Re: pppd+radius ?
Hi, On Fri, 21 Jun 2002, Maxim Kalinkevich wrote: > I have corrected a mistake and now I receive the following message [SNIP] > Jun 21 10:06:35 storm pppd[4315]: ChapReceiveResponse: using RADIUS > Jun 21 10:06:35 storm pptpd[4314]: Error reading from pppd: Input/output > error > Jun 21 10:06:35 storm pptpd[4314]: CTRL: GRE read or PTY write failed > (gre,pty)=(8,7) > > and no one packet to radius !! I've found the cause of the crash of pppd: I didn't pay enough attention when applying a patch from someone, and incorporated a feature to set the NAS-Identifier attribute sent by the client using a 'radius-nas-identifier' option. The problem is that the code that was added doesn't handle the absense of the option correctly. So, as a workaround, add eg. 'radius-nas-identifier testnas' to your config file. I'll upload a new version soon. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Hi, On Fri, 21 Jun 2002, Maxim Kalinkevich wrote: > I have corrected a mistake and now I receive the following message [SNIP] > Jun 21 10:06:35 storm pppd[4315]: ChapReceiveResponse: using RADIUS > Jun 21 10:06:35 storm pptpd[4314]: Error reading from pppd: Input/output > error > Jun 21 10:06:35 storm pptpd[4314]: CTRL: GRE read or PTY write failed > (gre,pty)=(8,7) > > and no one packet to radius !! I've found the cause of the crash of pppd: I didn't pay enough attention when applying a patch from someone, and incorporated a feature to set the NAS-Identifier attribute sent by the client using a 'radius-nas-identifier' option. The problem is that the code that was added doesn't handle the absense of the option correctly. So, as a workaround, add eg. 'radius-nas-identifier testnas' to your config file. I'll upload a new version soon. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
On Fri, 21 Jun 2002 00:31, Emile van Bergen wrote: > > > I've already started work on CHAP using libradius1, which is also what > > > the PPP CVS code uses. > > > > > > I am going to eat the code that's in the PPP CVS. When I have every > > > feature of that code and more I may put Portslave in the PPP CVS. I > > > think we only need one PPP/RADIUS solution, I've spent the last two > > > years hunting down other options and incorporating all their > > > features... > > > > But why not take the approach of taking all the current RADIUS > > stuff out of portslave and going with PPP CVS then? Or are you > > worried the PPP people aren't going to maintain their RADIUS plugin > > properly? I mean, if you both use libradius1... > > > > Portslave could then become a pure 'multiport-getty', i.e. everything a > > NAS does before running PPP, or another service/line discipline, as an > > external program. Why not? > > Forget that stupid idea. RADIUS authentication and accounting are also > applicable for session types other than PPP, of course. Sorry. Sessions other than PPP is one issue (Portslave currently supports rlogin, telnet, ssh, and SLIP). Another issue is that to provide a login: prompt you need more than just a module for pppd. Finally when merging two programs the thing to do is to take the code from the small program and put it in the large program. Portslave has more features than any comparable program. -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
On Fri, 21 Jun 2002 00:31, Emile van Bergen wrote: > > > I've already started work on CHAP using libradius1, which is also what > > > the PPP CVS code uses. > > > > > > I am going to eat the code that's in the PPP CVS. When I have every > > > feature of that code and more I may put Portslave in the PPP CVS. I > > > think we only need one PPP/RADIUS solution, I've spent the last two > > > years hunting down other options and incorporating all their > > > features... > > > > But why not take the approach of taking all the current RADIUS > > stuff out of portslave and going with PPP CVS then? Or are you > > worried the PPP people aren't going to maintain their RADIUS plugin > > properly? I mean, if you both use libradius1... > > > > Portslave could then become a pure 'multiport-getty', i.e. everything a > > NAS does before running PPP, or another service/line discipline, as an > > external program. Why not? > > Forget that stupid idea. RADIUS authentication and accounting are also > applicable for session types other than PPP, of course. Sorry. Sessions other than PPP is one issue (Portslave currently supports rlogin, telnet, ssh, and SLIP). Another issue is that to provide a login: prompt you need more than just a module for pppd. Finally when merging two programs the thing