During the process where the user requests access to the RADIUS server, RADIUS authorization and authentication happen simultaneously. An “authentication request” occurs when the Network Access Server (NAS) sends a request to the RADIUS server.
If the server’s request for authentication is accepted, the RADIUS server sends a series of configuration information to the Network Access Server in order to grant the user access. This configuration information is comprised of various “authorizations”.
The exact type of authorization differs depending on the RADIUS configuration, the overall network, and the user.
RADIUS authorizations may include verifying the user’s telephone number, checking to see whether the user already has a session in progress by contacting a state server, or requesting a secondary password or a PIN.
Authorization can also be personalized for each unique user or user type. For instance, a user may be authorized to access a company’s wireless network but not its Virtual Private Network (VPN). Authorization information may be stored directly on the RADIUS server or may be looked up in an external source, such as Active Directory.