Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Jan 2000 11:09:34 +0000
From:      Brian Somers <brian@Awfulhak.org>
To:        Marcin Cieslak <saper@system.pl>
Cc:        Brian Somers <brian@Awfulhak.org>, freebsd-net@FreeBSD.org, brian@hak.lan.Awfulhak.org
Subject:   Re: RADIUS support in ppp(8) 
Message-ID:  <200001171109.LAA17525@hak.lan.Awfulhak.org>
In-Reply-To: Message from Marcin Cieslak <saper@system.pl>  of "Sun, 16 Jan 2000 02:45:17 %2B0100." <Pine.GSO.4.20.0001160234420.9856-100000@tricord.system.pl> 

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> On Sat, 15 Jan 2000, Brian Somers wrote:
> 
> > Patches are always appreciated :-)  Accounting support was only 
> > recently added to the radius client.
> 
> The initial version (hack-quality) is now working.

Great !

> I have duplicated radius_Authenticate() to radius_Account()
> and right now I am calling it from IPCP FSM "up" and "down"
> hooks. But the problem was of course to place accounting
> routine right in the whole ppp FSM context and adjust it's 
> parameters. 
> 
> And thus, few design questions arise:

I'll answer as best I can, but I must confess that I don't know much 
about radius authentication at the moment :-/

> 1. Should accounting request be sent at the start/stop of IPCP 
> session (we need an IP address, ipcp throughput statistics) ?
> 
> 2. Should it be sent every time the link in the MP bundle comes
> up?  

I would think that a session is best described as being when 
IpcpLayerUp()/IpcpLayerDown() happen.  However, in MP mode, when a 
new incoming link is being negotiated we don't yet know what session 
we're part of.  The best we can do at authentication time is know 
that we're likely to be part of an existing bundle.

When mp_Up() returns MP_ADDED and when bundle_ReceiveDatalink() 
finishes it indicates that we've received a new link.  But I'd avoid 
saying anything to the radius server at this point 'cos I don't think 
there's enough info.

> 3. What is the best variable to get username from? 
> (cfg.auth.name from (struct bundle) is apparently empty).

bundle::cfg.auth.name is the local ``set authname''.  The peers 
authentication name can be found in datalink::peer.authname.

> 4. How to get NAS-Port identifier? (right now I am taking
> it from fp->bundle->links[0] <- the "first" datalink open).
> I need an access to (struct physical) describing tty used.

This is a problem.  In MP mode, there's more than one port.  At the 
moment, ppp doesn't mention a port unless there's a tty involved, and 
if there is, uses ttyslot() to get a number.

I don't think radius is very well designed WRT MP connections :-(

> 5. Which variable to use as a best unique session
> identifier (peerid is apparently set only for MP sessions)?

Dunno, maybe the current time with our pid appended, or maybe even 
just our pid ?

> My understaing of internal PPP structure is not so great,
> however, the code is quite easy to learn.

Heh, my understanding of radius accounting is lousy.  I must read the 
rfc :*]

> -- 
>                  << Marcin Cieslak // saper@system.pl >>
> 
> -----------------------------------------------------------------
> SYSTEM Internet Provider                     http://www.system.pl

-- 
Brian <brian@Awfulhak.org>                        <brian@FreeBSD.org>
      <http://www.Awfulhak.org>;                   <brian@OpenBSD.org>
Don't _EVER_ lose your sense of humour !          <brian@FreeBSD.org.uk>




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001171109.LAA17525>