4 Radiusclient - Installation and Operation Guide
12 Radiusclient - Installation and Operation Guide
19 <!--------------------------------------------------------------------------->
25 <li><a href="#introduction">Introduction</a>
26 <li><a href="#principles">Principles of operation</a>
27 <li><a href="#installation">Installation</a>
28 <li><a href="#availability">Availabiliy</a>
29 <li><a href="#credits">Credits</a>
30 <li><a href="#copyright">Copyright</a>
31 <li><a href="#contacting">Contacting the author</a>
32 <li><a href="#appendixa">Appendix A: Command line flags</a>
36 <!--------------------------------------------------------------------------->
38 <a name="introduction">
43 Radiusclient is a /bin/login replacement which gets called by a
44 getty to log in a user and to setup the user's login environment.
46 Normal login programs just check the login name and password which the
47 user entered against the local password file (/etc/passwd, /etc/shadow).
48 In contrast to that Radiusclient also uses the RADIUS protocol to
49 authenticate the user.
53 RADIUS stands for <i>R</i>emote <i>A</i>uthentication <i>D</i>ial
54 <i>In</i> <i>U</i>ser <i>S</i>ervice and is a protocol for carrying
55 authentication, authorization, and configuration information between
56 a Network Access Server (NAS) which desires to authenticate its
57 links and a shared Authentication Server.<br> The protocol
58 originally was designed by the well known terminal server
59 manufacturer Livingston for use with their Portmaster series of
60 terminal servers. Since then it has been implemented by a lot of
61 other vendors and it is also on it's way to become a Internet
64 <!--------------------------------------------------------------------------->
67 Principles of operation
71 If the main program of Radiusclient which is called <i>radlogin</i> gets
72 invoked by your systems's getty, it behaves like the normal login
77 First it asks the user for his loginname (if not supplied by getty)
82 Then it tries to find the login name either through a RADIUS server
83 query or in the local passwd file or through both methods.
87 If the user is authenticated locally <i>radlogin</i> calls the local login
88 program to spawn a login enviroment.
92 If the user is authenticated via RADIUS <i>radlogin</i> calls a special other
93 login program which gets the information that was passed from the RADIUS
94 server in enviroment variables.
98 In this special login program you can now either start a telnet/rlogin
99 session or start up SLIP/CSLIP or even PPP based on the information from
100 the RADIUS server. Furthermore you can send accounting information to a
101 RADIUS accouting server via a program called radacct which is also
102 part of Radiusclient.
104 <!--------------------------------------------------------------------------->
106 <a name="installation">
111 Get the Radiusclient package from the places mentioned
112 <a href="#availability">below</a>.
116 Then unpack it in a directory which you normally use for keeping your
117 source code. For example do:
123 gzip -dc radiusclient-x.x.tar.gz | tar xvvf -
128 You now should have a directory called radiusclient-x.x in which all the
129 source code of Radiusclient is stored.
133 First run configure --help to see if you need to enable any options.
134 Then configure the sources by calling configure with the
139 Have a look at include/messages.h if you'd like to change some
140 of the messages there. But normally you shouldn't.
144 Executing "make" builds the executables.
148 Executing "make install" will install the executables and example
149 versions of all the needed config and data files. Be careful
150 the installation process will <b>overwrite</b> existing files
152 Try "make -n install" to see which file gets were if you're
157 The installation procedure will only install a dummy login.radius
158 script which just outputs all RADIUS_* environment variables and
163 You need to write your own login.radius if you want that the script
164 does something useful. See the login.radius directory for example
169 You <b>will</b> have to look into radiusclient.conf and edit it.
173 Add the following two line to /etc/services if you don't
179 radius 1645/udp # RADIUS access requests
180 radacct 1646/udp # RADIUS accounting requests
184 Get your getty to execute <i>radlogin</i> instead of the normal login
185 process. The method of how to do this varies from getty to getty.
190 <li>If you're using getty_ps you can set the LOGIN directive in the
191 respective config file.
195 <li>agetty has a command line option (-l) which allows
196 you to specify an alternate login program, i.e. <i>radlogin</i>.
200 <li>With mgetty you add the following line to your login.cfg file:
205 * - - <path>/radlogin @
210 I suggest you use mgetty or getty_ps, mgetty even has a nice
211 automatic PPP detection feature, which can be useful.
213 <!--------------------------------------------------------------------------->
215 <a name="availability">
220 This program is avaiable from <a href="ftp://ftp.cityline.net/pub/radiusclient/">
221 ftp.cityline.net</a> in the directory
222 <a href="ftp://ftp.cityline.net/pub/radiusclient/">/pub/radiusclient</a>.
224 Download the version with the largest version number, older version are
225 only kept for reference.
228 <!--------------------------------------------------------------------------->
235 My thanks go to all the people who have helped me in one or another
236 way with the development of radiusclient but especially to:
241 <table cellpadding=0 cellspacing=0 width="90%" border=0>
244 <a href="mailto:map@iphil.net">
245 Miguel A.L. Paraz <map@iphil.net>
251 <a href="mailto:gody@master.slon.net">
252 Matjaz Godec <gody@master.slon.net>
258 <a href="mailto:mla@gams.co.at">
259 Michael Lausch <mla@gams.co.at>
266 <!--------------------------------------------------------------------------->
273 Read the file COPYRIGHT in the top directory of Radiusclient for the
274 respective copyrights.
278 If you like the Radiusclient software very much and/or are using
279 it on a production machine please send my a postcard. My postal
285 <table cellpadding=0 cellspacing=0 width="90%" border=0>
289 Boettgerstrasse 29<br>
290 22851 Norderstedt<br>
297 <!--------------------------------------------------------------------------->
299 <a name="contacting">
300 Contacting the author
304 Send your comments, suggestions, bug reports and patches to
305 <a href="mailto:lf@elemental.net">
306 Lars Fenneberg <nobr><lf@elemental.net></nobr></a>.
308 <!--------------------------------------------------------------------------->
311 Appendix A: Command line flags
316 <table cellpadding=0 cellspacing=10 width="95%" border=0>
322 <table border=2 width=100%>
333 Path to an alternative configuration file
341 File name of the terminal used to determine what to send in
342 the NAS-Port attribute. Normally the tty of stdin is used.
350 Disable display if the radlogin issue file. This option is set
351 by default if radlogin is called with an argument.
359 Display version information
367 Display usage information
377 <table border=2 width=100%>
388 File name of the terminal used to determine what to send in
389 the NAS-Port attribute. Normally the tty of stdout is used.
397 Display version information
405 Display usage information
415 <table border=2 width=100%>
426 Display version information
434 Display usage information
448 Last changed: 7/19/98<br>
449 Copyright © 1996,1997,1998, Lars Fenneberg, lf@elemental.net<br>