Accounting – RSA Security 6.1 User Manual
Page 21
RSA RADIUS Server 6.1 Administrator’s Guide
About RSA RADIUS Server
9
Accounting
To understand the RSA RADIUS Server accounting sequence, you need an
overview of RADIUS accounting messages.
describes the conditions
under which each type of message is issued, and the purpose of any RADIUS
attributes that a message contains.
When a RADIUS server authenticates a
connection request, it returns a RADIUS
Access-Accept to the RAS.
Allow the RAS to complete access
negotiations.
Configure connection details such as
providing the RAS with an IP address it
can assign to the user.
Enforce time limits and other “class of
service” restrictions on the connection.
When a RADIUS server is unable to
authenticate a connection request, it
returns an Access-Reject to the RAS.
Terminate access negotiations.
Identify the reason for the authorization
failure.
If initial authentication conditions are
met, but additional input is needed from
the user, the RADIUS server returns an
Access-Challenge to the RAS.
Enable the RAS to prompt the user for
more authentication data.
Complete the current Access-Request, so
the RAS can issue a new one.
Table 1. RADIUS Authentication Messages and Attributes (Continued)
Message Conditions
Purpose of Message Attributes
Table 2. Message Conditions and Attributes
Message Conditions
Purpose of Message Attributes
Accounting data is sent from client to
server using an Accounting-Request
message. The client manufacturer
decides which types of accounting
requests are sent, and under which
conditions. This table describes the
most typical conditions.
Depending on the value of the
Acct-Status-Type attribute, the message
type is considered to be Start, Stop,
Interim-Acct, Accounting-On, or
Accounting-Off.
The client ensures that the server
receives accounting requests. Most
clients retry periodically until the server
responds.