From owner-freebsd-isp Mon Nov 1 4:14:49 1999 Delivered-To: freebsd-isp@freebsd.org Received: from techpower.net (techpower.net [205.133.231.1]) by hub.freebsd.org (Postfix) with ESMTP id 0D07A14FD8; Mon, 1 Nov 1999 04:14:44 -0800 (PST) (envelope-from hometeam@techpower.net) Received: from localhost (hometeam@localhost) by techpower.net (8.9.3/8.9.3) with ESMTP id IAA00248; Mon, 1 Nov 1999 08:11:23 GMT (envelope-from hometeam@techpower.net) Date: Mon, 1 Nov 1999 08:11:23 +0000 (GMT) From: hometeam To: Oleg Semyonov Cc: peter@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: pppd-2.3.10 + RADIUS In-Reply-To: <000701bf220e$fccdde60$0400a8c0@admin.dnepr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org BTW: will 2.3.10 be introduced in to ports & Stable anytime soon ? Seems like where a bit behind on pppd. On Fri, 29 Oct 1999, Oleg Semyonov wrote: > Hi peter@freebsd.org! > > As I can see you're a maintainer of pppd port for FreeBSD. > Long time the pppd exists in FreeBSD as patched 2.3.5 version > which has some bugs (e.g. "*" only in allowed address list with no > DNS available leads to long delays for gethostbyname("*") which > prevents the login by timeout hangup, and so on.). > > Just now I've almost done my work with pppd-2.3.10 sources. > Patches for FreeBSD are based on pppd in current FreeBSD distribution > with minor changes for new pppd features (optional option list > in secrets file and so on). Futuremore, I've implemented the > RADIUS support for authentication and accounting. The support is > based on standard FreeBSD radius library by John Polstra, > it may be compiled-in by request (USE_RADIUS=y in Makefile) > with optional base config path (/etc/ppp or /etc/ppp-radius and > so on), and it includes support for: > > - new RADIUS-oriented pppd options: > - radius (use RADIUS) > - radius-conf /path/file (conf file for radius library) > - radius-only (don't try to auth with secrets or login > methods if radius returns Access-Reject) > - radius-noacct (don't send accounting requests) > - radius-port (device name to port number translation) > - support for PAP authentication (no CHAP or CALLBACK, sorry); > - new script environment variables (CALLED_STATION_ID, CALLING_STATION_ID, > CONNECT_INFO, SENT_PACKETS, RCVD_PACKETS, and received from RADIUS > server); > - supported RADIUS attributes are: > - in Access-Request: > User-Name > User-Password > NAS-IP-Address (gethostname()) > NAS-Identifier (gethostbyname()) > NAS-Port (from device to port translation) > NAS-Port-Type (Async only) > Service-Type (Framed) > Framed-Protocol (PPP) > Framed-IP-Address > Framed-Compression (VJ-TCPIP only, no IPX supported) > Called-Station-Id (from pppd's environment) > Calling-Station-Id (from pppd's environment, passed by mgetty, e.g.) > Connect-Info (from pppd's environment, passed by mgetty, e.g.) > PPPD-Script-Env (pppd script env vars, vendor-specific attribute) > - in Access-Accept/Reject also recognised (with mentioned above): > Framed-IP-Netmask > Framed-Routing (not used yet) > Filter-Id (not used yet) > Framed-MTU > Reply-Message (first message is used only) > Framed-Route (not used yet) > Class (passed through in accounting requests) > Session-Timeout > Idle-Timeout > PPPD-Option (additional pppd options, vendor-specific attribute) > PPPD-Script-Env (additional script env vars, vendor-specific > attribute) > - in Accounting-Request START packet also passed (with mentioned above): > Acct-Status-Type (Start, Stop) > Acct-Session-Id > Acct-Authentic (RADIUS only) > - in Accounting-Request STOP packet also passed (with mentioned above): > Acct-Input-Octets > Acct-Output-Octets > Acct-Input-Packets > Acct-Output-Packets > Acct-Session-Time > Acct-Terminate-Cause (not so good but something useful) > > Most of attributes are passed in accounting requests (all script env > vars and additional pppd options for local IP address or so). > > RADIUS support isn't done as loadable plugin. First reason is the > pppd must work (for me) on 2.2.8 system which does not support some > required features (-E switch for ld, for example). Second, there is > no some required hooks and global variables for implement all features > I need. > > The code is slightly tested with Steel-Belted RADIUS for WinNT and with > Cistron radiusd-1.6.1 and seems to work fine for me. > > Is it possible to test and include the code into FreeBSD distribution > or port collection? Seems too many people want to install newest pppd > version but some small incompatibilities in original pppd code may > prevent it for not so qualified users. > > Any opinions? > > --- > Oleg Semyonov, the Head of IT Department of KTPK "Dnepr", Energodar, UA > Internet mail: os@altavista.net, finger/talk: os@ktpk.dp.ua, ICQ:31256452 > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message