--- /dev/null
+<html>
+<head>
+<title>
+Radiusclient - Installation and Operation Guide
+</title>
+</head>
+<body>
+
+<h1>
+<center>
+<i>
+Radiusclient - Installation and Operation Guide
+</i>
+</center>
+</h1>
+
+<hr size=8>
+
+<!--------------------------------------------------------------------------->
+<h2>
+Table of contents
+</h2>
+
+<ul>
+<li><a href="#introduction">Introduction</a>
+<li><a href="#principles">Principles of operation</a>
+<li><a href="#installation">Installation</a>
+<li><a href="#availability">Availabiliy</a>
+<li><a href="#credits">Credits</a>
+<li><a href="#copyright">Copyright</a>
+<li><a href="#contacting">Contacting the author</a>
+<li><a href="#appendixa">Appendix A: Command line flags</a>
+</ul>
+
+
+<!--------------------------------------------------------------------------->
+<h2>
+<a name="introduction">
+Introduction
+</a>
+</h2>
+
+ Radiusclient is a /bin/login replacement which gets called by a
+ getty to log in a user and to setup the user's login environment.
+ <br>
+ Normal login programs just check the login name and password which the
+ user entered against the local password file (/etc/passwd, /etc/shadow).
+ In contrast to that Radiusclient also uses the RADIUS protocol to
+ authenticate the user.
+
+ <p>
+
+ RADIUS stands for <i>R</i>emote <i>A</i>uthentication <i>D</i>ial
+ <i>In</i> <i>U</i>ser <i>S</i>ervice and is a protocol for carrying
+ authentication, authorization, and configuration information between
+ a Network Access Server (NAS) which desires to authenticate its
+ links and a shared Authentication Server.<br> The protocol
+ originally was designed by the well known terminal server
+ manufacturer Livingston for use with their Portmaster series of
+ terminal servers. Since then it has been implemented by a lot of
+ other vendors and it is also on it's way to become a Internet
+ Standard.
+
+<!--------------------------------------------------------------------------->
+<h2>
+<a name="principles">
+Principles of operation
+</a>
+</h2>
+
+ If the main program of Radiusclient which is called <i>radlogin</i> gets
+ invoked by your systems's getty, it behaves like the normal login
+ program to the user.
+
+ <p>
+
+ First it asks the user for his loginname (if not supplied by getty)
+ and his password.
+
+ <p>
+
+ Then it tries to find the login name either through a RADIUS server
+ query or in the local passwd file or through both methods.
+
+ <p>
+
+ If the user is authenticated locally <i>radlogin</i> calls the local login
+ program to spawn a login enviroment.
+
+ <p>
+
+ If the user is authenticated via RADIUS <i>radlogin</i> calls a special other
+ login program which gets the information that was passed from the RADIUS
+ server in enviroment variables.
+
+ <p>
+
+ In this special login program you can now either start a telnet/rlogin
+ session or start up SLIP/CSLIP or even PPP based on the information from
+ the RADIUS server. Furthermore you can send accounting information to a
+ RADIUS accouting server via a program called radacct which is also
+ part of Radiusclient.
+
+<!--------------------------------------------------------------------------->
+<h2>
+<a name="installation">
+Installation
+</a>
+</h2>
+
+ Get the Radiusclient package from the places mentioned
+ <a href="#availability">below</a>.
+
+ <p>
+
+ Then unpack it in a directory which you normally use for keeping your
+ source code. For example do:
+
+ <p>
+
+ <pre>
+ cd /usr/src
+ gzip -dc radiusclient-x.x.tar.gz | tar xvvf -
+ </pre>
+
+ <p>
+
+ You now should have a directory called radiusclient-x.x in which all the
+ source code of Radiusclient is stored.
+
+ <p>
+
+ First run configure --help to see if you need to enable any options.
+ Then configure the sources by calling configure with the
+ appropriate options.
+
+ <p>
+
+ Have a look at include/messages.h if you'd like to change some
+ of the messages there. But normally you shouldn't.
+
+ <p>
+
+ Executing "make" builds the executables.
+
+ <p>
+
+ Executing "make install" will install the executables and example
+ versions of all the needed config and data files. Be careful
+ the installation process will <b>overwrite</b> existing files
+ without asking you.
+ Try "make -n install" to see which file gets were if you're
+ unsure.
+
+ <p>
+
+ The installation procedure will only install a dummy login.radius
+ script which just outputs all RADIUS_* environment variables and
+ then exits.
+
+ <p>
+
+ You need to write your own login.radius if you want that the script
+ does something useful. See the login.radius directory for example
+ scripts.
+
+ <p>
+
+ You <b>will</b> have to look into radiusclient.conf and edit it.
+
+ <p>
+
+ Add the following two line to /etc/services if you don't
+ already have them:
+
+ <p>
+
+ <pre>
+ radius 1645/udp # RADIUS access requests
+ radacct 1646/udp # RADIUS accounting requests
+ </pre>
+ <p>
+
+ Get your getty to execute <i>radlogin</i> instead of the normal login
+ process. The method of how to do this varies from getty to getty.
+
+ <p>
+
+ <ul>
+ <li>If you're using getty_ps you can set the LOGIN directive in the
+ respective config file.
+
+ <p>
+
+ <li>agetty has a command line option (-l) which allows
+ you to specify an alternate login program, i.e. <i>radlogin</i>.
