessing computer resources or network services. This process involves verifying user identities, granting access based on permissions, and tracking their activities for auditing or billing purposes.
Normally there are two steps in processing an authentication request
coming from a NAS in FreeRADIUS: authorisation and authentication.
== Sections in this Guide
* xref:concepts:overview.adoc[Overview] explains the RADIUS server, FreeRADIUS, and the core services provided.
- ** xref:modules/freeradius.adoc[What is FreeRADIUS] explains the benefits of the open-source software version.
- ** xref:modules/aaa/aaa.adoc[Authentication Authorisation Accounting (AAA)] explains the core services provided by FreeRADIUS.
- *** xref:modules/aaa/authz.adoc[Authorisation] is the process of allowing an authenticated user to access services on the network.
- *** xref:modules/aaa/authn.adoc[Authentication] if the process of verifying an end-user's credentials.
- *** xref:modules/aaa/acct.adoc[Accounting] operations record the time spent on the network and services accessed for auditing or billing purposes.
- ** xref:modules/components/architecture.adoc[RADIUS System Components] explains the RADIUS design and components.
- *** xref:modules/components/nas.adoc[Network Access Server (NAS)] outlines the NAS operations and access management.
- *** xref:modules/components/radius_servers.adoc[RADIUS Server] describes the role of the server and how server policies work.
- *** xref:modules/components/datastore.adoc[Datastores] details how datastores work and what's supported.
- ** xref:modules/session/radius_session.adoc[RADIUS Sessions] explains session transmission and management or these session on the network.
- *** xref:modules/session/radius_session_msg.adoc[Session Messages] details the format and content of session messages.
- *** xref:modules/session/processing.adoc[Processing] outlines the flow of messages and how aaa services are implemented.
-* xref:modules/protocol/authproto.adoc[Protocols] defines the protocols used in the RADIUS environment.
+ ** xref:freeradius.adoc[What is FreeRADIUS] explains the benefits of the open-source software version.
+ ** xref:aaa/aaa.adoc[Authentication Authorisation Accounting (AAA)] explains the core services provided by FreeRADIUS.
+ *** xref:aaa/authz.adoc[Authorisation] is the process of allowing an authenticated user to access services on the network.
+ *** xref:aaa/authn.adoc[Authentication] if the process of verifying an end-user's credentials.
+ *** xref:aaa/acct.adoc[Accounting] operations record the time spent on the network and services accessed for auditing or billing purposes.
+ ** xref:components/architecture.adoc[RADIUS System Components] explains the RADIUS design and components.
+ *** xref:components/nas.adoc[Network Access Server (NAS)] outlines the NAS operations and access management.
+ *** xref:components/radius_servers.adoc[RADIUS Server] describes the role of the server and how server policies work.
+ *** xref:components/datastore.adoc[Datastores] details how datastores work and what's supported.
+ ** xref:session/radius_session.adoc[RADIUS Sessions] explains session transmission and management or these session on the network.
+ *** xref:session/radius_session_msg.adoc[Session Messages] details the format and content of session messages.
+ *** xref:session/processing.adoc[Processing] outlines the flow of messages and how aaa services are implemented.
+* xref:protocol/authproto.adoc[Protocols] defines the protocols used in the RADIUS environment.
* xref:modules/ldap/authentication.adoc[Authentication with LDAP] can be used by RADIUS servers to authenticate the network users.
** xref:modules/ldap/password_storage.adoc[Password Storage] explains the methods of how the user's information can be stored.
** xref:modules/ldap/novell.adoc[Integrate Novell] with RADIUS networks using LDAP.
> Well, this difficult and not the same as previous request
> That client has made this difficult. I'm limited by some constraints!
-In this case, the mschap module looks at the request, and finds the MS-CHAP attributes. It sets the *Auth-Type* to itself (mschap). A database module (such as LDAP, above) gets the "known good" password, and adds it to the request. The mschap module is then run for authentication. It looks for either a clear text password or nt-hash. See an explanation for this limitation is explained in the xref:modules/protocol/authproto.adoc#Proto-Password-Compat[Protocol Password Compatibilty] table. If one of those hasn't been added by a database, the mschap module says:
+In this case, the mschap module looks at the request, and finds the MS-CHAP attributes. It sets the *Auth-Type* to itself (mschap). A database module (such as LDAP, above) gets the "known good" password, and adds it to the request. The mschap module is then run for authentication. It looks for either a clear text password or nt-hash. See an explanation for this limitation is explained in the xref:protocol/authproto.adoc#Proto-Password-Compat[Protocol Password Compatibilty] table. If one of those hasn't been added by a database, the mschap module says:
> Sorry, I can't authenticate the user,
> because I don't have the information I need to validate MSCHAP.
Server-side attributes are presented using the same format as standard or vendor RADIUS attributes. This format gives the administrator the same control over internal aspects of the server behavior as over the server external responses. The server-side attribute information can be retrieved as part of one policy and checked later as part of another policy. For example, the policy can say “use LDAP server X for this request” and “respond with attribute X, value Y”.
-=== xref:modules/session/processing.adoc[Processing Requests]
+=== xref:session/processing.adoc[Processing Requests]
The server processes requests through local site policy. That policy is used to examine the request, the request attributes, and the attribute values. The server then builds a reply message using responses (determined by local policy) such as time of day restrictions, group access limitations, and IP address allocation. The processing stage may include keeping track of <<server-attr,server-side attributes>>. FreeRADIUS maintains these attribute lists for every request.
projects / thirdparty / freeradius-server.git / commitdiff
