Introduction to RADIUS (Remote Authentication Dial-In Service)

Introduction to RADIUS (Remote Authentication Dial-In Service)

The RADIUS (Remote Authentication Dial-In Service) protocol is a client-server networking protocol that allows a central server to communicate with individual users requesting access to the server. 

Essentially, RADIUS enables remote access servers to interact with the central server in order to authenticate and authorize distant user access. RADIUS allows businesses to maintain user profiles in a central database that can be shared by all distant servers.

 How RADIUS Works ?

RADIUS is built on the client/server architecture. Users connect to a network access server (NAS), often known as a RADIUS client. The NAS then checks the user's details using the RADIUS authentication server. The connection information may comprise a login, password, and IP address. 

Introduction to RADIUS (Remote Authentication Dial-In Service)
Fig 1.1- Introduction to RADIUS (Remote Authentication Dial-In Service)

 What is the main purpose of RADIUS servers ?

Well the major purpose of the RADIUS server in the network is described as below.

  • Authenticates users or devices before allowing them access to a network 
  • Authorizes those users or devices for specific network services 
  • Accounts for and tracks the usage of those services 

 RADIUS Authentication methods 

After a user enters their login credentials, the RADIUS server employs one of the following authentication techniques:

  • Password Authentication Protocol (PAP): A RADIUS client sends a user ID and password to the RADIUS authentication server. If the credentials are correct, the client permits the remote user to connect.
  • Challenge Handshake Authentication Protocol (CHAP): The client and server exchange an encrypted secret. It is regarded more secure than PAP.
  • MS-CHAP is Microsoft's version of CHAP. It is used with virtual private networks.
  • Extensible Authentication Protocol (EAP): This protocol is commonly used for wireless networks and point-to-point connections.

Architecture and advantages of RADIUS server

The RADIUS client-server architecture provides an open and scalable solution that is broadly supported by a large vendor base. It can be readily modified to meet a variety of situations. Customers can modify RADIUS-based authentication servers to work with a large number of security systems on the market. RADIUS servers work with any communications device that supports the RADIUS client protocol. 

In addition, the flexibility of the RADIUS authentication mechanisms allows an organization to maintain any investment they may have made in an existing security technology: customers can modify the RADIUS server to run with any type of security technology. The flexible authentication mechanisms inherent in the RADIUS server facilitate its integration with existing and legacy systems when required. 

Another advantage of the RADIUS architecture is that any component of a security system that supports the RADIUS protocols can derive authentication and authorization from the central RADIUS server. Alternatively, the central server can integrate with a separate authentication mechanism. 

The utility of the RADIUS protocol extends beyond those systems that utilize network access devices and terminal servers for network access. RADIUS has been widely accepted by Internet Service Providers (ISPs) to provide Virtual Private Network (VPN) services. In this context, RADIUS technology allows an organization to use ISP infrastructure for communications securely.