Name
Access-Accept
Synopsis
|
Packet Type |
Response |
|
Code |
2 |
|
Identifier |
Identical to Access-Request per transaction |
|
Length |
Header length plus all additional attribute data |
|
Authenticator |
Response |
|
Attribute Data |
0 or more |
The Access-Accept packets
are sent by
the RADIUS server to the client to acknowledge that the
client’s request is granted. If all of the requests
in the Access-Request payload are acceptable, then
the RADIUS server must set the response packet’s
code field to 2. The client, upon receiving the accept packet,
matches it up with the response packet by using the identifier field.
Packets not following this standard are discarded.
Of course, to ensure that the request and accept packets are matched
up—that is to say, to make sure the accept response is sent in
reply to the respective request packet—the identifier field in
the Access-Accept packet header must contain an
identical value to that of the Access-Request
field.
The Access-Accept packet can contain as much or as
little attribute information as it needs to include. Most likely the
attribute information in this packet will describe the types of
services that have been authenticated and authorized so that the
client can then set itself up to use those services. However, if no
attribute information is included, the client assumes that the
services it requested are the ones granted.
The Access-Accept packet structure is shown in
Figure 2-3.
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
