RADIUSNetwork Administration

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

This topic contains 6 replies, has 5 voices, and was last updated by  qwertyghost 3 years, 6 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #86854

    arasara
    Participant

    Hi everyone,
    This is my first question at Cybrary and I’m very excited 😛
    I wonder that if there is something called Active Directory in our domain then why do we use RADIUS ? Aren’t just Active Directory enough for AAA (Authentication, Authorization and Accounting) ? Thanks in advance…

    #86859

    Chin_Diesel
    Moderator

    You have remote users, right? If they are trying to connect to your network from outside, how can Active Directory identify and authenticate the legitimate users? Thats why things like RADIUS, TACACS, and other technologies like them exist.

    #86860

    smeek
    Participant

    That is a great question and it still has me second guessing myself. I always thought of AD as the database and RADIUS and LDAP as protocols to access the database. They both allow encryption options for security but RADIUS offered more in the accounting area of AAA. I also prefer RADIUS as the schema was more extensible and had better support of legacy devices (like using for authentication to firewalls, VPNs, wireless, SQL and so forth).

    I also like the intermediary of splitting authorization and authentication as an additional layer from my AD database.

    I found a link with great additional detail better than I can provide. They make the case for multifactor support as well. I would say administrators must always balance quality with the specifics of their environment. Part of the reason I almost always go the RADIUS route is I grew up on it and know it, so it is usually easier for me to support.
    https://cdn.selinc.com/assets/Literature/Publications/Application%20Notes/AN2015-08_20150817.pdf?v=20150916-130419

    Your Mileage May Vary.

    #86868

    arasara
    Participant

    creno13,
    cant remote users come to our network via VPN and authorized by the Active Directory ?

    #86873

    arasara
    Participant

    smeek,
    thanks, it was illuminating for me. then can we say
    *RADIUS is more extended about accounting than AD
    *RADIUS has better support of legacy devices
    *it’s better to add an additional layer for authentication and authorization with RADIUS

    #88386

    Shoaib
    Spectator

    hi

    #88969

    qwertyghost
    Participant

    “cant remote users come to our network via VPN and authorized by the Active Directory ?”

    ^ The Authentication for the VPN connection is processed by the radius server. After connecting to the VPN you are able to connect to active directory. That’s why you need both

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel