Share via

3.2.1 Abstract Data Model

  • Article

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that described in this document.

The RADIUS Protocol is a stateless protocol, as specified in [RFC2865] section 2.5.

A RADIUS Access-Request is generated by a RADIUS client based on a user request to a NAS. The RADIUS server generates a response containing RADIUS attributes based on the policy settings on the RADIUS server.

PolicyConfiguration structure: A structure that contains the policy that has been configured by the network administrator. The fields of the structure are as follows:

  • RASClientName: A list of NULL-terminated strings that is used to restrict the allowed computer names of the endpoint that is requesting access.

  • ServiceClass: A list of NULL-terminated strings that is used to restrict the allowed names of the groups of DHCP scopes that the endpoint requesting access MUST correspond to.

  • NetworkAccessServerType: A list of 32-bit unsigned integers in network byte order. The list is used to restrict the allowed types of the NAS that is sending RADIUS Access-Request messages. Possible values for list items are specified in section 2.2.1.4.

  • MachineName: A list of octet strings containing characters from the Windows ANSI code page (see [MSDN-ANSI-CODEPAGE]) in ANSI format. The list is used to restrict the allowed machine names of the endpoint that is requesting access.

  • UserIPv4Address: A list of 32-bit unsigned integers in network byte order. The list is used to restrict the allowed IPv4 addresses of the endpoint that is requesting access. Possible values for list items are specified in section 2.2.1.8.

  • UserIPv6Address: A list of 128-bit unsigned integers in network byte order. The list is used to restrict the allowed Ipv6 addresses of the endpoint that is requesting access. Possible values for list items are specified in section 2.2.1.9.