Access

Remote

RSA

RSA

Client

Access

RADIUS

Authentication

 

Server

Server

 

Manager

 

 

 

 

1. Connection Request

Connection Notification

 

 

2. TTLS/PAP Tunnel Negotiation

 

 

TTLS/PAP Tunnel

 

 

 

 

3. User ID/Passcode?

 

 

4. User ID/Passcode

 

5. User ID/Passcode

 

8a. Connection Accepted

7a. Access-Accept (Attributes)

6a. Passcode Accepted (Profile Name)

 

8b. Connection Refused

7b. Access-Reject

6b. Passcode Rejected

Figure 1 RSA RADIUS Authentication

1A RADIUS access client, who could be a dial-in user, a mobile user with wireless network access, or someone working at a remote office, sends an authentication request to a remote access server (RAS), which might be a wireless Access Point, an ISDN bridge, or a modem pool.

NOTE: The terms “remote access server” (RAS) and “network access server” (NAS) are interchangeable. This manual uses RAS, though some attribute names and parameters retain the older ‘NAS’ in their names.

2When the RAS receives a user’s connection request, it performs an initial access negotiation with the user to establish connection information. It forwards this information to the RSA RADIUS server, which uses the information to create a tunnel between itself and the access client.

3The RSA RADIUS server sends a request for the user’s credentials through the TTLS tunnel.

4The access client sends a user ID and passcode (tokencode and personal identification number) to the RSA RADIUS server.

5The RSA RADIUS server forwards the user’s user ID and passcode to the RSA Authentication Manager, which verifies that the user ID exists and that the passcode is correct for that user at that specific time.

6If the user’s information is accepted, the RSA Authentication Manager returns a message indicating that the passcode is accepted (6a). The RSA Authentication Manager may also return the name of the profile associated with this user in the Access-Accept message.

RSA RADIUS Server 6.1 Administrator’s Guide

About RSA RADIUS Server

3

Page 15
Image 15
RSA Security 6.1 manual RSA Radius Authentication