to do is to take the code from the small program and put it in the large program. Portslave has more features than any comparable program. -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Hi, On Thu, 20 Jun 2002, Emile van Bergen wrote: > On Thu, 20 Jun 2002, Russell Coker wrote: > > > I've already started work on CHAP using libradius1, which is also what the > > PPP CVS code uses. > > > > I am going to eat the code that's in the PPP CVS. When I have every feature > > of that code and more I may put Portslave in the PPP CVS. I think we only > > need one PPP/RADIUS solution, I've spent the last two years hunting down > > other options and incorporating all their features... > > But why not take the approach of taking all the current RADIUS > stuff out of portslave and going with PPP CVS then? Or are you > worried the PPP people aren't going to maintain their RADIUS plugin > properly? I mean, if you both use libradius1... > > Portslave could then become a pure 'multiport-getty', i.e. everything a > NAS does before running PPP, or another service/line discipline, as an > external program. Why not? Forget that stupid idea. RADIUS authentication and accounting are also applicable for session types other than PPP, of course. Sorry. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
On Thu, 20 Jun 2002, Russell Coker wrote: > I've already started work on CHAP using libradius1, which is also what the > PPP CVS code uses. > > I am going to eat the code that's in the PPP CVS. When I have every feature > of that code and more I may put Portslave in the PPP CVS. I think we only > need one PPP/RADIUS solution, I've spent the last two years hunting down > other options and incorporating all their features... But why not take the approach of taking all the current RADIUS stuff out of portslave and going with PPP CVS then? Or are you worried the PPP people aren't going to maintain their RADIUS plugin properly? I mean, if you both use libradius1... Portslave could then become a pure 'multiport-getty', i.e. everything a NAS does before running PPP, or another service/line discipline, as an external program. Why not? Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
On Thu, 20 Jun 2002 16:37, Emile van Bergen wrote: > > Since late 2000, and it fully worked since early 2001. You looked in the > > wrong place, you should have looked in SourceForge. I'm the main > > upstream author... > > I must have, indeed. But in any case, at the time I found that portslave > was geared a lot towards the 'getty' side of things, and didn't support Portslave was solely designed for getty type work. In response to requests I wrote a very brief document giving tips on getting it to work in pppoe type scenarios. People are using it like that, although most people who wanted to do that found it too difficult and used another solution. > CHAP, never mind MSCHAP with all its frills (not that I think those are > 'better' than PAP, but that's what my client needed), so I decided that > hacking all that into it was more work than starting with > pppd+MSCHAP+MPPE and OpenRADIUS, which could also benefit from the > project. I've already started work on CHAP using libradius1, which is also what the PPP CVS code uses. > > I think that the code in the PPP CVS does most (if not all) of this. But > > I haven't looked at all of it yet. Been too busy copying code into > > Portslave. ;) > > Yes, it's a shame - three RADIUS clients for pppd now, with slightly > varying feature sets. Oh well, these things happen. The only advantage > my patch still has perhaps is that it's used in production now and > applies against a production pppd. I am going to eat the code that's in the PPP CVS. When I have every feature of that code and more I may put Portslave in the PPP CVS. I think we only need one PPP/RADIUS solution, I've spent the last two years hunting down other options and incorporating all their features... -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Hi, On Thu, 20 Jun 2002, Emile van Bergen wrote: > On Thu, 20 Jun 2002, Russell Coker wrote: > > > I've already started work on CHAP using libradius1, which is also what the > > PPP CVS code uses. > > > > I am going to eat the code that's in the PPP CVS. When I have every feature > > of that code and more I may put Portslave in the PPP CVS. I think we only > > need one PPP/RADIUS solution, I've spent the last two years hunting down > > other options and incorporating all their features... > > But why not take the approach of taking all the current RADIUS > stuff out of portslave and going with PPP CVS then? Or are you > worried the PPP people aren't going to maintain their RADIUS plugin > properly? I mean, if you both use libradius1... > > Portslave could then become a pure 'multiport-getty', i.e. everything a > NAS does before running PPP, or another service/line discipline, as an > external program. Why not? Forget that stupid idea. RADIUS authentication and accounting are also applicable for session types other than PPP, of course. Sorry. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
