Added Radius README File
This commit is contained in:
parent
bbfc1e1148
commit
2cb9cfee2a
|
@ -0,0 +1,82 @@
|
|||
Here are some notes about RADIUS extension to ipppd.
|
||||
|
||||
1. Current extensions are based on Lars's radiusclient-0.3-alpha-4. Don't be
|
||||
scared because of aplha in the name. So before enabling RADIUS features in
|
||||
configuration please install those. You can more information at:
|
||||
http://www.cityline.net/~lf/radius/ and get the libraries at
|
||||
ftp://ftp.cityline.net/pub/systems/linux/network/radiusclient
|
||||
|
||||
2. When compiled ipppd need libradiusclient.so shared library installed in
|
||||
apropriate library path. If You prefered static libraries put -static in
|
||||
Makefile.
|
||||
|
||||
3. in make config You will find few new options under:
|
||||
Options for ipppd --->
|
||||
[ ] Support for RADIUS protocol
|
||||
[ ] Support for RADIUS wtmp logging
|
||||
"" radiusclient config file path
|
||||
[ ] Support for parsing .TTY file first
|
||||
|
||||
Support for RADIUS protocol and radiusclient config file path are
|
||||
mandatory if You want to work with RADIUS server. Config file path is for
|
||||
unchaged radiuscilent library: /usr/local/lib/radiusclient/radiusclient.conf
|
||||
|
||||
RADIUS wtmp logging does also loging into wtmp base, so one can see loged in
|
||||
users with w and other tools.
|
||||
|
||||
Support for parsing .TTY file first has no meaning in ipppd since parsing
|
||||
of files with tty suffix is disabled by default.
|
||||
|
||||
|
||||
4. How does it work:
|
||||
There are two new important options for using radius:
|
||||
- radius
|
||||
- radacct
|
||||
With first (radius) one enables authentication thru RADIUS server.
|
||||
With second (radacct) one enables accounting thru RADIUS server.
|
||||
|
||||
Those options are not interchanged in any way. So only specifying radius
|
||||
will enable ONLY authentication and not accounting.
|
||||
|
||||
There is also one not so important option:
|
||||
- session-limit
|
||||
With this option one can limit session time unconditionaly. It is
|
||||
introduced for the case, where in RADIUS server one specifies session-limit
|
||||
for specific user.
|
||||
|
||||
5. Setup
|
||||
There are some important issues when invoking ipppd. One should always
|
||||
specify IP adresses on command line. If not, static IP assignement via
|
||||
RADIUS server would not work correctly (remote IP adress will stay unchanged
|
||||
and next user will get someone elses static IP).
|
||||
|
||||
If one uses proxy arp feature and has subnet for ippp connection one shuld
|
||||
also specify netmask at command line.
|
||||
|
||||
6. Notes on accounting
|
||||
This version send all basic information needed for RADIUS accounting server
|
||||
plus:
|
||||
|
||||
- Input-octets
|
||||
- Input-packets
|
||||
- Output-octets
|
||||
- Output-packets
|
||||
- Caller-station-id
|
||||
- NAS-port-type = ISDN-SYNC
|
||||
|
||||
In order to get traffic information one should have kernel compiled with IP
|
||||
accounting.
|
||||
|
||||
When accounting-START record is sent to RADIUS accounting rules for used ippp
|
||||
interface are inserted into accounting chain.
|
||||
|
||||
When accounting-STOP record is to be sent to RADIUS, information from above
|
||||
mentioned accounting rules are read and accounting rules are deleted from
|
||||
accounting chain.
|
||||
|
||||
So no admin setup is necessary for this setup to work. However there are
|
||||
some thing to remember. If someone manualy zeroes accounting information IP
|
||||
traffic between the session measurement won't be acurate. (Unfortunately with
|
||||
current iimplementation all information in accounting chain is zeroed when
|
||||
one issues command ipfwadm -A -z).
|
||||
|
Loading…
Reference in New Issue