Emile van Bergen

About me

   RADIUS for pppd
   i386 debugger
   HTML menus

Technical articles
   Configuration data
   Non-recursive make
   Signals and Select
   Linux GUIs
      Library problems
      The GUI terminal

   CV (NL, pdf)...
   Resume (pdf)...

RADIUS for Linux pppd

This is an extensive patch for pppd 2.4.1(b2), implementing RADIUS client support including PAP, CHAP and MSCHAPv2 authentication, MPPE key derivation by the RADIUS server, and RADIUS accounting. It's based on OpenRADIUS' packet engine.

Other features are:

  • Servers for authentication and accounting can be specified separately, using the radius-auth-servers and radius-acct-servers options;
  • An unlimited number of redundant servers can be given for each;
  • Custom A/V pairs can be added to requests using the radius-avpair-auth, radius-avpair-acct-start and radius-avpair-stop options;
  • Configurable timeout periods and retry counts;
  • Assigns address specified by Framed-IP-Address in RADIUS response to the ppp peer, unless configured otherwise;
  • Other response attributes supported are Reply-Message, MPPE-Send-Key and MPPE-Recv-Key.

The patch is available under the GNU GPL. The necessary MPPE and MSCHAP patches are included as well. You can find it here. The latest version is ppp-2.4.1-vanilla-radclient-v2.1.patch.gz, which is built against ppp 2.4.1 instead of ppp 2.4.1b2.

After patching, go to the pppd/openradius_common subdirectory and type 'Make' (not needed for v2.1 and later). After that, build ppp as normal. Remember to copy the dictionaries in etc.ppp to /etc/ppp.

RADIUS authentication is then enabled by using '@radius' as the secret in /etc/ppp/chap-secrets or pap-secrets. You also need to supply the the desired servers using radius-auth-servers and radius-acct-servers; see the top of pppd/radius_client.c for more information.

Development was sponsored by Roam Technologies, Inc., the 2.0 versions by the University of Bristol.

Generated on Sun Feb 23 17:20:55 2014 by decorate.pl / menuize.pl