On Thu, 20 Jun 2002, Russell Coker wrote: > I've already started work on CHAP using libradius1, which is also what the > PPP CVS code uses. > > I am going to eat the code that's in the PPP CVS. When I have every feature > of that code and more I may put Portslave in the PPP CVS. I think we only > need one PPP/RADIUS solution, I've spent the last two years hunting down > other options and incorporating all their features... But why not take the approach of taking all the current RADIUS stuff out of portslave and going with PPP CVS then? Or are you worried the PPP people aren't going to maintain their RADIUS plugin properly? I mean, if you both use libradius1... Portslave could then become a pure 'multiport-getty', i.e. everything a NAS does before running PPP, or another service/line discipline, as an external program. Why not? Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Hi, On Thu, 20 Jun 2002, Maxim Kalinkevich wrote: > ###options### > radius-auth-servers 127.0.0.1:1812/secret > radius-acct-servers 127.0.0.1:1813/secret > debug > lock > require-chap > chap-secrets### > * localhost @secret * > > in first and second case -- no packets to auth in radius Ugh. My fault. It's not "@secret" but "@radius" you should use (analogous to "@login" which selects system authentication). Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
On Thu, 20 Jun 2002 16:37, Emile van Bergen wrote: > > Since late 2000, and it fully worked since early 2001. You looked in the > > wrong place, you should have looked in SourceForge. I'm the main > > upstream author... > > I must have, indeed. But in any case, at the time I found that portslave > was geared a lot towards the 'getty' side of things, and didn't support Portslave was solely designed for getty type work. In response to requests I wrote a very brief document giving tips on getting it to work in pppoe type scenarios. People are using it like that, although most people who wanted to do that found it too difficult and used another solution. > CHAP, never mind MSCHAP with all its frills (not that I think those are > 'better' than PAP, but that's what my client needed), so I decided that > hacking all that into it was more work than starting with > pppd+MSCHAP+MPPE and OpenRADIUS, which could also benefit from the > project. I've already started work on CHAP using libradius1, which is also what the PPP CVS code uses. > > I think that the code in the PPP CVS does most (if not all) of this. But > > I haven't looked at all of it yet. Been too busy copying code into > > Portslave. ;) > > Yes, it's a shame - three RADIUS clients for pppd now, with slightly > varying feature sets. Oh well, these things happen. The only advantage > my patch still has perhaps is that it's used in production now and > applies against a production pppd. I am going to eat the code that's in the PPP CVS. When I have every feature of that code and more I may put Portslave in the PPP CVS. I think we only need one PPP/RADIUS solution, I've spent the last two years hunting down other options and incorporating all their features... -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Hi, On Thu, 20 Jun 2002, Maxim Kalinkevich wrote: > ###options### > radius-auth-servers 127.0.0.1:1812/secret > radius-acct-servers 127.0.0.1:1813/secret > debug > lock > require-chap > chap-secrets### > * localhost @secret * > > in first and second case -- no packets to auth in radius Ugh. My fault. It's not "@secret" but "@radius" you should use (analogous to "@login" which selects system authentication). Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
###options### radius-auth-servers 127.0.0.1:1812/secret radius-acct-servers 127.0.0.1:1813/secret debug lock require-chap chap-secrets### * localhost @secret * maxim * 123 * in this situation --- see file log.maxim but if only this : chap-secrets### * localhost @secret * in this situation --- see file log.pppd in first and second case -- no packets to auth in radius log.maxim.gz Description: application/gzip log.pppd.gz Description: application/gzip
Re: pppd+radius ?
