...
802.1X defines how EAP messages are transmitted over an IEEE 802 network (e.g. ethernet, wifi). "@@@1"
RADIUS is a protocol to exchange information between an authenticator (also known as NAS (Network Access Server)) (see above picture) and an Authentication server. Each packet has a packet type, and contains multiple ValueName-Value attributes with relevant information as may be the case. By default, it operates on UDP port 1812. A well known RADIUS server software is called FreeRADIUS. "@@@1"
In the above example, a wifi access point is providing access to the 192.168.254.0/24 network. When a device (called a supplicant) attempts to connect to the wifi network, the wireless access point starts an EAP conversation with the supplicant over 802.1X, requesting it to supply credentials. The access point then connects to the authentication server (which, in the example above is also part of the 192.168.254.0/24 network) and sends the EAP response it received from the supplicant over the RADIUS protocol in a packet of type Access-Request as one of the attributes. The authentication server may wish to request the supplicant for more information, it may thus answer the wifi access point with a RADIUS packet of type Access-Challenge containing an EAP message to be forwarded to the supplicant. The wifi access point facilitates this conversation between authentication server and supplicant until the authentication server sends a RADIUS packet to the wifi access point which is of either type Access-Accept or Access-Reject. "@@@3"
...
FreeRADIUS configuration files are many. They are located in /etc/freeradius/3.0 on Debian systems. Other distributions Apparently, many other environments use a slightly different location. "@@@1" Most of them contain plenty of comments explaining what the configuration does and advice and warnings, but some understanding of the protocols, or getting used to, is often necessary to understand them. Here are some of the configuration files/folders:
...