Date: Mon, 17 Jan 2000 11:09:34 +0000 From: Brian Somers <brian@Awfulhak.org> To: Marcin Cieslak <saper@system.pl> Cc: Brian Somers <brian@Awfulhak.org>, freebsd-net@FreeBSD.org, brian@hak.lan.Awfulhak.org Subject: Re: RADIUS support in ppp(8) Message-ID: <200001171109.LAA17525@hak.lan.Awfulhak.org> In-Reply-To: Message from Marcin Cieslak <saper@system.pl> of "Sun, 16 Jan 2000 02:45:17 %2B0100." <Pine.GSO.4.20.0001160234420.9856-100000@tricord.system.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Sat, 15 Jan 2000, Brian Somers wrote: > > > Patches are always appreciated :-) Accounting support was only > > recently added to the radius client. > > The initial version (hack-quality) is now working. Great ! > I have duplicated radius_Authenticate() to radius_Account() > and right now I am calling it from IPCP FSM "up" and "down" > hooks. But the problem was of course to place accounting > routine right in the whole ppp FSM context and adjust it's > parameters. > > And thus, few design questions arise: I'll answer as best I can, but I must confess that I don't know much about radius authentication at the moment :-/ > 1. Should accounting request be sent at the start/stop of IPCP > session (we need an IP address, ipcp throughput statistics) ? > > 2. Should it be sent every time the link in the MP bundle comes > up? I would think that a session is best described as being when IpcpLayerUp()/IpcpLayerDown() happen. However, in MP mode, when a new incoming link is being negotiated we don't yet know what session we're part of. The best we can do at authentication time is know that we're likely to be part of an existing bundle. When mp_Up() returns MP_ADDED and when bundle_ReceiveDatalink() finishes it indicates that we've received a new link. But I'd avoid saying anything to the radius server at this point 'cos I don't think there's enough info. > 3. What is the best variable to get username from? > (cfg.auth.name from (struct bundle) is apparently empty). bundle::cfg.auth.name is the local ``set authname''. The peers authentication name can be found in datalink::peer.authname. > 4. How to get NAS-Port identifier? (right now I am taking > it from fp->bundle->links[0] <- the "first" datalink open). > I need an access to (struct physical) describing tty used. This is a problem. In MP mode, there's more than one port. At the moment, ppp doesn't mention a port unless there's a tty involved, and if there is, uses ttyslot() to get a number. I don't think radius is very well designed WRT MP connections :-( > 5. Which variable to use as a best unique session > identifier (peerid is apparently set only for MP sessions)? Dunno, maybe the current time with our pid appended, or maybe even just our pid ? > My understaing of internal PPP structure is not so great, > however, the code is quite easy to learn. Heh, my understanding of radius accounting is lousy. I must read the rfc :*] > -- > << Marcin Cieslak // saper@system.pl >> > > ----------------------------------------------------------------- > SYSTEM Internet Provider http://www.system.pl -- Brian <brian@Awfulhak.org> <brian@FreeBSD.org> <http://www.Awfulhak.org>; <brian@OpenBSD.org> Don't _EVER_ lose your sense of humour ! <brian@FreeBSD.org.uk> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001171109.LAA17525>