pppd-radattr

pppd-radattr interface-name tty-device speed local-IP remote-IP [ipparam]

interface-name
    The name of the PPP network interface created (e.g., ppp0).

tty-device
    The name of the TTY device or network interface used for the PPP connection (e.g., /dev/ttyS0, eth0).

speed
    The speed of the connection in bits per second.

local-IP
    The local IP address assigned to the PPP interface on the server side.

remote-IP
    The remote IP address assigned to the PPP client.

[ipparam]
    An optional string parameter, if specified via the ipparam option in pppd's configuration.

The pppd-radattr command is a specialized utility or script primarily used in conjunction with the PPP Daemon (pppd) to process and apply RADIUS attributes received during a PPP session's authentication or accounting phase.

When pppd is configured to use a RADIUS plugin (like `radius.so`), the RADIUS server can return various attributes specific to the authenticated user or service. These attributes are then exposed to pppd's various hook scripts (such as ip-up, ip-down, or auth-up) as environment variables.

pppd-radattr's role is to parse these environment variables, which typically begin with `RADIUS_` (e.g., `RADIUS_Framed_IP_Address`, `RADIUS_DNS_Server_1`, `RADIUS_Session_Timeout`), and then perform actions based on them. These actions might include assigning a dynamic IP address to the PPP interface, configuring DNS servers for the connected client, applying specific routing rules, setting session-specific timeouts, or updating system logs.

It acts as a crucial link in dynamically provisioning and managing PPP connections based on policies defined in a central RADIUS server, enabling flexible and scalable network access.

pppd-radattr is typically not a standalone executable invoked directly by users. It is almost always a helper script or program that is invoked by the pppd daemon's various callback scripts (e.g., ip-up, ip-down, auth-up). Its exact implementation and behavior can vary significantly between different Linux distributions or custom system configurations, as it is often a shell script or a small program specifically written or adapted for a particular environment to handle RADIUS attributes.

The primary way pppd-radattr receives RADIUS attribute information is through environment variables passed to it by pppd. When pppd uses a RADIUS plugin, it typically populates the environment with variables prefixed with `RADIUS_` for each received RADIUS attribute. For example:
RADIUS_Framed_IP_Address: The IP address assigned to the client.
RADIUS_DNS_Server_1, RADIUS_DNS_Server_2: DNS server addresses.
RADIUS_Session_Timeout: Maximum session duration.
RADIUS_Acct_Session_Id: RADIUS accounting session identifier.
These environment variables allow the script to dynamically configure the system based on policies fetched from the RADIUS server.

In a common scenario, when a user connects via PPP (e.g., dial-up, PPPoE, PPTP), pppd authenticates them against a RADIUS server. The RADIUS server responds with attributes like the IP address the client should use, DNS servers, and potentially routing information. An ip-up script, after successful authentication, then invokes pppd-radattr. This script reads the RADIUS attributes from environment variables and uses them to configure the network interface for the PPP session (e.g., by adding routes, setting DNS, or applying firewall rules), thereby automating the dynamic assignment of network parameters to clients.

The concept behind pppd-radattr emerged with the widespread adoption of RADIUS as a central authentication, authorization, and accounting (AAA) protocol in large-scale network deployments, particularly for ISPs and corporate VPNs. As pppd gained RADIUS plugin capabilities, there was a growing need for a mechanism to automatically apply the dynamic configurations (like IP addresses, DNS servers, etc.) provided by the RADIUS server to the active PPP session. Rather than being a single, standardized command with a linear history, pppd-radattr represents a functional component or pattern implemented through various scripts and utilities over time to fulfill this crucial role in dynamic PPP session management.

pppd(8), radiusd(8), ip-up(8), ip-down(8), auth-up(8)