If the user ID is not found or if the passcode is not appropriate for the specified user, the RSA Authentication Manager returns a message indicating the passcode is not accepted (6b).

7If the RSA RADIUS server receives a message indicating the passcode is accepted, it forwards a RADIUS Access-Accept message to the RAS (7a).

Z If the RSA Authentication Manager specified a profile name with the accept message, the RSA RADIUS server sends the return list attributes associated with that profile to the RAS.

Z If the RSA Authentication Manager did not specify a profile name with the accept message, the RSA RADIUS server sends the return list attributes associated with the default profile to the RAS.

For example, the Access-Accept message might specify that the access client must use a specific IP address or be connected to a specific VLAN on the network.

If the RSA RADIUS server receives a message indicating the passcode is rejected, it forwards a RADIUS Access-Reject message to the RAS (7b).

NOTE: If the user requesting the network connection is in New Pin mode or New Token mode (not shown), the RSA Authentication Manager sends a message asking for more information, which the RSA RADIUS server forwards to the user. When the user responds with values the

RSA RADIUS server can accept, the authentication sequence continues.

8Depending on what information the RAS receives from the RSA RADIUS server, the RAS accepts and configures the user connection or rejects the user connection.

9Based on the information it receives from the RSA RADIUS server, the RAS grants or denies the connection request.

After the user is authenticated and the connection established, the RAS might forward accounting data to the RSA RADIUS server to document the transaction; the RSA RADIUS server can store or forward this data to support billing for services provided during the network connection.

RADIUS Packets

A RADIUS client and a RADIUS server communicate by means of RADIUS packets. RADIUS packets carry messages between the RADIUS client and RADIUS server in a series of request and response transactions: the client sends a request and expects a response from the server. If the response does not arrive, the client can retry the request periodically.

4

About RSA RADIUS Server

September 2005

Page 15 Page 17
Page 16
Image 16
RSA Security 6.1 manual Radius Packets
Page 15 Page 17
Top Page Image Contents