Date: Fri, 29 Oct 1999 15:10:34 +0200 From: "Oleg Semyonov" <os@ktpk.dp.ua> To: <peter@freebsd.org> Cc: <freebsd-isp@freebsd.org> Subject: pppd-2.3.10 + RADIUS Message-ID: <000701bf220e$fccdde60$0400a8c0@admin.dnepr.com>
next in thread | raw e-mail | index | archive | help
Hi peter@freebsd.org!
As I can see you're a maintainer of pppd port for FreeBSD.
Long time the pppd exists in FreeBSD as patched 2.3.5 version
which has some bugs (e.g. "*" only in allowed address list with no
DNS available leads to long delays for gethostbyname("*") which
prevents the login by timeout hangup, and so on.).
Just now I've almost done my work with pppd-2.3.10 sources.
Patches for FreeBSD are based on pppd in current FreeBSD distribution
with minor changes for new pppd features (optional option list
in secrets file and so on). Futuremore, I've implemented the
RADIUS support for authentication and accounting. The support is
based on standard FreeBSD radius library by John Polstra,
it may be compiled-in by request (USE_RADIUS=y in Makefile)
with optional base config path (/etc/ppp or /etc/ppp-radius and
so on), and it includes support for:
- new RADIUS-oriented pppd options:
- radius (use RADIUS)
- radius-conf /path/file (conf file for radius library)
- radius-only (don't try to auth with secrets or login
methods if radius returns Access-Reject)
- radius-noacct (don't send accounting requests)
- radius-port (device name to port number translation)
- support for PAP authentication (no CHAP or CALLBACK, sorry);
- new script environment variables (CALLED_STATION_ID, CALLING_STATION_ID,
CONNECT_INFO, SENT_PACKETS, RCVD_PACKETS, and received from RADIUS
server);
- supported RADIUS attributes are:
- in Access-Request:
User-Name
User-Password
NAS-IP-Address (gethostname())
NAS-Identifier (gethostbyname())
NAS-Port (from device to port translation)
NAS-Port-Type (Async only)
Service-Type (Framed)
Framed-Protocol (PPP)
Framed-IP-Address
Framed-Compression (VJ-TCPIP only, no IPX supported)
Called-Station-Id (from pppd's environment)
Calling-Station-Id (from pppd's environment, passed by mgetty, e.g.)
Connect-Info (from pppd's environment, passed by mgetty, e.g.)
PPPD-Script-Env (pppd script env vars, vendor-specific attribute)
- in Access-Accept/Reject also recognised (with mentioned above):
Framed-IP-Netmask
Framed-Routing (not used yet)
Filter-Id (not used yet)
Framed-MTU
Reply-Message (first message is used only)
Framed-Route (not used yet)
Class (passed through in accounting requests)
Session-Timeout
Idle-Timeout
PPPD-Option (additional pppd options, vendor-specific attribute)
PPPD-Script-Env (additional script env vars, vendor-specific
attribute)
- in Accounting-Request START packet also passed (with mentioned above):
Acct-Status-Type (Start, Stop)
Acct-Session-Id
Acct-Authentic (RADIUS only)
- in Accounting-Request STOP packet also passed (with mentioned above):
Acct-Input-Octets
Acct-Output-Octets
Acct-Input-Packets
Acct-Output-Packets
Acct-Session-Time
Acct-Terminate-Cause (not so good but something useful)
Most of attributes are passed in accounting requests (all script env
vars and additional pppd options for local IP address or so).
RADIUS support isn't done as loadable plugin. First reason is the
pppd must work (for me) on 2.2.8 system which does not support some
required features (-E switch for ld, for example). Second, there is
no some required hooks and global variables for implement all features
I need.
The code is slightly tested with Steel-Belted RADIUS for WinNT and with
Cistron radiusd-1.6.1 and seems to work fine for me.
Is it possible to test and include the code into FreeBSD distribution
or port collection? Seems too many people want to install newest pppd
version but some small incompatibilities in original pppd code may
prevent it for not so qualified users.
Any opinions?
---
Oleg Semyonov, the Head of IT Department of KTPK "Dnepr", Energodar, UA
Internet mail: os@altavista.net, finger/talk: os@ktpk.dp.ua, ICQ:31256452
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000701bf220e$fccdde60$0400a8c0>