Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service.
1) On Windows 2008 R2 Server Network Policy Server (NPS) can be used as a Remote Authentication Dial-In User Service (RADIUS) server to perform authentication, authorization, and accounting for RADIUS clients. A RADIUS client can be an access server, such as a dial-up server or wireless access point, or a RADIUS proxy. Different editions of Windows Server 2008 R2 offer different RADIUS server capabilities.
2) RADIUS AAA Services.
1) On Windows 2008 R2 Server Network Policy Server (NPS) can be used as a Remote Authentication Dial-In User Service (RADIUS) server to perform authentication, authorization, and accounting for RADIUS clients. A RADIUS client can be an access server, such as a dial-up server or wireless access point, or a RADIUS proxy. Different editions of Windows Server 2008 R2 offer different RADIUS server capabilities.
- Windows Web Server 2008 R2 does not include NPS.
- Windows Server 2008 R2 Standard supports NPS with a maximum of 50 RADIUS clients and 2 remote RADIUS server groups. Windows Server 2008 R2 Standard also does not support defining groups of RADIUS clients by specifying an IP address range.
- Windows Server 2008 R2 Enterprise and Windows Server 2008 R2 Datacenter support NPS without restrictions.
- A central authentication and authorization service for all access requests that are sent by RADIUS clients.
- A central accounting recording service for all accounting requests that are sent by RADIUS clients.
- Accounting requests are stored in a local log file or a Microsoft® SQL Server™ database for analysis.
2) RADIUS AAA Services.
- Authentication is the process of identifying an individual, usually based on a username and password. Authentication is based on the idea that each individual user will have unique information that sets him or her apart from other users.
- Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username and password. The amount of information and the amount of services the user has access to depend on the user's authorization level.
- Accounting is the process of keeping track of a user's activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there and the amount of data transferred during the session. Accounting data is used for trend analysis, capacity planning, billing, auditing and cost allocation.
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου