Rudolf's Radiusd

What is RADIUS ?

RADIUS stands for Remote Authentication Dial In User Service and is a protocol for carrying authentication, authorization, and configuration information between a Network Access Server (NAS) which desires to authenticate its links and a shared Authentication Server. The protocol originally was designed by the well known terminal server manufacturer Livingston for use with there Portmaster terminal servers. Since then it has been implemented by a lot of other vendors and it is now a Internet Standard RFC2058.txt (Accounting RFC2059)

Description and Advertising

Rudolf's Radiusd consists of C++-Classes to dial with Radius-Messages, and one Child-Class to assemble a Radius message and one to analyse a Radius message.
In objectoriented programming the main concern is the data. So one can easily extend it.

The other Radiusd has additional internal structures which are allocated with malloc. My Classes have iterators to walk through the messageparts and other methods to dial with the Messages and so I don't need other internal datastructures, so its more efficient.

With this Classes I have reimplemented those parts of the radiusd we need:

Authorisation with PAP and CHAP
Multi-realms (Usernames in the Form user@realm)
Proxy/Caching-Realm
Password-Timeout
Password Changing for an end-user
Accounting
Trap for users (script is started when a accounting-Packet is send)
Multithreading

With my classes I have build clients for administration, password-changing, and login and accounting. There are patches for pppd-2.2.0f and the ipppd-2.2.0f for isdn4linux.

Since Version 0.6 there are different types of Realms to support different Databases, proxy-Realms or different policies. So this radiusd is very flexible.

In my Radiusd I don't wanted the complicated Accounting-Format provided by Ascend/Livingston. You can configure the output like this:

 User-Name;Current-Time;Acct-Status-Type;Acct-Input-Octets;
 Acct-Output-Octets;Acct-Input-Packets;Acct-Output-Packets;
 Acct-Session-Time

and get an output like this:

heinzi;Tue 04.06.1996 16:39:17 ;Stop;9;6;7;5;10
;Tue 04.06.1996 16:39:46 ;Stop;;;;;
boeck;Tue 04.06.1996 16:40:25 ;Start;;;;;
heinzi;Tue 04.06.1996 16:40:49 ;Stop;9;6;7;5;10
sveni;Tue 04.06.1996 16:40:59 ;Start;;;;;

The advantage is, that you can directly use Standard-Unix-Tools like sort, grep, cut, ... and things like awk and perl or gnuplot to work with the accounting-file.

In the time as scientist on the University Erlangen I have built a Unix-Statistic-Tool "grupstich", with which you can calculate the sum, the average, the variance over the columns. This logfile can be imported easy in various Databases.

Now there is one single logfile for all realms, because we want to log all the trafic.
Each realmtype can potentially overwrite this method and have a special bookkeeping.

Distribution

It will be distributed with the GNU-copyleft.
You can download it here.

If you are an comercial user, you are asked to give me some money.
Please contact me. If you need some new features, we can discuss about it.

Documentation

Internals for Programmers

Softwaretechnologie Remarkes about main-ideas
Documentation of the Class-Library

Further Ideas

Credits and Thanks

From Ascend I first heard from the RADIUS. The good think is that they put the sources on there ftp server.

The patches for the pppd and radlogin and radacct I adapted from Lars Fennebergs lf@elemental.net radiusclient-0.2.7

Other Work

Merit Authentication, Authorization and Accounting Server