From owner-freebsd-net Fri Jan 14 17:21: 4 2000 Delivered-To: freebsd-net@freebsd.org Received: from awfulhak.org (dynamic-36.max4-du-ws.dialnetwork.pavilion.co.uk [212.74.9.164]) by hub.freebsd.org (Postfix) with ESMTP id 114261527D for ; Fri, 14 Jan 2000 17:21:00 -0800 (PST) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12]) by awfulhak.org (8.9.3/8.9.3) with ESMTP id BAA43967; Sat, 15 Jan 2000 01:15:10 GMT (envelope-from brian@lan.awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id BAA01055; Sat, 15 Jan 2000 01:19:34 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200001150119.BAA01055@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.0 09/18/1999 To: Marcin Cieslak Cc: freebsd-net@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: RADIUS support in ppp(8) In-Reply-To: Message from Marcin Cieslak of "Fri, 14 Jan 2000 17:28:14 +0100." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 15 Jan 2000 01:19:34 +0000 From: Brian Somers Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I have just enabled radius support in my plain old > FreeBSD 2.2.8-based dial-in server (I managed to compile > new ppp with libradius, skipping libalias and other > unnecessary things to me). > > I see that I cannot use CHAP for authentication. > I browsed the source code, and it is unclear to me, > is it my fault that I don't supply "Challenge-Response" > (as Ascend radiusd calls it) attribute - or is it > not supported yet? Who is supposed to supply challenge > (RADIUS server)? ppp send the challenge to the client, the client sends a response and ppp sends both the challenge & response to the radius server then passes the radius servers answer back to the client. > Second thing, is anyone working on accounting support > for RADIUS? Seems to me that some basic attributes > would be faily easy to implement. Then we > would work to add more fancy "Ascend-*" attributes, > which can be easily supported by current ppp > (like Ascend-Input-Packets, Ascend-Output-Packets, > Ascend-Multilink-ID etc.), or dig something out > from a modem chat (like Ascend-Data-Rate). > > Right now I need Framed-Address and NAS-Port badly > and I am going to hack ppp to get it. Patches are always appreciated :-) Accounting support was only recently added to the radius client. > Last, is it possible to limit user sessions authenticad? > Say to allow given user to login only once or given > number of simultaneous connections. I cannot find > a RADIUS attribute for that, but it would be nicely > controlled from there. That would make sense. I think jdp is probably a good person to answer this. I don't know that much about server-side radius. > -- > << Marcin Cieslak // saper@system.pl >> > > ----------------------------------------------------------------- > SYSTEM Internet Provider http://www.system.pl -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message