RADIUS - Examples



Radius Request Example

Let us have a look into a Radius Request example:

  • The NAS at 192.168.1.16 sends an Access-Request UDP packet to the RADIUS Server for a user named Nemo logging in on port 3 with password "arctangent".

  • The Request Authenticator is a 16 octet random number generated by the NAS.

  • The User-Password is 16 octets padded at end with nulls, XORed with D5 (Shared Secret|Request Authenticator).

  • 01 00 00 38 0f 40 3f 94 73 97 80 57 bd 83 d5 cb 98 f4 22 7a 01 06 6e 65 6d 6f 02 12 0d be 70 8d 93 d4 13 ce 31 96 e4 3f 78 2a 0a ee 04 06 c0 a8 01 10 05 06 00 00 00 03

  • 1 Code = Access-Request (1)

    1 Identifier = 0

    2 Length = 56

    16 Request Authenticator

  • Attribute List

    6 User-Name = "Nemo"

    18 User-Password

    6 NAS-IP-Address = 192.168.1.16

    6 NAS-Port = 3

Radius Response Example

Here is an example of Response Packets:

  • The Radius server authenticates Nemo and sends an Access-Accept UDP packet to the NAS telling it to telnet Nemo to host 192.168.1.3

  • The Response Authenticator is a 16-octet MD5 checksum of the code (2), id (0), Length (38), the Request Authenticator from above, the attributes in this reply, and the shared secret.

  • 02 00 00 26 86 fe 22 0e 76 24 ba 2a 10 05 f6 bf 9b 55 e0 b2 06 06 00 00 00 01 0f 06 00 00 00 00 0e 06 c0 a8 01 03

  • 1 Code = Access-Accept (2)

    1 Identifier = 0 (same as in Access-Request)

    2 Length = 38

    16 Response Authenticator

  • Attribute List:

    6 Service-Type (6) = Login (1)

    6 Login-Service (15) = Telnet (0)

    6 Login-IP-Host (14) = 192.168.1.3

Advertisements