In short RADIUS means Remote Authentication Dial-In User Service server or proxy. Is used for centralised accounting, authorisation and most of all, authentication. This technology will help you control who will be able to connect to your network and who will not be granted the access.
It can control the access for all sorts of networks, wireless, VPN, dial-up, direct device to device like router to router connections, basically wherever you put it the middle of communication he can do the control.
There is also RADIUS proxy configuration where proxy only receives and accepts the connection requests but for the decision making it will be connected to other server who will do the RADIUS role.
There are two major ways to deploy radius server and that are:
- Deployment of FreeRADIUS server on UNIX servers. This is by many network engineers basically a best daemon which implements radius protocol and makes your UNIX server a RADIUS enabled server.
- Deployment of IAS role – Internet Authentication Service on Windows Server machine will allow you to make your Windows Server machine respond to RADIUS requests and act as a real RADIUS server. It includes some AD stuff implemented in so it will be able to authenticate the users from Active Directory domain. Which is his biggest advantage over UNIX deployment of course if you have AD deployed in you organization, and you have surely.
RADIUS server connects to user account database which is Active Directory in Windows Server or some normal user database in UNIX. Can be normal SQL table with users in it and can checks access credentials. If the user is authorized to access some network that is secured with RADIUS, he will authorize the access for that user and writes a log of the user entrance to the network.
Components of a RADIUS infrastructure