Date: Mon, 1 Nov 1999 08:11:23 +0000 (GMT) From: hometeam <hometeam@techpower.net> To: Oleg Semyonov <os@ktpk.dp.ua> Cc: peter@FreeBSD.ORG, freebsd-isp@FreeBSD.ORG Subject: Re: pppd-2.3.10 + RADIUS Message-ID: <Pine.BSF.4.10.9911010809200.243-100000@techpower.net> In-Reply-To: <000701bf220e$fccdde60$0400a8c0@admin.dnepr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
BTW: will 2.3.10 be introduced in to ports & Stable anytime soon ? Seems
like where a bit behind on pppd.
On Fri, 29 Oct 1999, Oleg Semyonov wrote:
> Hi peter@freebsd.org!
>
> As I can see you're a maintainer of pppd port for FreeBSD.
> Long time the pppd exists in FreeBSD as patched 2.3.5 version
> which has some bugs (e.g. "*" only in allowed address list with no
> DNS available leads to long delays for gethostbyname("*") which
> prevents the login by timeout hangup, and so on.).
>
> Just now I've almost done my work with pppd-2.3.10 sources.
> Patches for FreeBSD are based on pppd in current FreeBSD distribution
> with minor changes for new pppd features (optional option list
> in secrets file and so on). Futuremore, I've implemented the
> RADIUS support for authentication and accounting. The support is
> based on standard FreeBSD radius library by John Polstra,
> it may be compiled-in by request (USE_RADIUS=y in Makefile)
> with optional base config path (/etc/ppp or /etc/ppp-radius and
> so on), and it includes support for:
>
> - new RADIUS-oriented pppd options:
> - radius (use RADIUS)
> - radius-conf /path/file (conf file for radius library)
> - radius-only (don't try to auth with secrets or login
> methods if radius returns Access-Reject)
> - radius-noacct (don't send accounting requests)
> - radius-port (device name to port number translation)
> - support for PAP authentication (no CHAP or CALLBACK, sorry);
> - new script environment variables (CALLED_STATION_ID, CALLING_STATION_ID,
> CONNECT_INFO, SENT_PACKETS, RCVD_PACKETS, and received from RADIUS
> server);
> - supported RADIUS attributes are:
> - in Access-Request:
> User-Name
> User-Password
> NAS-IP-Address (gethostname())
> NAS-Identifier (gethostbyname())
> NAS-Port (from device to port translation)
> NAS-Port-Type (Async only)
> Service-Type (Framed)
> Framed-Protocol (PPP)
> Framed-IP-Address
> Framed-Compression (VJ-TCPIP only, no IPX supported)
> Called-Station-Id (from pppd's environment)
> Calling-Station-Id (from pppd's environment, passed by mgetty, e.g.)
> Connect-Info (from pppd's environment, passed by mgetty, e.g.)
> PPPD-Script-Env (pppd script env vars, vendor-specific attribute)
> - in Access-Accept/Reject also recognised (with mentioned above):
> Framed-IP-Netmask
> Framed-Routing (not used yet)
> Filter-Id (not used yet)
> Framed-MTU
> Reply-Message (first message is used only)
> Framed-Route (not used yet)
> Class (passed through in accounting requests)
> Session-Timeout
> Idle-Timeout
> PPPD-Option (additional pppd options, vendor-specific attribute)
> PPPD-Script-Env (additional script env vars, vendor-specific
> attribute)
> - in Accounting-Request START packet also passed (with mentioned above):
> Acct-Status-Type (Start, Stop)
> Acct-Session-Id
> Acct-Authentic (RADIUS only)
> - in Accounting-Request STOP packet also passed (with mentioned above):
> Acct-Input-Octets
> Acct-Output-Octets
> Acct-Input-Packets
> Acct-Output-Packets
> Acct-Session-Time
> Acct-Terminate-Cause (not so good but something useful)
>
> Most of attributes are passed in accounting requests (all script env
> vars and additional pppd options for local IP address or so).
>
> RADIUS support isn't done as loadable plugin. First reason is the
> pppd must work (for me) on 2.2.8 system which does not support some
> required features (-E switch for ld, for example). Second, there is
> no some required hooks and global variables for implement all features
> I need.
>
> The code is slightly tested with Steel-Belted RADIUS for WinNT and with
> Cistron radiusd-1.6.1 and seems to work fine for me.
>
> Is it possible to test and include the code into FreeBSD distribution
> or port collection? Seems too many people want to install newest pppd
> version but some small incompatibilities in original pppd code may
> prevent it for not so qualified users.
>
> Any opinions?
>
> ---
> Oleg Semyonov, the Head of IT Department of KTPK "Dnepr", Energodar, UA
> Internet mail: os@altavista.net, finger/talk: os@ktpk.dp.ua, ICQ:31256452
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911010809200.243-100000>