+
+ RADIUS stands for Remote Authentication Dial
+ In User Service and is a protocol for carrying
+ authentication, authorization, and configuration information between
+ a Network Access Server (NAS) which desires to authenticate its
+ links and a shared Authentication Server.
The protocol
+ originally was designed by the well known terminal server
+ manufacturer Livingston for use with their Portmaster series of
+ terminal servers. Since then it has been implemented by a lot of
+ other vendors and it is also on it's way to become a Internet
+ Standard.
+
+
+
+ + First it asks the user for his loginname (if not supplied by getty) + and his password. + +
+ + Then it tries to find the login name either through a RADIUS server + query or in the local passwd file or through both methods. + +
+ + If the user is authenticated locally radlogin calls the local login + program to spawn a login enviroment. + +
+ + If the user is authenticated via RADIUS radlogin calls a special other + login program which gets the information that was passed from the RADIUS + server in enviroment variables. + +
+ + In this special login program you can now either start a telnet/rlogin + session or start up SLIP/CSLIP or even PPP based on the information from + the RADIUS server. Furthermore you can send accounting information to a + RADIUS accouting server via a program called radacct which is also + part of Radiusclient. + + +
+ + Then unpack it in a directory which you normally use for keeping your + source code. For example do: + +
+ +
+ cd /usr/src + gzip -dc radiusclient-x.x.tar.gz | tar xvvf - ++ +
+ + You now should have a directory called radiusclient-x.x in which all the + source code of Radiusclient is stored. + +
+ + First run configure --help to see if you need to enable any options. + Then configure the sources by calling configure with the + appropriate options. + +
+ + Have a look at include/messages.h if you'd like to change some + of the messages there. But normally you shouldn't. + +
+ + Executing "make" builds the executables. + +
+ + Executing "make install" will install the executables and example + versions of all the needed config and data files. Be careful + the installation process will overwrite existing files + without asking you. + Try "make -n install" to see which file gets were if you're + unsure. + +
+ + The installation procedure will only install a dummy login.radius + script which just outputs all RADIUS_* environment variables and + then exits. + +
+ + You need to write your own login.radius if you want that the script + does something useful. See the login.radius directory for example + scripts. + +
+ + You will have to look into radiusclient.conf and edit it. + +
+ + Add the following two line to /etc/services if you don't + already have them: + +
+ +
+ radius 1645/udp # RADIUS access requests + radacct 1646/udp # RADIUS accounting requests ++
+ + Get your getty to execute radlogin instead of the normal login + process. The method of how to do this varies from getty to getty. + +
+ +
+ +
+ +
+ +
+ * - -+ +/radlogin @ +
+ +
| + + Miguel A.L. Paraz <map@iphil.net> + + | +
| + + Matjaz Godec <gody@master.slon.net> + + | +
| + + Michael Lausch <mla@gams.co.at> + + | +
+ + If you like the Radiusclient software very much and/or are using + it on a production machine please send my a postcard. My postal + address is: + +
+ +
|
+ Lars Fenneberg + Boettgerstrasse 29 + 22851 Norderstedt + Germany + |
+
+
+
|
+||||||||||||
+
+
|
+||||||||||||
+
+
|
+||||||||||||
+ +