RADIUS stands for Remote Authentication Dial
In User Service and is a protocol for carrying
authentication, authorization, and configuration information between
a Network Access Server (NAS) which desires to authenticate its
links and a shared Authentication Server.
The protocol
originally was designed by the well known terminal server
manufacturer Livingston for use with their Portmaster series of
terminal servers. Since then it has been implemented by a lot of
other vendors and it is also on it's way to become a Internet
Standard.
First it asks the user for his loginname (if not supplied by getty) and his password.
Then it tries to find the login name either through a RADIUS server query or in the local passwd file or through both methods.
If the user is authenticated locally radlogin calls the local login program to spawn a login enviroment.
If the user is authenticated via RADIUS radlogin calls a special other login program which gets the information that was passed from the RADIUS server in enviroment variables.
In this special login program you can now either start a telnet/rlogin session or start up SLIP/CSLIP or even PPP based on the information from the RADIUS server. Furthermore you can send accounting information to a RADIUS accouting server via a program called radacct which is also part of Radiusclient.
Then unpack it in a directory which you normally use for keeping your source code. For example do:
cd /usr/src gzip -dc radiusclient-x.x.tar.gz | tar xvvf -
You now should have a directory called radiusclient-x.x in which all the source code of Radiusclient is stored.
First run configure --help to see if you need to enable any options. Then configure the sources by calling configure with the appropriate options.
Have a look at include/messages.h if you'd like to change some of the messages there. But normally you shouldn't.
Executing "make" builds the executables.
Executing "make install" will install the executables and example versions of all the needed config and data files. Be careful the installation process will overwrite existing files without asking you. Try "make -n install" to see which file gets were if you're unsure.
The installation procedure will only install a dummy login.radius script which just outputs all RADIUS_* environment variables and then exits.
You need to write your own login.radius if you want that the script does something useful. See the login.radius directory for example scripts.
You will have to look into radiusclient.conf and edit it.
Add the following two line to /etc/services if you don't already have them:
radius 1645/udp # RADIUS access requests radacct 1646/udp # RADIUS accounting requests
Get your getty to execute radlogin instead of the normal login process. The method of how to do this varies from getty to getty.
* - -/radlogin @
| Miguel A.L. Paraz <map@iphil.net> |
| Matjaz Godec <gody@master.slon.net> |
| Michael Lausch <mla@gams.co.at> |
If you like the Radiusclient software very much and/or are using it on a production machine please send my a postcard. My postal address is:
|
Lars Fenneberg Boettgerstrasse 29 22851 Norderstedt Germany |
|
||||||||||||
|
||||||||||||
|
||||||||||||