Errors that may occur are as follows:. The session request fails. The cause includes:. This error code is used for other authorization failures. The user fails to be deleted or the user does not exist. Exchange Procedure CoA allows the administrator to change the rights of an online user or perform reauthentication for the user through RADIUS after the user passes authentication.
Figure CoA interaction process. Figure DM interaction process. Session Identification Each service provided by the NAS to a user constitutes a session, with the beginning of the session defined as the point where service is first provided and the end of the session defined as the point where service is ended.
Errors that may occur are as follows: The authorized service scheme does not exist. The authorized QoS profile does not exist or no user queue is configured in the QoS profile. The authorized values of upstream and downstream priorities exceed the maximum values. The authorized index value of the UCL group is not within the specification. Reauthentication attributes and other attributes are authorized simultaneously. The cause includes: Authorization for the current request user is being processed.
User information does not match or no user is found. Accounting-Request Start. Accounting-Response Start. Your email address will not be published. Save my name, email, and website in this browser for the next time I comment. Thanks for your inquiry. If you dont hear from us within 24 hours, please feel free to send a follow up email to info xecurify. Jul 21 1. What is AAA?
AAA — Authentication, Authorization, and Accounting Authentication This refers to the confirmation of the user which can be accomplished via presenting identity and credentials for example: username and password or OTP or digital certificates. Authorization This refers to the granting of specific types of services or resources based on the authentication process of the user.
Accounting This refers to the tracking of consumption of resources by the users. The challenge includes the unique ID generated by the authenticator and a random number. The caller uses the ID, random number, and its CHAP security credentials to generate the response handshake to send to the peer.
The Access-Request message has a username and password which is always encrypted in it. The message comprises a shared secret. Passwords are always encrypted in the Access-Request message. If the Access-Request is not from an authorized Client, then the message is discarded. It matches the user credentials against the user database. If there is no matching policy, then the server sends an Access-Reject message. If the shared secret matches, the Client reads the value of the Filter ID attribute.
The Filter ID is a string of text. The request packet comprises the user ID, network address, session identifier, and point of access.
0コメント