Date: Sat, 15 Jan 2000 01:19:34 +0000 From: Brian Somers <brian@Awfulhak.org> To: Marcin Cieslak <saper@system.pl> Cc: freebsd-net@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: RADIUS support in ppp(8) Message-ID: <200001150119.BAA01055@hak.lan.Awfulhak.org> In-Reply-To: Message from Marcin Cieslak <saper@system.pl> of "Fri, 14 Jan 2000 17:28:14 %2B0100." <Pine.GSO.4.20.0001141716100.18372-100000@tricord.system.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I have just enabled radius support in my plain old > FreeBSD 2.2.8-based dial-in server (I managed to compile > new ppp with libradius, skipping libalias and other > unnecessary things to me). > > I see that I cannot use CHAP for authentication. > I browsed the source code, and it is unclear to me, > is it my fault that I don't supply "Challenge-Response" > (as Ascend radiusd calls it) attribute - or is it > not supported yet? Who is supposed to supply challenge > (RADIUS server)? ppp send the challenge to the client, the client sends a response and ppp sends both the challenge & response to the radius server then passes the radius servers answer back to the client. > Second thing, is anyone working on accounting support > for RADIUS? Seems to me that some basic attributes > would be faily easy to implement. Then we > would work to add more fancy "Ascend-*" attributes, > which can be easily supported by current ppp > (like Ascend-Input-Packets, Ascend-Output-Packets, > Ascend-Multilink-ID etc.), or dig something out > from a modem chat (like Ascend-Data-Rate). > > Right now I need Framed-Address and NAS-Port badly > and I am going to hack ppp to get it. Patches are always appreciated :-) Accounting support was only recently added to the radius client. > Last, is it possible to limit user sessions authenticad? > Say to allow given user to login only once or given > number of simultaneous connections. I cannot find > a RADIUS attribute for that, but it would be nicely > controlled from there. That would make sense. I think jdp is probably a good person to answer this. I don't know that much about server-side radius. > -- > << Marcin Cieslak // saper@system.pl >> > > ----------------------------------------------------------------- > SYSTEM Internet Provider http://www.system.pl -- Brian <brian@Awfulhak.org> <brian@FreeBSD.org> <http://www.Awfulhak.org>; <brian@OpenBSD.org> Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001150119.BAA01055>