From owner-freebsd-net  Fri Jan 14  8:31:54 2000
Delivered-To: freebsd-net@freebsd.org
Received: from tricord.system.pl (tricord.system.pl [195.205.185.10])
	by hub.freebsd.org (Postfix) with ESMTP id 54581156DF
	for <freebsd-net@FreeBSD.org>; Fri, 14 Jan 2000 08:30:44 -0800 (PST)
	(envelope-from saper@system.pl)
Received: from localhost (saper@localhost [127.0.0.1])
	by tricord.system.pl (SYSTEM Internet) with ESMTP id RAA19146
	for <freebsd-net@FreeBSD.org>; Fri, 14 Jan 2000 17:28:17 +0100 (MET)
Date: Fri, 14 Jan 2000 17:28:14 +0100 (MET)
From: Marcin Cieslak <saper@system.pl>
To: freebsd-net@FreeBSD.org
Subject: RADIUS support in ppp(8)
Message-ID: <Pine.GSO.4.20.0001141716100.18372-100000@tricord.system.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I have just enabled radius support in my plain old
FreeBSD 2.2.8-based dial-in server (I managed to compile
new ppp with libradius, skipping libalias and other
unnecessary things to me). 

I see that I cannot use CHAP for authentication.
I browsed the source code, and it is unclear to me,
is it my fault that I don't supply "Challenge-Response"
(as Ascend radiusd calls it) attribute - or is it
not supported yet? Who is supposed to supply challenge 
(RADIUS server)?

Second thing, is anyone working on accounting support
for RADIUS? Seems to me that some basic attributes
would be faily easy to implement. Then we
would work to add more fancy "Ascend-*" attributes,
which can be easily supported by current ppp
(like Ascend-Input-Packets, Ascend-Output-Packets,
Ascend-Multilink-ID etc.), or dig something out
from a modem chat (like Ascend-Data-Rate).

Right now I need Framed-Address and NAS-Port badly 
and I am going to hack ppp to get it. 

Last, is it possible to limit user sessions authenticad?
Say to allow given user to login only once or given
number of simultaneous connections. I cannot find
a RADIUS attribute for that, but it would be nicely
controlled from there.

-- 
                 << Marcin Cieslak // saper@system.pl >>

-----------------------------------------------------------------
SYSTEM Internet Provider                     http://www.system.pl



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message