RADIUS Daemon

[ Installation ] [ Example Radius Profiles ]

 

Radius (Remote Authentication Dial In User Service) is a protocol that has been developed by Livingston (www.livingston.com) / IETF for remote-access dial-up authenticating of users, using the latest developments in technology. This protocol is supported by various equipment manufacturers, including Ascend. The Ascend MAX 4000’s have a limited number of local profiles per box. As a result accounting becomes impossible with only this small number of profiles. Livingston manufacturers of ISDN equipment saw that this could led to problems and thus designed the radius protocol, with the ability to store many more profiles.

Installing the Ascend Radius Daemon


Obtain radius_970213.tar.gz or the current radius daemon from ftp.ascend.com/pub/Software-Releases/Radius/Current

gunzip radius-970213.tar.gz
tar xvf radius-970213.tar


cd radius-970213/radius-1.16-ascend/ascendd

vi Makefile (to perform a search within vi type /-DOSUN)

(Comment Out)         #CFLAGS= -O -DNOSHADOW -DOSUN -DBINARY_FILTERS -DASCEND_SECRET -DASCEND_LOGOUT $(AUTH_SERVERS)
(Uncomment)           CFLAGS= -O -Dsys5 -DSOLARIS -DBINARY_FILTERS -DASCEND_SECRET -DASCEND_LOGOUT $(AUTH_SERVERS)
(Comment Out)        #LIBS= -lnsl $(AUTH_LIBS) # use this for SunOS
(Uncomment)           LIBS= -lnsl -lsocket $(AUTH_LIBS) # use this for Solaris 2.x
(Comment Out)        #DBMLIBS= -ldbm
(Uncomment)           DBMLIBS=


make

cp radipad /usr/local/bin

cp radiusd /usr/local/bin

cp radiusd.dbm /usr/local/bin

cp builddbm /usr/local/bin

cp ../man1/* /usr/man/man1

mkdir /var/adm/radacct

mkdir /etc/raddb

cp ../raddb/dictionary /etc/raddb

vi  /etc/raddb/clients

#
# This file contains a list of clients which are allowed to
# make authentication requests and their encryption key.
# The first field is a valid hostname for the client.
# The second field (seperated by blanks or tabs) is the
# encryption key.
#
#Client Name Key
#---------------- -------------------
MAX1 AuthKey
MAX2 AuthKey

vi /etc/raddb/users

steve Password = "mypassword"
User-Name="Steve Warner",
User-Service = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 192.168.128.1,
Framed-Netmask = 255.255.255.0,
Ascend-Link-Compression = Link-Comp-Stac,
Ascend-Data-Filter = "ip in forward dstip 158.152.122.1/32",
Ascend-Data-Filter = "ip out forward",
Ascend-Metric = 2,
Framed-Routing = None,
Ascend-Idle-Limit = 30

chmod 400 /etc/raddb/*

chown root /etc/raddb/*

vi /etc/rc2.d/S98radius

#
# Start up radius for remote users
#
if [ -f /usr/local/bin/radiusd ]; then
/usr/local/bin/radiusd; echo -n ' radiusd'
fi
#
# Start up radipad for remote users
#
#if [ -f /usr/local/bin/radipad ]; then
# /usr/local/bin/radipad; echo -n ' radipad'
#fi

vi /etc/services

radius 1645/udp          # Radiusd
radacct 1646/udp         # Radius Accounting
radipad 9992/tcp           # Radius IP Address Allocation


Example Radius Profiles

 

user1 Password = "mypassword"
    User-Name="user1",
    User-Service = Framed-User,
    Framed-Protocol = MPP,
    Ascend-Assign-IP-Pool = 5,
    Ascend-Send-Auth = Send-Auth-CHAP,
    Ascend-Link-Compression = Link-Comp-Stac,
    Ascend-Data-Filter = "ip in forward dstip 192.168.128.1/32 # tcp dstport = 20",
    Ascend-Data-Filter = "ip in forward dstip 192.128.128.1/32 # icmp",
    Ascend-Data-Filter = "ip out forward srcip 192.168.128.1/32 # ip",
    Ascend-DHCP-Pool-Number = 5,
    Ascend-DHCP-Maximum-Leases = 16,
    Ascend-Metric = 7,
    Framed-Routing = None,
    Ascend-Idle-Limit = 240

user2 Password = "mypassword"
    User-Name="user2",
    User-Service = Framed-User,
    Framed-Protocol = MPP,
    Framed-Address = 192.168.129.1,
    Framed-Netmask = 255.255.255.0,
    Ascend-Send-Auth = Send-Auth-CHAP,
    Ascend-Link-Compression = Link-Comp-Stac,
    Ascend-Data-Filter = "ip in forward dstip 192.168.128.1/32 # tcp dstport = 20",
    Ascend-Data-Filter = "ip in forward dstip 192.128.128.1/32 # icmp",
    Ascend-Data-Filter = "ip out forward srcip 192.168.128.1/32 # ip",
    Ascend-Metric = 7,
    Framed-Routing = None,
    Ascend-Idle-Limit = 240

user3 Password = "mypassword"
    User-Name="user3",
    User-Service = Login-User,
    Login-Service = Telnet,
    Login-Host = 192.168.128.1,
    Login-TCP-Port = 25

user4 Password = "ascend"
    User-Name = "user4",
    User-Service = Dialout-Framed-User,
    Framed-Protocol = PPP,
    Framed-Address = 158.152.122.1,
    Framed-Netmask = 255.255.0.0,
    Ascend-Data-Svc = Switched-64K,
    Ascend-Send-Auth = Send-Auth-CHAP,
    Ascend-Link-Compression = Link-Comp-Stac,
    Ascend-Data-Filter = "ip in forward dstip 192.168.128.1/32",
    Ascend-Data-Filter = "ip out forward srcip 192.168.128.1/32",
    Ascend-Metric = 7,
    Framed-Routing = None,
    Ascend-Idle-Limit = 30,
    Ascend-Send-Passwd = "ascend",
    Ascend-Dial-Number = "01712345678"

route-MAX1 Password = "ascend", User-Service = Dialout-Framed-User
    Framed-Route = "192.168.129.0/24 192.168.128.254 8",
    Framed-Route = "158.152.0.0/16 158.152.122.1 8 n user4"

 

Last Updated 28 January 2001


Home | Networking | Teletext | About Us
Copyright © 1997 - 2005 Business Direct Services Limited. All other trade marks acknowledged.
Using the products and services of Business Direct Services Limited confirms acceptance of their terms and conditions.