Hi, On Thu, 20 Jun 2002, Maxim Kalinkevich wrote: > I have spent all the day understanding with work of yours patch for > pppd. Has appeared still as far as questions. All that I could achieve > is ACCOUNTIG-STOP packets. To force pppd to connect to radius for > authorization I could not. > > My config files : > #pptpd.conf > speed 115200 > > option /etc/ppp/pptpd-options > > debug Can you give an excerpt from your syslog? At least the entries made by pppd tagged with 'radius:'. > radius-auth-servers 127.0.0.1:1812/secret > > radius-acct-servers 127.0.0.1:1813/secret That's the correct syntax, yes. > chap-secrets### > * localhost @secret * That should be enough, unless you use PAP. > I start xtradius, then I start sniffers on all interfaces and I see only > acct-stop packages from pppd to radius then client is desconnected. > where I was mistaken in a configuration?? I don't know. I'd have to see the debugging log... Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
I have spent all the day understanding with work of yours patch for pppd. Has appeared still as far as questions. All that I could achieve is ACCOUNTIG-STOP packets. To force pppd to connect to radius for authorization I could not. My config files : #pptpd.conf speed 115200 option /etc/ppp/pptpd-options debug localip 10.0.1.1 remoteip 10.0.1.2-100 ###pptpd-options### debug name localhost auth #require-chap #require-chapms #require-chapms-v2 +chap radius-auth-servers 127.0.0.1:1812/secret radius-acct-servers 127.0.0.1:1813/secret lock ###options### radius-auth-servers 127.0.0.1:1812/secret radius-acct-servers 127.0.0.1:1813/secret debug lock require-chap chap-secrets### * localhost @secret * I start xtradius, then I start sniffers on all interfaces and I see only acct-stop packages from pppd to radius then client is desconnected. where I was mistaken in a configuration?? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
###options### radius-auth-servers 127.0.0.1:1812/secret radius-acct-servers 127.0.0.1:1813/secret debug lock require-chap chap-secrets### * localhost @secret * maxim * 123 * in this situation --- see file log.maxim but if only this : chap-secrets### * localhost @secret * in this situation --- see file log.pppd in first and second case -- no packets to auth in radius log.maxim.gz Description: application/gzip log.pppd.gz Description: application/gzip
Re: pppd+radius ?
On Thu, 20 Jun 2002, Russell Coker wrote: > On Thu, 20 Jun 2002 10:20, Emile van Bergen wrote (incorrectly ;): > > > > > > > Portslave's pppd doesn't do accounting, no. > > > > > > Yes it does, it's been doing it for quite a while, and every version in > > > Debian has done it. > > > > Since when is support also in upstream? I looked Januari this year... > > Since late 2000, and it fully worked since early 2001. You looked in the > wrong place, you should have looked in SourceForge. I'm the main upstream > author... I must have, indeed. But in any case, at the time I found that portslave was geared a lot towards the 'getty' side of things, and didn't support CHAP, never mind MSCHAP with all its frills (not that I think those are 'better' than PAP, but that's what my client needed), so I decided that hacking all that into it was more work than starting with pppd+MSCHAP+MPPE and OpenRADIUS, which could also benefit from the project. > I think that the code in the PPP CVS does most (if not all) of this. But I > haven't looked at all of it yet. Been too busy copying code into Portslave. > ;) Yes, it's a shame - three RADIUS clients for pppd now, with slightly varying feature sets. Oh well, these things happen. The only advantage my patch still has perhaps is that it's used in production now and applies against a production pppd. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
On Thu, 20 Jun 2002 10:20, Emile van Bergen wrote: > > > > Wanted to use xtradius but I can not find pppd working with radius > > > > (pppd from portslave in such situation to work I think will not be). > > > > > > Portslave's pppd doesn't do accounting, no. > > > > Yes it does, it's been doing it for quite a while, and every version in > > Debian has done it. > > Since when is support also in upstream? I looked Januari this year... Since late 2000, and it fully worked since early 2001. You looked in the wrong place, you should have looked in SourceForge. I'm the main upstream author... > > Is this the one that's in the PPP CVS now? > > I don't think so, as I haven't published it earlier. There was a > possibility that the guy who sponsored the development wanted to extend > the embargo, that's why I kept it closed so far. > > I heard about that RADIUS support in ppp CVS just at the time I was > almost with my solution. I needed some extra things like full MSCHAPv2 / > MPPE support *via* RADIUS anyway, so I didn't think it worth it to look > at it extensively. I think that the code in the PPP CVS does most (if not all) of this. But I haven't looked at all of it yet. Been too busy copying code into Portslave. ;) -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Hi, On Thu, 20 Jun 2002, Maxim Kalinkevich wrote: > How i can configure pppd to work with radius ? Where i must set ip > adress of radius server and secret key ? On pppd's command line (yes, the secret too - sorry). See my webpage and the documentation in pppd/radius_client.c. cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Hi, On Thu, 20 Jun 2002, Maxim Kalinkevich wrote: > Can Openradius execute any external program when > "acct-stop" or "acct-start" is recieved ?? > I want use openldap and change some data then the user finnish connection. It has such a facility, but it works slightly different from most servers that support this, which generally start the program each time an accounting request comes in. OpenRADIUS starts the external program only once, and passes requests standard input as a series of ASCII lines. See the docs for the module interface (the ASCII variant) at http://www.xs4all.nl/~evbergen/doc-module-interface.html An example of a shell script using this can be found in the modules/radlogger subdirectory. