Skip to content

RADIUS Authentication

RADIUS is an authentication, authorization, and accounting service that authenticates users by integrating with password databases, such as the UNIX password file, Active Directory, LDAP, and simple text files containing user/password pairs. Reflection for Secure IT UNIX Client and Server supports RADIUS for authentication purposes only.

Requirements

One or more RADIUS authentication servers must be configured. To configure Reflection for Secure IT UNIX Client and Server, you need the name of the RADIUS server, the port used for RADIUS communication (usually 1812 or 1645), and the shared secret used by the RADIUS server.

You'll use this information to create a RADIUS configuration file.

How it Works

The Reflection for Secure IT UNIX Client and Server server acts as a RADIUS client in order to authenticate a user. Requests are sent to any RADIUS servers you have configured in the RADIUS file.

  1. The Reflection for Secure IT UNIX Client and Server server receives a keyboard-interactive authentication request from a client.

  2. If RADIUS authentication is enabled, the Reflection for Secure IT UNIX Client and Server server attempts to authenticate the user by sending an ACCESS-REQUEST message with the User-Name and Password attribute/value pair to the first RADIUS server you have configured.

  3. The Reflection for Secure IT UNIX Client and Server server waits for an ACCESS-ACCEPT or ACCESS-REJECT message from the RADIUS authentication server.

  4. If the Reflection for Secure IT UNIX Client and Server server receives an ACCESS-ACCEPT message, the client connection is allowed and the Reflection for Secure IT UNIX Client and Server server provides user access based on the current server configuration. If the server receives an ACCESS-REJECT message, or it fails to receive a response, the server attempts to authenticate to any additional RADIUS servers you have configured. If no ACCESS-ACCEPT message is received from any RADIUS server, RADIUS authentication fails and the Reflection for Secure IT UNIX Client and Server server attempts any other allowed authentications.

    Note

    Authentication fails if a user is able to authenticate to the RADIUS authentication server, but no account exists for that user on the Reflection for Secure IT UNIX Client and Server server.

More information