Added Radius README File

This commit is contained in:
hipp 1998-04-29 14:32:13 +00:00
parent bbfc1e1148
commit 2cb9cfee2a
1 changed files with 82 additions and 0 deletions

82
ipppd/README.RADIUS Normal file
View File

@ -0,0 +1,82 @@
Here are some notes about RADIUS extension to ipppd.
1. Current extensions are based on Lars's radiusclient-0.3-alpha-4. Don't be
scared because of aplha in the name. So before enabling RADIUS features in
configuration please install those. You can more information at:
http://www.cityline.net/~lf/radius/ and get the libraries at
ftp://ftp.cityline.net/pub/systems/linux/network/radiusclient
2. When compiled ipppd need libradiusclient.so shared library installed in
apropriate library path. If You prefered static libraries put -static in
Makefile.
3. in make config You will find few new options under:
Options for ipppd --->
[ ] Support for RADIUS protocol
[ ] Support for RADIUS wtmp logging
"" radiusclient config file path
[ ] Support for parsing .TTY file first
Support for RADIUS protocol and radiusclient config file path are
mandatory if You want to work with RADIUS server. Config file path is for
unchaged radiuscilent library: /usr/local/lib/radiusclient/radiusclient.conf
RADIUS wtmp logging does also loging into wtmp base, so one can see loged in
users with w and other tools.
Support for parsing .TTY file first has no meaning in ipppd since parsing
of files with tty suffix is disabled by default.
4. How does it work:
There are two new important options for using radius:
- radius
- radacct
With first (radius) one enables authentication thru RADIUS server.
With second (radacct) one enables accounting thru RADIUS server.
Those options are not interchanged in any way. So only specifying radius
will enable ONLY authentication and not accounting.
There is also one not so important option:
- session-limit
With this option one can limit session time unconditionaly. It is
introduced for the case, where in RADIUS server one specifies session-limit
for specific user.
5. Setup
There are some important issues when invoking ipppd. One should always
specify IP adresses on command line. If not, static IP assignement via
RADIUS server would not work correctly (remote IP adress will stay unchanged
and next user will get someone elses static IP).
If one uses proxy arp feature and has subnet for ippp connection one shuld
also specify netmask at command line.
6. Notes on accounting
This version send all basic information needed for RADIUS accounting server
plus:
- Input-octets
- Input-packets
- Output-octets
- Output-packets
- Caller-station-id
- NAS-port-type = ISDN-SYNC
In order to get traffic information one should have kernel compiled with IP
accounting.
When accounting-START record is sent to RADIUS accounting rules for used ippp
interface are inserted into accounting chain.
When accounting-STOP record is to be sent to RADIUS, information from above
mentioned accounting rules are read and accounting rules are deleted from
accounting chain.
So no admin setup is necessary for this setup to work. However there are
some thing to remember. If someone manualy zeroes accounting information IP
traffic between the session measurement won't be acurate. (Unfortunately with
current iimplementation all information in accounting chain is zeroed when
one issues command ipfwadm -A -z).