CHAPTER 4: CONSOLE FEATURES 55RADIUSOverviewThe RADIUS configuration screen allows Administrators to modify information regarding RADIUS, or the RemoteAuthentication Dial-In User Service, an access server authentication, authorization, and accounting protocoldeveloped by Livingston Enterprises, Inc. RADIUS protocol defines the communication between a RADIUS clientand a RADIUS server.The RADIUS Configuration screen is used to set up the unit for use with a RADIUS protocol server. RADIUSprotocol is an Internet standard that provides user authentication, authorization, and accounting services for remoteaccess devices. Dominion SX can be configured as a RADIUS client. The unit will query the RADIUS server forauthentication and authorization information each time a user attempts to login to the unit.The client is responsible for passing user information to designated RADIUS servers, and then acting on theresponse that is returned. RADIUS servers are responsible for receiving user connection requests, authenticating theuser, and then returning all configuration information necessary for the client to deliver service to the user.Figure 60 RADIUS Users Login MechanismRADIUS Authentication occurs when a user tries to log on to the RADIUS client. After prompting the user for loginname and password, the client checks to see if the user is already present in the local list. If not, the client sends thisinformation in an authentication request to the RADIUS server. The RADIUS server checks the validity of therequest, then checks its database of user names and passwords. If the name or password are not valid, it sends arejection to the client, who in turn rejects the login. If the login name and password are valid, the RADIUS serversends back a packet containing information about this user, and the client uses this information to decide what typeof service to supply for the user.END OF AUTHENTICATIONLOGIN ATTEMPTUser Name and Password EntryAuthenticate withRADIUS ServerQuery for matchingname and passwordCheck ifRADIUSis enabledDominion DatabasePermissions UsedDominion DatabaseUsername andPassword ProfilesMatch NOT FoundLogin Entry (User Name and Password) does notmatch any user profiles in the Dominion databaseRADIUS NOT Enabled – Reject LoginEND OF AUTHENTICATIONRADIUS Enabled –Send information to RADIUS ServerMatch Found – Accept LoginEND OF AUTHENTICATIONMatch NOT Found – Reject LoginEND OF AUTHENTICATIONMatch FoundLogin Entry (User Name and Password) exactlymatches a user profile in the Dominion database