Authentication

Authentication is the process of identifying an individual, usually based on a username and password. Authentication is based on the idea that each individual user will have unique information that sets him or her apart from other users.

When a NAS receives a connection request from a user, the NAS authenticates the request by sending an authentication request to its RADIUS/TACACS+ server. The request packet contains information used to identify the user and to describe the type of connection the user is trying to establish.

When authentication information User has provided (e.g. his password) is correct, a RADIUS/TACACS+ server is able to authenticate a connection request and returns authentication response accepting the user.

When a RADIUS/TACACS+ server is unable to authenticate a connection request, it returns a response to its client (the NAS) rejecting User. This makes NAS to terminate access negotiations.

If initial authentication conditions are met, but additional input is needed from the user, the RADIUS/TACACS+ server returns a challenge packet to its client (the NAS). So NAS will prompt the user for more authentication data and provide it to the server until server makes decision either to accept or reject the user.

ClearBox Server has built-in support for ASCII, PAP, CHAP, MS-CHAP, MS-CHAPv2, ARAP and EAP-MD5 authentication methods with database of passwords provided or some mechanism to validate passwords. Server extension may make use of any other EAP-based protocol through a custom interface.

It is server extension dependant how passwords are kept and validated, and it may by any possible data source (SQL database, text file, NT SAM database, Active Directory, LDAP, another RADIUS/TACACS+ server, token system and more).

See how ClearBox Server processes

• RADIUS authentication packets
• TACACS+ authentication packets