RADIUS: Remote Authentication Dial In User Service

 Last reviewed: September 29, 1997
Article ID: Q168667
The information in this article applies to:
  • Microsoft Windows NT Server version 4.0
  • Microsoft Routing and Remote Access Service Update for Windows NT Server 4.0

SUMMARY

RADIUS is an acronym for Remote Authentication Dial In User Service. RADIUS defines a popular standard used for maintaining and managing remote user authentication and validation. The new Routing and Remote Access Service (RRAS) can operate as a RADIUS client. This allows RAS clients and dial-up routers to be authenticated against a RADIUS server.

MORE INFORMATION

RADIUS is defined by RFC 2058. The following is an excerpt from RFC 2058: 

   Key features of RADIUS are:

   Client/Server Model

   A Network Access Server (NAS) operates as a client of RADIUS. The client
   is responsible for passing user information to designated RADIUS
   servers, and then acting on the response which is returned.

   RADIUS servers are responsible for receiving user connection requests,
   authenticating the user, and then returning all configuration
   information necessary for the client to deliver service to the user.

   A RADIUS server can act as a proxy client to other RADIUS servers or
   other kinds of authentication servers.

   Network Security

   Transactions between the client and RADIUS server are authenticated
   through the use of a shared secret, which is never sent over the
   network. In addition, any user passwords are sent encrypted between the
   client and RADIUS server, to eliminate the possibility that someone
   snooping on an unsecure network could determine a user's password.

   Flexible Authentication Mechanisms

   The RADIUS server can support a variety of methods to authenticate a
   user. When it is provided with the user name and original password given
   by the user, it can support PPP PAP, CHAP, UNIX login, and other
   authentication mechanisms.

   Extensible Protocol

   All transactions are comprised of variable length Attribute-Length-Value
   3-tuples. New attribute values can be added without disturbing existing
   implementations of the protocol.
Routing and Remote Access RADIUS client supports the following options: 

   CallbackNumber
   IdleTimeout
   PortLimit
   SessionTimeout
   FramedIPAddress

Additional query words: 4.00
Keywords : NTRAS ntrouter NTSrv nttcp kbnetwork
Version : WinNT:4.0
Platform : winnt

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: September 29, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.