This page is available on our web site as
http://www.livingston.com/Tech/Docs/RADIUS/radfaq.shtml (or go to our
home page, click "What's New," click "RADIUS 2.0," click "Frequently
Asked Questions"). I'm also emailing it to the list for the first few
days since it's being updated rapidly and will hopefully spare the list
a lot of repeated questions.
Remember that support questions should go to support@livingston.com and
comments on the RADIUS web pages should go to radoc@livingston.com.
Q. When will RADIUS 2.0 be out?
Yesterday.
Q. I'm unable to FTP the BSDI or HP radius tar files.
We've had a few reports of this. We've verified that the files are intact
and that they get to our service provider intact, and are tracing whether
they are being corrupted in transit. If you are having this problem,
please get the compressed version of the files (radius2.tar.gz or
radius2.tar.Z) instead and email the following information to
josh@livingston.com so we can track the problem to its source: Your
hostname, The output of "uname -a" on the system your FTPing from, the
files you're attempting to get, and a traceroute to ftp.livingston.com
from your site (if you have traceroute). If you cannot successfully get
the compressed version of the files, please open a service call at
800-458-9966 or 1-510-426-0770 or email to support@livingston.com and
include all the above information.
Q. RADIUS server 2.0 is not using my shadow password files on Linux.
The wonderful thing about Linux is that there are so many to choose from.
We're working on adding support for Linux shadow passwords (and assorted
flavors of DBM) and we'll post any results here.
Q. radiusd on my Linux is complaining about being unable to move a
clcache.lock.pag file.
The wonderful thing about Linux is that there are so many to choose from.
Some flavors of Linux use a different DBM than our build platform (Linux
1.2.13 ELF) does; we're investigating how to broaden our support for Linux.
Q. Does it run on NT?
Not yet, but we plan to offer it on NT later. Here is a list of supported
platforms.
Q. When will it run on NT?
You'll be the first to know!
Q. When will source be available?
Source will be available at no charge to Livingston customers on our
November Software CD. We're investigating methods of making source
available by HTTP or FTP while still maintaining the license. If you have
suggestions feel free to email webmaster@livingston.com. He loves mail.
Q. Can it limit users to a single login at a time?
No. You can still use the Merit or ESVA radius servers for that, though.
Q. Can I have a user switch between PPP and Telnet service based on username
(Pfred vs. fred)?
Easily. Here's an example using Prefix.
Q. Can I prompt the user to choose a service after authentication?
Easily, with menu support. Here's how to use menus.
Q. How do I upgrade from RADIUS 1.16 to RADIUS 2.0?
Upgrading is simple. Get the binary release, copy the dictionary file from
that to your /etc/raddb/dictionary file (it's backwards compatible), copy
the new radiusd to /etc/radiusd or wherever you prefer, kill your old
radiusd, start the new radiusd. If you were using the DBM version of
radiusd 1.16, for radiusd 2.0 you would run "radiusd -b"instead. You no
longer have to recompile radiusd in order to use DBM.
The names of certain attributes have been changed. Both the old and new
names for the attribute are accepted in the users file, but the accounting
logs will use the new names. Either update your accounting scripts or
modify the 2.0 dictionary according to the instructions near the top of
the dictionary file in order to still use the old names for the accounting
log. New accounting scripts that work with both RADIUS 1.16 and RADIUS 2.0
are available at ftp://ftp.livingston.com/pub/le/radius/scripts/.
Q. When's ChoiceNet coming out?
It's in Beta, but we're not going to announce a ship date until it's
ready. We're aware it is very eagerly desired by many of our customers,
but we will not ship security software until it meets our standards.
Q.What else is on the November Software CD? How much does it cost?
The November Software CD Our Software CD is available to our customers at
no charge; you can get one shipped to you as soon as its available by
filling out a request for one on our web site, and we'll be including it
with PortMasters we ship when we run out of our October CD. Note that its
NOT available yet! We'll announce it on the web site when it ships.
The software CD includes RADIUS in binary and source form, upgrade images
for all our products, PostScript and PDF for all our manuals, PMconsole
and utilities for all platforms (including PMconsole for Windows).
Q. Does it run on Linux for Alpha?
If it's not on the list of supported platforms it is not available in
binary form. The source compiles on Linux for X86 and is 64-bit clean (for
Alpha OSF/1) so we'd expect it to be easy to compile on Linux for Alpha,
once we make the source available.
Q. Does it run on HP-UX 9.X?
Our binary release supports HP/UX 10.01, my understanding is that HP isn't
binary compatible between 9.X and 10, so this binary release won't run on
9.X. We'd expect the source code to compile on 9.x using gcc. (The HP-UX
9.x native compiler has a bug that affects radiusd so we advise using
gcc.)
Q. Does it run on FreeBSD?
If it's not on the list of supported platforms it is not available in
binary form. The source will be out soon and we'd expect that to be easy
to port to FreeBSD, since it runs on BSD/OS and Linux already. You may be
able to run the BSD/OS binaries on FreeBSD, if you try that and it works
let radoc@livingston.com know what release of FreeBSD it ran under and
we'll update this answer.
Q. If I use the SecurID ACE/Server with RADIUS what is the protocol between the
ACE/RADIUS servers and the client program? Does RADIUS support master/slave
configuration?
We link the RADIUS server with the securID library and call their API
routine to verify the user. The user types in the PIN and the code
displayed on the SecurID card at the Password prompt on the PortMaster,
the PortMaster sends it to the RADIUS server, the RADIUS server calls the
securID subroutine to authenticate the user, which returns back Yes, No,
or Ask for Next Cardcode (to resynchronize), which the RADIUS server
dutifully relays back to the PortMaster. Our RADIUS server requires the
ACE/server (either a master or a slave) to be running on the same host as
the RADIUS server, so if you have a backup RADIUS server you can put a
slave ACE/server there for resilience. For more info on RADIUS and SecurID
see the SecurID chapter of the RADIUS Administrator's Guide. For more info
on SecurID see the SecurID web site.
Q. How do I do CHAP Authentication with RADIUS?
CHAP Authentication automatically works with Auth-Type = Local (cleartext
passwords), you don't have to do anything special on the RADIUS server to
permit it. See the manual for more information on using CHAP.
More Coming Soon
-------------------------------------------------------------------------------
© Copyright 1996, Livingston Enterprises, Inc. Revised Friday October 25, 1996
18:31 PDT