Rudolf's Radiusclients
Left Up Right Radiusclients

PPP as Radiusclient

An installed libradclient.a and radius.h is neccessary to compile the patches version pppd.

You have to specify "RADIUS=1" on the make command line of pppd, so that the RADIUS stuff gets compiled in. If you also want utmp/wtmp logging, please define "RADIUS_WTMP_LOGGING=1".

The patched pppd binary has a new command line option radius which enables RADIUS support: This option enables authentication via RADIUS and also activates RADIUS accounting.

Of course you have to supply +pap or +chap on the command line as well because without them no authentication takes place.

The authentication Policy

First the radiusd is asked. If the answer is negative, the normal authentication via (login when uselogin or) the secret-files. This policy allows a central administration of the users. In Lars Fennebergs patch every Dialup-User must have an entry in the Secret-File, and only have to checked against the RADIUS-Athentication

RADIUS-Authentication-Attributes supported

Service-Type Must be Framed. Otherwise RADIUS authentication fails.
Framed-Protocol Must be PPP. Otherwise RADIUS authentication fails.
Framed-IP-Address Is only used if it is a real IP address. The special values 0xffffffe (NAS should select IP address) and 0xffffffff (user should be allowed to select IP address) are ignored at the moment, so other pppd options take precedence.
Framed-IP-Netmask Is honoured.
Idle-Timeout Is honoured. Overrides idle-disconnect command line option.
Session-Timeout Not supported at the moment.

Radius-Accounting-Attributs

Acct-Input-Octets bytes received not in error (ppp_ioctects)
Acct-Output-Octets bytes send not in error (ppp_ooctects)
Acct-Input-Packets packets received (ppp_ipackets)
Acct-Output-Packets packets send (ppp_opackets)
Acct-Session-Time Session Time in seconds
Framed-Address IP-Address of the other site
All statistic data in struct ppp_stat in linux/ppp_defs.h and other Statistics form the may reported

RADIUS-Environment

To interact with the radlogin the patched pppd looks for the environmentvariables RADIUS_.
The Username is in the RADIUS_USER_NAME-Variable.

So the whole Accountingmessage is submitted via the Environmant-Variables.

Remarks

The ppp-2.2.0f have the conception of different units/lines, but it isn't complete. The ippp-2.2.0f (which comes with isdn4linux) it is complete.

The places of the calls to the radiusclientmodul comes from Lars Fenneberg. I have added the unitnumber to radiusmodulinterfaceroutines.

Caution: the Variables sockfd and ifunit,devnam are the global ones from ppp-2.2.0f, which still assumes that there is only one unit 0

When there are more than one unit, it may be good to make the clientport equal the Interfaceunitnumber.

Rudolf Weber Informatik- und Netzwerkverein Ravensburg e.V