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Emile van Bergen wrote: Hi, On Wed, 19 Jun 2002, Russell Coker wrote: On Wed, 19 Jun 2002 20:12, Emile van Bergen wrote: Wanted to use xtradius but I can not find pppd working with radius (pppd from portslave in such situation to work I think will not be). Portslave's pppd doesn't do accounting, no. Yes it does, it's been doing it for quite a while, and every version in Debian has done it. Since when is support also in upstream? I looked Januari this year... Is this the one that's in the PPP CVS now? I don't think so, as I haven't published it earlier. There was a possibility that the guy who sponsored the development wanted to extend the embargo, that's why I kept it closed so far. I heard about that RADIUS support in ppp CVS just at the time I was almost with my solution. I needed some extra things like full MSCHAPv2 / MPPE support *via* RADIUS anyway, so I didn't think it worth it to look at it extensively. Cheers, ok Can Openradius execute any external program when "acct-stop" or "acct-start" is recieved ?? I want use openldap and change some data then the user finnish connection. Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Hi, On Wed, 19 Jun 2002, Russell Coker wrote: > On Wed, 19 Jun 2002 20:12, Emile van Bergen wrote: > > > Wanted to use xtradius but I can not find pppd working with radius (pppd > > > from portslave in such situation to work I think will not be). > > > > Portslave's pppd doesn't do accounting, no. > > Yes it does, it's been doing it for quite a while, and every version in > Debian has done it. Since when is support also in upstream? I looked Januari this year... > Is this the one that's in the PPP CVS now? I don't think so, as I haven't published it earlier. There was a possibility that the guy who sponsored the development wanted to extend the embargo, that's why I kept it closed so far. I heard about that RADIUS support in ppp CVS just at the time I was almost with my solution. I needed some extra things like full MSCHAPv2 / MPPE support *via* RADIUS anyway, so I didn't think it worth it to look at it extensively. Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
On Wed, 19 Jun 2002 20:12, Emile van Bergen wrote: > > Wanted to use xtradius but I can not find pppd working with radius (pppd > > from portslave in such situation to work I think will not be). > > Portslave's pppd doesn't do accounting, no. Yes it does, it's been doing it for quite a while, and every version in Debian has done it. > > The main thing that there was an opportunity --- to break off VPN > > connection through the certain time interval ( as SESSION_TIMEOUT in > > radius). Who did(made) something similar? Or someone has forced to > > work pppd without portslave with radius server ? > > My patch to add RADIUS support to pppd 2.4.1b2 is independent from > Portslave. It uses OpenRADIUS' packet encoder/decoder, and supports > > * Authentication through PAP, CHAP and MSCHAPv2 > * MPPE support with key derivation from RADIUS > * RADIUS accounting > * Multiple redundant RADIUS servers for both authentication and > accounting. > > You can find it at http://www.xs4all.nl/~evbergen/download/ . Is this the one that's in the PPP CVS now? -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: pppd+radius ?
Hi, On Wed, 19 Jun 2002, Maxim Kalinkevich wrote: > How it is possible to organize billing system for VPN clients connected > through ethrnet in a local network? Yes, if you have a pppd that does RADIUS accounting. A while ago, I did a patch for someone that does just that. > Wanted to use xtradius but I can not find pppd working with radius (pppd > from portslave in such situation to work I think will not be). Portslave's pppd doesn't do accounting, no. > The main thing that there was an opportunity --- to break off VPN > connection through the certain time interval ( as SESSION_TIMEOUT in > radius). Who did(made) something similar? Or someone has forced to > work pppd without portslave with radius server ? My patch to add RADIUS support to pppd 2.4.1b2 is independent from Portslave. It uses OpenRADIUS' packet encoder/decoder, and supports * Authentication through PAP, CHAP and MSCHAPv2 * MPPE support with key derivation from RADIUS * RADIUS accounting * Multiple redundant RADIUS servers for both authentication and accounting. You can find it at http://www.xs4all.nl/~evbergen/download/ . Cheers, Emile. -- E-Advies / Emile van Bergen | [EMAIL PROTECTED] tel. +31 (0)70 3906153| http://www.e-advies.info -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
