When a RADIUS server receives an access request, how does it identify which RADIUS client it is coming from? My question is specifically about Windows NPS, but I imagine it would apply equally to other RADIUS servers.
For example, in my environment a FortiGate firewall authenticating for admin access sends its host name as the NAS identifier in the access request, which matches the friendly name of the client in NPS. However, an Aruba AP instead sends its IP address in the NAS identifier field, and in fact the packet does not contain the RADIUS client name (the AP's host name) anywhere.
So therefore I don't believe there are any attributes sent by the RADIUS client in the request packet which the server could reliably use to match that request to that specific client.
This might be a dumb question with a super-obvious answer. I don't have any RADIUS issues, everything is working well. I'm just not sure how/why, and that bothers me. :-)
No comments:
Post a Comment