Let's consider that a user is attempting to log in to and authenticate an access server configured with RADIUS:
- The Client sends a request message to the Router
- The Router passes the request to the RADIUS Server and requests for the login text
- The RADIUS Server prompts the user to enter their username and password
- Once the user enters their credentials, their password is encrypted and is sent to the RADIUS Server
- Then, the server replies with an ACCEPT /REJECT / CHALLENGE / CHANGE PASSWORD response code
- The ACCEPT code specifies that the user is successfully authenticated
- The REJECT code specifies that the user is not authenticated and is prompted to enter their password again
- The CHALLENGE code specifies that the message has been sent to the users to collect some additional information
- The CHANGE PASSWORD code specifies that the message sent to the user is to choose a new password