Support User Manuals

Cisco Systems 3.5 Server User Manual

Open as PDF

of 80

1-5

Cisco Access Registrar 3.5 Concepts and Reference Guide

OL-2683-02

Chapter 1 Overview

Basic Authentication and Authorization

Figure 1-2 Proxying to an LDAP Server for Authentication

Basic Authentication and Authorization

This section provides basic information about how Cisco Access Registrar performs the basic RADIUS

functions of authentication and authorization as defined in Internet RFC 2865.

• Authentication—determining the identity of a user of a client NAS through user identification and

password validation and deciding whether to grant access

• Authorization—determining the level of network services available to authenticated users after a

connection has been established

The Cisco Access Registrar (AR) server provides authentication and authorization service to clients

which are network access servers (NAS). The following paragraphs describe the steps to a connection.

1. The process begins when user dials into the NAS and enters a user name and a password. The NAS

creates an Access-Request containing attributes such as the user's name, the user's password, the ID

of the client, and the Port ID the user is accessing.

2. The Cisco AR server determines which hardware (client NAS) sent the request, parses the packet,

and determines whether to accept the request.

The Cisco AR server checks to see if the client's IP address is listed in

/Radius/Clients/<Name>/<IPAddress>.

3. After accepting the request, the Cisco AR server does the following:

–

Sets up the Request Dictionary based on the packet information

–

Runs any incoming scripts (user-written extensions to Cisco Access Registrar)

An incoming script can examine and change the attributes of the request packet or the

environmental variables which can affect subsequent processing.

–

Based on default values or scripts, it chooses a service to authenticate and authorize the user.

The Cisco AR server directs the request to the appropriate service, which then performs

authentication and/or authorization according to the type specified in

/Radius/Services/<Name>/<Type>.

–

Performs session management, directing the request to the appropriate Session Manager.

NAS

Access

registrar

LDAP

22035

user=joe

password=xyz

request

response

1

6

2

5

3

4

Authorization

accounting

Authentication

previous next