|
|
|
RADIUS is a client/server architecture where each device that uses the RADIUS server is a RADIUS client. The client sends Access-Request messages to the RADIUS server. These messages include the user name, the password encrypted, and optional parameters depending on configuration.
Important: The RADIUS Client and Server must be configured with the exact same parameters.
Once the RADIUS server receives the Access-Request message, it searches its database for the user account. If the server finds the account, the password is correct, and the optional parameters match, the server sends an Access-Accept message to the RADIUS client. The Access-Accept message indicates that the user account exists, the password is correct, and the user has a certain access type (for example, administrative or read-only). If the RADIUS server does not find the account or the password is incorrect, then the server sends an Access-Reject message to the RADIUS client.
Note: Due to an interoperability issue, the P580 and P882 RADIUS client does not accept Access-Accept messages from Windows 2000 RADIUS servers, which generate the Generate-Class-Attribute. To resolve this issue, obtain Windows 2000 service pack 3 or later. After installing the latest service pack, set the Generate-Class-Attribute field to FALSE.
This interoperability issue occurs because Microsoft RADIUS server includes a class attribute in Access-Accept messages that the P580 and P882 RADIUS client does not support. With service pack 3, you can disable generation of a class attribute. For more information on this issue, see http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q297317.
|
|
|