Re: [Help-gnu-radius] NAS

[Gerald]

On Fri, 25 Jun 2004, Oliver Dagher wrote:

> what i wanted to know was that, in all manuals and the RFCs we talk
> about the NAS and from what i read it is essential to use NAS as a link
> between the client and the server, can radius run without it? and still
> work on the authentication and accounting?

My turn. I want to try. :-)

NAS is a generic term for anything that talks to the radius server. The
radius server is not tied to the NAS equipment you are using and the
"client" typically refers to the customer. In a standard dial-up setting:

The "client" is the Joe running windows who clicked connect on the dial
box.

The NAS is the equipment at the other end of the phone line that took the
phone call and the username and password and passed it off to...

the radius server/process which says accept/reject.

Now the NAS can be anything from a USR total control box taking phone
calls to a wireless access point that has authentication built in to it.
The client's computer never talks directly to the radius server. The
radius server actually has a limited list of people that it will talk to
(which might be confusingly called clients of the radius process: see
$INSTALLDIR/raddb/clients )

Since the radius server can and frequently does take authentication
requests from more than one NAS equipment (many dial in boxes, many WAPs,
and other things), the radius server can start up without any NAS working
with it. It doesn't care if the NAS is alive or not. The radius process
starts up and goes in to listening mode on the UDP ports configured. It is
the responsibility of the NAS equipment to initiate any dialogue with the
radius box in a very basic radius setup. (a fact quite frequently missed)

Gerald