+
+ <p>
+
+ <li>With mgetty you add the following line to your login.cfg file:
+
+ <p>
+
+ <pre>
+ * - - <path>/radlogin @
+ </pre>
+
+ </ul>
+
+ I suggest you use mgetty or getty_ps, mgetty even has a nice
+ automatic PPP detection feature, which can be useful.
+
+<!--------------------------------------------------------------------------->
+<h2>
+<a name="availability">
+Availability
+</a>
+</h2>
+
+ This program is avaiable from <a href="ftp://ftp.cityline.net/pub/radiusclient/">
+ ftp.cityline.net</a> in the directory
+ <a href="ftp://ftp.cityline.net/pub/radiusclient/">/pub/radiusclient</a>.
+ <br>
+ Download the version with the largest version number, older version are
+ only kept for reference.
+
+
+<!--------------------------------------------------------------------------->
+<h2>
+<a name="credits">
+Credits
+</a>
+</h2>
+
+ My thanks go to all the people who have helped me in one or another
+ way with the development of radiusclient but especially to:
+
+ <p>
+
+ <center>
+ <table cellpadding=0 cellspacing=0 width="90%" border=0>
+ <tr>
+ <td>
+ <a href="mailto:map@iphil.net">
+ Miguel A.L. Paraz <map@iphil.net>
+ </a>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mailto:gody@master.slon.net">
+ Matjaz Godec <gody@master.slon.net>
+ </a>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <a href="mailto:mla@gams.co.at">
+ Michael Lausch <mla@gams.co.at>
+ </a>
+ </td>
+ </tr>
+ </table>
+ </center>
+
+<!--------------------------------------------------------------------------->
+<h2>
+<a name="copyright">
+Copyright
+</a>
+</h2>
+
+ Read the file COPYRIGHT in the top directory of Radiusclient for the
+ respective copyrights.
+
+ <p>
+
+ If you like the Radiusclient software very much and/or are using
+ it on a production machine please send my a postcard. My postal
+ address is:
+
+ <p>
+
+ <center>
+ <table cellpadding=0 cellspacing=0 width="90%" border=0>
+ <tr>
+ <td>
+ Lars Fenneberg<br>
+ Boettgerstrasse 29<br>
+ 22851 Norderstedt<br>
+ Germany<br>
+ </td>
+ </tr>
+ </table>
+ </center>
+
+<!--------------------------------------------------------------------------->
+<h2>
+<a name="contacting">
+Contacting the author
+</a>
+</h2>
+
+ Send your comments, suggestions, bug reports and patches to
+ <a href="mailto:lf@elemental.net">
+ Lars Fenneberg <nobr><lf@elemental.net></nobr></a>.
+
+<!--------------------------------------------------------------------------->
+<h2>
+<a name="appendixa">
+Appendix A: Command line flags
+</a>
+</h2>
+
+<center>
+<table cellpadding=0 cellspacing=10 width="95%" border=0>
+
+
+<tr>
+<td>
+
+<table border=2 width=100%>
+<tr>
+ <th colspan=2>
+ radlogin
+ </th>
+</tr>
+<tr>
+ <td>
+ -f
+ </td>
+ <td>
+ Path to an alternative configuration file
+ </td>
+</tr>
+<tr>
+ <td>
+ -i
+ </td>
+ <td>
+ File name of the terminal used to determine what to send in
+ the NAS-Port attribute. Normally the tty of stdin is used.
+ </td>
+</tr>
+<tr>
+ <td>
+ -n
+ </td>
+ <td>
+ Disable display if the radlogin issue file. This option is set
+ by default if radlogin is called with an argument.
+ </td>
+</tr>
+<tr>
+ <td>
+ -V
+ </td>
+ <td>
+ Display version information
+ </td>
+</tr>
+<tr>
+ <td>
+ -h
+ </td>
+ <td>
+ Display usage information
+ </td>
+</tr>
+</table>
+</td>
+</tr>
+
+<tr>
+<td>
+
+<table border=2 width=100%>
+<tr>
+ <th colspan=2>
+ radacct
+ </th>
+</tr>
+<tr>
+ <td>
+ -i
+ </td>
+ <td>
+ File name of the terminal used to determine what to send in
+ the NAS-Port attribute. Normally the tty of stdout is used.
+ </td>
+</tr>
+<tr>
+ <td>
+ -V
+ </td>
+ <td>
+ Display version information
+ </td>
+</tr>
+<tr>
+ <td>
+ -h
+ </td>
+ <td>
+ Display usage information
+ </td>
+</tr>
+</table>
+</td>
+</tr>
+
+<tr>
+<td>
+
+<table border=2 width=100%>
+<tr>
+ <th colspan=2>
+ radstatus
+ </th>
+</tr>
+<tr>
+ <td>
+ -V
+ </td>
+ <td>
+ Display version information
+ </td>
+</tr>
+<tr>
+ <td>
+ -h
+ </td>
+ <td>
+ Display usage information
+ </td>
+</tr>
+</table>
+</td>
+</tr>
+
+</table>
+</center>
+
+<p>
+
+<hr size=16>
+<br>
+Last changed: 7/19/98<br>
+Copyright © 1996,1997,1998, Lars Fenneberg, lf@elemental.net<br>
+</body>
+</html>
projects / ppp.git / blobdiff