Access | Remote | RSA | RSA | |
Client | Access | RADIUS | ||
Authentication | ||||
| Server | Server | ||
| Manager | |||
|
|
| ||
| 1. Connection Request | Connection Notification |
| |
| 2. TTLS/PAP Tunnel Negotiation |
| ||
| TTLS/PAP Tunnel |
|
| |
|
| 3. User ID/Passcode? |
| |
| 4. User ID/Passcode |
| 5. User ID/Passcode | |
| 8a. Connection Accepted | 7a. | 6a. Passcode Accepted (Profile Name) | |
| 8b. Connection Refused | 7b. | 6b. Passcode Rejected |
Figure 1 RSA RADIUS Authentication
1A RADIUS access client, who could be a
NOTE: The terms “remote access server” (RAS) and “network access server” (NAS) are interchangeable. This manual uses RAS, though some attribute names and parameters retain the older ‘NAS’ in their names.
2When the RAS receives a user’s connection request, it performs an initial access negotiation with the user to establish connection information. It forwards this information to the RSA RADIUS server, which uses the information to create a tunnel between itself and the access client.
3The RSA RADIUS server sends a request for the user’s credentials through the TTLS tunnel.
4The access client sends a user ID and passcode (tokencode and personal identification number) to the RSA RADIUS server.
5The RSA RADIUS server forwards the user’s user ID and passcode to the RSA Authentication Manager, which verifies that the user ID exists and that the passcode is correct for that user at that specific time.
6If the user’s information is accepted, the RSA Authentication Manager returns a message indicating that the passcode is accepted (6a). The RSA Authentication Manager may also return the name of the profile associated with this user in the
RSA RADIUS Server 6.1 Administrator’s Guide | About RSA RADIUS Server | 3 |