From 2cb9cfee2ad5c3af0d93252309a16b885fd5404e Mon Sep 17 00:00:00 2001 From: hipp Date: Wed, 29 Apr 1998 14:32:13 +0000 Subject: [PATCH] Added Radius README File --- ipppd/README.RADIUS | 82 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 ipppd/README.RADIUS diff --git a/ipppd/README.RADIUS b/ipppd/README.RADIUS new file mode 100644 index 00000000..cbd2d19a --- /dev/null +++ b/ipppd/README.RADIUS @@ -0,0 +1,82 @@ +Here are some notes about RADIUS extension to ipppd. + +1. Current extensions are based on Lars's radiusclient-0.3-alpha-4. Don't be +scared because of aplha in the name. So before enabling RADIUS features in +configuration please install those. You can more information at: +http://www.cityline.net/~lf/radius/ and get the libraries at +ftp://ftp.cityline.net/pub/systems/linux/network/radiusclient + +2. When compiled ipppd need libradiusclient.so shared library installed in +apropriate library path. If You prefered static libraries put -static in +Makefile. + +3. in make config You will find few new options under: + Options for ipppd ---> + [ ] Support for RADIUS protocol + [ ] Support for RADIUS wtmp logging + "" radiusclient config file path + [ ] Support for parsing .TTY file first + + Support for RADIUS protocol and radiusclient config file path are +mandatory if You want to work with RADIUS server. Config file path is for +unchaged radiuscilent library: /usr/local/lib/radiusclient/radiusclient.conf + +RADIUS wtmp logging does also loging into wtmp base, so one can see loged in +users with w and other tools. + + Support for parsing .TTY file first has no meaning in ipppd since parsing +of files with tty suffix is disabled by default. + + +4. How does it work: + There are two new important options for using radius: + - radius + - radacct + With first (radius) one enables authentication thru RADIUS server. + With second (radacct) one enables accounting thru RADIUS server. + + Those options are not interchanged in any way. So only specifying radius +will enable ONLY authentication and not accounting. + + There is also one not so important option: + - session-limit + With this option one can limit session time unconditionaly. It is +introduced for the case, where in RADIUS server one specifies session-limit +for specific user. + +5. Setup + There are some important issues when invoking ipppd. One should always +specify IP adresses on command line. If not, static IP assignement via +RADIUS server would not work correctly (remote IP adress will stay unchanged +and next user will get someone elses static IP). + + If one uses proxy arp feature and has subnet for ippp connection one shuld +also specify netmask at command line. + +6. Notes on accounting + This version send all basic information needed for RADIUS accounting server +plus: + + - Input-octets + - Input-packets + - Output-octets + - Output-packets + - Caller-station-id + - NAS-port-type = ISDN-SYNC + +In order to get traffic information one should have kernel compiled with IP +accounting. + +When accounting-START record is sent to RADIUS accounting rules for used ippp +interface are inserted into accounting chain. + +When accounting-STOP record is to be sent to RADIUS, information from above +mentioned accounting rules are read and accounting rules are deleted from +accounting chain. + +So no admin setup is necessary for this setup to work. However there are +some thing to remember. If someone manualy zeroes accounting information IP +traffic between the session measurement won't be acurate. (Unfortunately with +current iimplementation all information in accounting chain is zeroed when +one issues command ipfwadm -A -z). +