billmax documentation   BillMax Billing Solutions
  877.245.5629
  sales@billmax.com
 
RADIUSD
Prev  Chapter 5. RADIUS related information  Next

Name

radiusd — Remote Authentication Dial In User Service Daemon - Customized for BillMax

Synopsis

/usr/local/billmax/radius/bin/radiusd [-d raddb_dir] [-a acct_dir] [-c cwd] [-C] [-P] [-p auth_port] [-q acct_port] [-f fsm] [-l format] [-pp auth_relay] [-qq acct_relay] [-g {[logfile] | [syslog] | [stderr]} ] [-t timeout] [-s] [-x] [-v] [-z] [-h] [-Q] [-T host] [-F] [-N mask] [-D]

DESCRIPTION

This version of the Interlink AAA radiusd server has been customized for use by BillMax. It is recommended that it be used for accounting purposes only.

The radiusd server handles Access-Requests for user authentication from RADIUS clients. These clients may be terminal servers, for example, a Network Access Server (NAS) or other RADIUS servers. Authentication requests come to radiusd in the form of UDP packets conforming to the RADIUS protocol.

The radiusd server collects authentication requests and processes them depending on their type (see the dictionary(5) man page). If so requested, radiusd may authenticate a user by calling upon other RADIUS servers, various authentication services, such as Kerberos, and operating system services, such as the UNIX system subroutines which access the /etc/passwd file.

Once a request is received, radiusd validates the sending client and then consults a local database of users (see the users(5) man page) to find a user name matching the request. The user entry contains a list of requirements which must be met to allow the user to be authenticated. This list normally includes verification of the password, but it may not, and it may also specify other requirements. If any condition is not met, radiusd sends an Access-Reject response. If all the conditions are met, a list of configuration values (reply items) are placed into an Access-Accept response. Such values as the type of service allowed and other values necessary to deliver that service are typically included.

The authfile, clients, dictionary and, optionally, the users files (plus optional, prefixed authfile and users files) are read into memory resident tables. As a purely unrelated informational side note, the current version of the Interlink AAA Server stores IP addresses internally in host byte order (as opposed to network byte order). A version of the Interlink AAA Server may be built that uses dbm(3) to refer to the users file (see builddbm(8) for more information). Please note that we do not actively support this feature and it may be deprecated in the future. Sending radiusd a HUP signal refreshes these internal tables. Sending radiusd a INT signal initializes only the AATV modules. Sending radiusd a USR1 signal turns on debugging much as the -x option does, except repeated use of the USR1 signal continues to increase the debugging level (see below, for more about the -x flag). Sending radiusd a USR2 signal turns off debugging altogether. Sending radiusd a TERM signal provides an orderly way of shutting down the the Interlink AAA Server.

Installing the Interlink AAA Server involves adding the following lines to the /etc/services file: 

#  RADIUS protocol
radius          1645/udp
radacct         1646/udp

Since the Interlink AAA Server exits after a configurable number of minutes (currently fifteen minutes) of inactivity, you may want to have the Interlink AAA Server run automatically when requests arrive. It is possible to override this default behavior buy supplying the -t0 option on the Interlink AAA Server's command line. So, for example, you may want to install the following line in your /etc/inetd.conf file: 

radius dgram udp wait root /usr/private/etc/radiusd radiusd

Note, that the Interlink AAA Server need not run as root (UID 0), although it normally is run that way. It may be safer to pick a less powerful user, say radius, which has no password and is used only for administrative purposes, unless the server needs superuser privilege to access some shadow password file. Also, do not forget to send a HUP signal to your running inetd process to force it to re-read its own database file, /etc/inetd.conf, into memory.

A configuration file (see the man page engine.config(5) for more information) is available to allow for runtime overriding of certain built-in default values. This is useful to control the operation of a running server without having to recompile the server from source. This is especially useful for those users with binary copies of the Interlink AAA Server.

