Overview
In order to setup a Linux terminal server we need to have PPP-RADIUS and RADIUSCLIENT installed.
PPP-RADIUS is used for PAP authentication while RADIUSCLIENT is used for 'scripted' logins.
But the installation of PPP-RADIUS is dependent in compiling successfully the RADIUSCLIENT's ELF shared library. In short, PPP-RADIUS is still dependent on RADIUSCLIENT.
In this section, I will discuss about installing PPP-RADIUS for PAP authentication while I'll cover RADIUSCLIENT and 'scripted' authentication in other discussions.
I recently used Redhat 6.2 with PPP-RADIUS 2.3.8 and RADIUSCLIENT 0.31. Now to install PPP-RADIUS, we first install RADIUSCLIENT.
Installing RADIUSCLIENT 0.31
RADIUSCLIENT must be patched to support remote RADIUS authentication and accounting, see radiusclient-0.3.1.patch. Several constants needed by PPP-RADIUS are defined in this patch of RADIUSCLIENT. Before compiling we need to copy some files from the libtool package included with RH 6.0 to where RADIUSCLIENT was extracted. This is needed since we have a new system, and the libtool files included with RADIUSCLIENT are obsoleted.
Here are the needed libtool files:
/usr/bin/libtool
/usr/share/libtool/config.guess
/usr/share/libtool/config.sub
/usr/share/libtool/ltconfig
/usr/share/libtool/ltmain.sh
/usr/share/libtool/config.sub (creates libradiusclient.so.0.0.1)
Make sure to backup all files in /etc/radiusclient directory because
option '--sysconfdir=/etc' and 'make install', sample files will be
copied to /etc/radiusclient.
Now we run 'configure':
./configure --enable-shadow --sysconfdir=/etc
Then we compile and install:
make
make install
This will also install the needed ELF shared library 'libradiusclient.so.0.0.1' in '/usr/local/lib'.
We make a soft link called '/usr/lib/libradiusclient.so.0' to '/usr/local/lib/libradiusclient.so.0.0.1'. This soft link is used by ppp-2.3.8. Another way of avoiding this is to use the option '--libdir=/lib'. This is just a matter of preference.
Installing PPP-RADIUS 2.3.8
After installing the library of RADIUSCLIENT, we now install PPP-RADIUS.
Inside ppp 2.3.8, we apply ppp-2.3.8-radius.patch for pppd to support RADIUS. Then we apply my unofficial patches:
+ radius.c.patch - patch for client port bug
+ auth.c.patch - patch for erroneous PAP authentication with RADIUS
My unofficial patches should be checked against future releases of the pppd package. After applying the patches we do:
./configure
make USE_RADIUS=y RADIUS_CONF=/etc/radiusclient/radiusclient.conf
make install
This will install the binary file '/usr/sbin/pppd-radius'. This is called by the script '/usr/sbin/pppd-radius-start'.
Editing some configuration files
+ Edit '/etc/mgetty+sendfax/login.config' and add the ff. line:
/AutoPPP/ - - /usr/sbin/pppd-radius-start
+ Edit '/etc/ppp/pap-secrets' and add the ff. line:
# Secrets for authentication using PAP
# client server secret IP addresses
*
*
""
*
+ Edit '/etc/inittab' and add a similar line:
# listen on COM4
s0:345:respawn:/sbin/mgetty ttyS3 -s 38400 -D -n 1
RADIUS files
+ Setup '/etc/ppp/ip-up.local' and '/etc/ppp/ip-down.local' files if you want to manipulate RADIUS' environment variables, see radiusclient-0.3.1/login.radius/migs.
SOURCES
+ radiusclient-0.3.1.tar.gz is available at http://www.cityline.net/~lf/radius/.
+ ppp-2.3.8.tar.gz is available at here.
NOTE:
+ Some old parameters are not supported in pppd-radius 2.3.8 so here's a sample pppd-radius-start file.
+ Some keywords in the old radiusclient.conf are not supported anymore and new ones were introduced, so make the necessary comparison.
+ Make sure to enable PPP and Advanced Firewall support in your kernel (v2.2.x)
+ Enable ip forwarding on your terminal server: echo "1" > /proc/sys/net/ipv4/ip_forward (kernel v2.2.x)
09272001/rev9
bench@surfshop.net.ph