This is an extensive patch for pppd 2.4.1(b2), implementing RADIUS client
support including PAP, CHAP and MSCHAPv2 authentication, MPPE key derivation by
the RADIUS server, and RADIUS accounting. It's based on OpenRADIUS' packet
engine.
Other features are:
Servers for authentication and accounting can be specified separately,
using the radius-auth-servers and radius-acct-servers options;
An unlimited number of redundant servers can be given for each;
Custom A/V pairs can be added to requests using the radius-avpair-auth,
radius-avpair-acct-start and radius-avpair-stop options;
Configurable timeout periods and retry counts;
Assigns address specified by Framed-IP-Address in RADIUS response to
the ppp peer, unless configured otherwise;
Other response attributes supported are Reply-Message, MPPE-Send-Key and
MPPE-Recv-Key.
The patch is available under the GNU GPL. The necessary MPPE and MSCHAP patches
are included as well. You can find it here.
The latest version is ppp-2.4.1-vanilla-radclient-v2.1.patch.gz, which is built
against ppp 2.4.1 instead of ppp 2.4.1b2.
After patching, go to the pppd/openradius_common subdirectory and type
'Make' (not needed for v2.1 and later). After that, build ppp as normal.
Remember to copy the dictionaries in etc.ppp to /etc/ppp.
RADIUS authentication is then enabled by using '@radius' as the secret in
/etc/ppp/chap-secrets or pap-secrets. You also need to supply the the
desired servers using radius-auth-servers and radius-acct-servers; see the top
of pppd/radius_client.c for more information.
Development was sponsored by Roam Technologies, Inc., the 2.0 versions by the
University of Bristol.
