Table of Contents
- RADIUSdesk is a modern frontend for FreeRADIUS.
- This page is intended to give you an overview.
- The components are described in more detail on their own pages.
Components of the RADIUS server
- When a RADIUS client contacts RADIUSdesk, the following components are involved.
RADIUS Client
- RADIUS clients must be defined and added to the list of RADIUS clients that RADIUSdesk is allowed to process.
- We use a server-wide shared secret and then identify a RADIUS client using the Nas-Identifier attribute in the RADIUS request.
- This allows the server to process requests even if the incoming IP address of the client changes.
RADIUS User (Authentication)
- The RADIUS authentication request contains a user name.
- RADIUSdesk offers the following user types
- Permanent Users
- Vouchers
- BYOD
- For authentication to be successful, the user name in the authentication request must match one of the users defined in RADIUSdesk.
RADIUS Profile (Authorization)
- Every RADIUS user must belong to a RADIUS profile.
- This profile usually determines the service that is assigned to the user when they connect to the network.
- For example, the profile can define the bandwidth that is assigned to a PPPoE user.
RADIUS Realm (Grouping)
- Each RADIUS user must also belong to a RADIUS realm.
- Realms are a method of grouping users and can also be used to determine whether a RADIUS request must be forwarded to another RADIUS server in order to process the request.
- A realm name can therefore play a role in forwarding RADIUS traffic to other RADIUS servers.