What is a AAA Server?

Lee Flamand

An AAA server refers to the process of authentication, authorization and accounting utilized by the Remote Authentication Dial In User Services (RADIUS) network protocol. RADIUS permits remote users or computers to access a computerized network server. When the AAA server process is not required, a server is called “open” or “anonymous.” RADIUS and AAA server protocol is usually used by internet service providers (ISPs) to identify and bill their clients. It is also used by companies to identify and allow network access to their employees when they are working from a remote location.

When a user sends a request for access to a network server from a remote location, it must identify itself to the server.
When a user sends a request for access to a network server from a remote location, it must identify itself to the server.

When a user sends a request for access to a network server from a remote location, it must identify itself to the server. The request is usually composed of “credentials,” which usually take the form of a username and password or passphrase. The request also sends information such as a dial-up phone number or network address for the network to verify the user’s identity. The network checks the user's information against its database.

Once the user’s identity is verified, the network sends back a response of either “access rejected,” “access challenged” or “access accepted.” If access is rejected, the user is totally denied access to the network, usually because of unconfirmed or invalid credentials. If access is challenged, the network will ask for additional information in order to verify the user. Usually, this occurs in networks with a higher level of security. If access is accepted, the user is authenticated, and given access to the network.

Once authenticated, the server will then check to see if the user is authorized to gain access to use the particular programs or pages the user requests to use. Some users will be allowed to access some portions of the server but will not be authorized to use others.

The final process in the AAA server protocol is accounting. When a user is granted access to a network’s server, an “accounting start” signal is transmitted to the server. While the user is on the network, interim access signals may be sent to the network server for updates on the user’s session. When the user closes his network access, an “accounting stop” signal is transmitted and recorded in the network, providing information on the time, data transferred, and other information regarding the user’s access. This data is sent so that the user can be billed for his usage, but may also be used for security, monitoring or statistic gathering purpose.

You might also Like

Discussion Comments


@MrMoody - I set up a desktop server for a small intranet at my workplace. This wasn’t anything official, just something a bunch of us analysts threw together on our own. It wasn’t set up by the IT folks.

I don’t recall setting up authentication for the user; I was the only one with password access, but this was because I was doing stuff on the back end.

Perhaps my security was a little too loose however. When IT found out what we had done, they shut the server down.


@hamje32 - I don’t know much about proxy servers. I do know that in my workplace we have an ftp server which users and customers use to download important files.

Like the proxy server, however, the ftp server also has a username and password authentication. Actually we have two levels of authentication. One is for the regular customer, so that they can download stuff from the server, but can’t put anything on it.

The other level is for the administrator, who can both download files from the server and upload files to it.

That seems to work for us most of the time.

A customer rarely has a need to upload anything to the server; if they do, the network administrator will make a special arrangement with them, but it will be for a limited time period, after which they get read only access again.


I work for a software company. What the article is really talking about is what we call a proxy server. It’s basically a “traffic cop” in the Internet/Intranet world that determines what requests to pass through and what to send back.

We work with a high level of security at our company so we can’t just let anyone start hitting up our network with requests. The network administrator defines a strict security policy which he enforces with a proxy server and that keeps all the bad stuff out, most of the time anyway.

Post your comments
Forgot password?