RADIUS authentication plugin for pppd(8)
pppd [ options ] plugin radius.so
The RADIUS plugin for pppd permits pppd to perform PAP, CHAP, MS-CHAP and MS-CHAPv2 authentication against a RADIUS server instead of the usual /etc/ppp/pap-secrets and /etc/ppp/chap-secrets files.
The RADIUS plugin is built on a library called radiusclient which has its own configuration files (usually in /etc/radiusclient), consult those files for more information on configuring the RADIUS plugin
The RADIUS plugin introduces one additional pppd option:
- radius-config-file filename
- The file filename is taken as the radiusclient configuration file. If this option is not used, then the plugin uses /etc/radiusclient/radiusclient.conf as the configuration file.
- avpair attribute=value
- Adds an Attribute-Value pair to be passed on to the RADIUS server on each request.
- Sets Radius NAS-Port attribute to number equal to interface name (Default)
- Sets Radius NAS-Port attribute value via libradiusclient library
To use the plugin, simply supply the plugin radius.so option to pppd, and edit /etc/radiusclient/radiusclient.conf appropriately. If you use the RADIUS plugin, the normal pppd authentication schemes (login, checking the /etc/ppp/*-secrets files) are skipped. The RADIUS server should assign an IP address to the peer using the RADIUS Framed-IP-Address attribute.
David F. Skoll <email@example.com>