Solved

Radius Attribute

Posted on 2013-01-12
7
290 Views
Last Modified: 2013-03-01
Hi,

Can anyone clear explain the role of radius attributes in the authorization process, I'm unsure of what it is the attributes actually do.

Thanks
0
Comment
Question by:simonphoenix10
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 10

Expert Comment

by:abbright
ID: 38770595
Radius attributes allow the radius server to send additional information to the authenticating device.
For example if you have a user authenticating to a WLAN a radius server can check for certain group memberships and assign a certain VLAN to the user. This VLAN is communicated to the wireless controller / access point via radius attributes.
0
 

Author Comment

by:simonphoenix10
ID: 38798238
Thanks, are you able to explain the process i'm particular interested in if the attributes are generated by the NAS and sent to the Radius server or returned by the radius server to the NAS.
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 38921481
The attributes are usually set on the RADIUS server and sent to the NAS when a client tries to connect.

So for example, you would set a policy on the RADIUS server which assigns privilege level 1 to a user in the ReadOnly group, but assign level 15 to users in the WriteAccess group.  The group will generally be a security group that is assigned to the user's account.  The NAS wouldn't know about this as it just relays the credentials from the client to the RADIUS, then does whatever the RADIUS says.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 38921483
As specified by the previous expert, the attributes are sent from the RADIUS server to the nas.
0
 

Author Closing Comment

by:simonphoenix10
ID: 38943567
Thanks for the example make it easier if you had a link to PDF or article I would appreciate it
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question