RADIUSNetwork Administration

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

This topic contains 6 replies, has 5 voices, and was last updated by  qwertyghost 3 years, 6 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
  • #86854


    Hi everyone,
    This is my first question at Cybrary and I’m very excited 😛
    I wonder that if there is something called Active Directory in our domain then why do we use RADIUS ? Aren’t just Active Directory enough for AAA (Authentication, Authorization and Accounting) ? Thanks in advance…



    You have remote users, right? If they are trying to connect to your network from outside, how can Active Directory identify and authenticate the legitimate users? Thats why things like RADIUS, TACACS, and other technologies like them exist.



    That is a great question and it still has me second guessing myself. I always thought of AD as the database and RADIUS and LDAP as protocols to access the database. They both allow encryption options for security but RADIUS offered more in the accounting area of AAA. I also prefer RADIUS as the schema was more extensible and had better support of legacy devices (like using for authentication to firewalls, VPNs, wireless, SQL and so forth).

    I also like the intermediary of splitting authorization and authentication as an additional layer from my AD database.

    I found a link with great additional detail better than I can provide. They make the case for multifactor support as well. I would say administrators must always balance quality with the specifics of their environment. Part of the reason I almost always go the RADIUS route is I grew up on it and know it, so it is usually easier for me to support.

    Your Mileage May Vary.



    cant remote users come to our network via VPN and authorized by the Active Directory ?



    thanks, it was illuminating for me. then can we say
    *RADIUS is more extended about accounting than AD
    *RADIUS has better support of legacy devices
    *it’s better to add an additional layer for authentication and authorization with RADIUS






    “cant remote users come to our network via VPN and authorized by the Active Directory ?”

    ^ The Authentication for the VPN connection is processed by the radius server. After connecting to the VPN you are able to connect to active directory. That’s why you need both

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?