OPTIONS

-d database_directory

Allows the user to override the default database and configuration file directory by specifying an alternate directory name containing the Interlink AAA Server authfile, clients, dictionary, radius.fsm and users configuration files instead of the default /usr/private/etc/raddb directory. See the authfile(5), clients(5), dictionary(5), radius.fsm(5) and users(5) man pages for more information.

-a accounting_directory

Allows the user to override the default accounting directory by specifying an alternate directory name to contain the standard RADIUS accounting detail files instead of the default /usr/private/etc/radacct directory.

-c current_working_directory

Allows the user to override the default current working directory by specifying an alternate directory name instead of the default /usr/private/etc/raddb directory. This option only affects file system operation for files specified with relative file names (no leading slash ("/") character).

-C

Enables the Interlink AAA Server to do token caching [Ascend].

-P

Enables the Interlink AAA Server to honor password changing requests [Ascend].

-p port

Allows the user to specify an alternate authentication port number instead of the default port 1645.

-q acct_port

Allows the user to specify an alternate accounting port number instead of the default port 1646.

-f fsm_file

Allows the user to specify an alternate FSM table file instead of the default radius.fsm file.

-l logformat

Specifies the optional strftime(3) format for the Interlink AAA Server logfile.

-n

Do not load the saved session state file [enhanced only].

-pp port

Allows the user to specify an alternate authentication relay port number instead of the default port 1645.

-qq acct_port

Allows the user to specify an alternate accounting relay port number instead of the default port 1646.

-g syslog|logfile|stderr

Allows the user to specify whether to use syslog(3) style, logfile style or stderr logging for warning, error and informational messages. It is possible to specify arbitrarily complex logfile file names using the -l option. The strftime(3) format string may be used to provide logfile renaming and optional compression on a yearly, monthly, weekly, daily, hourly or by the minute(!) basis. See the RADIUS_COMPRESS and RAD_LOG_DEFAULT_FILENAME macros in the radius.h include file.

-t timeout

Allows the user to specify a timeout value for the select(2) system call which is different from the default timeout value of fifteen minutes. If the -t option is given with a value of zero -t0 then the server is essentially put into a blocking mode, that is, it will never timeout and terminate, but will wait (at the select(2) call) forever.

-s

Places the Interlink AAA Server into the single process (non-spawning) mode.

-x

Allows the user to turn on debugging output:


-x minimal debugging output

-x -x above + FSM high level output + some function tracing.

-x -x -x above + remaining function tracing.

-x -x -x -x above + FSM low level output + low level config files.

Debugging output is directed to the radius.debug file. Since the -x option turns off some of the daemon behavior of the server (such as disconnecting from the controlling terminal, etc.) it is not a good idea to try running the server from (x)inetd(8) while specifying one or more -x options.

-v

Causes the Interlink AAA Server to place its version information onto stdout.

-z

Causes the Interlink AAA Server logfile and debug file to be emptied, but only if the debugging option -x is enabled. This option has no effect on the logfile if the -g option specifies syslog(3) style logging.

-u

Specifies to NOT read the users file into the internal data structures. This option is typically used when the Interlink AAA Server has been built to use the dbm(3) support library.

-h

Show help for this program.

BillMax Options

-Q

Do not send response packets to the NAS.

-T host

Forward a copy of received packets to a shadow server.

-F

Use the BillMax billing enhancements. As accounting packets are received, they are processed by BillMax.

-M mask

mask is compared to service.resources field. Services for which the bit representation of mask intersects the bit representation of service.resources are considered when mapping a login name to a BillMax Service.

-D

Do not cut off the domain name from a login name. By default, the name with which a customer authenticates is compared against the service.d01 field to identify the appropriate BillMax Service for which accounting data is to be associated. Specifying -D causes the '@' character and any characters after the '@' character to be removed before the comparison is performed.

EXIT STATUS


255 (-1)  dict_init
254 (-2)  config_init
253 (-3)  init_fsm
252 (-4)  config_files
251 (-5)  disconnect
250 (-6)  open PID file
249 (-7)  SIG_FATAL
248 (-8)  usage
247 (-9)  user_update
246 (-10) version
245 (-11) setupsock (can't bind, is the Interlink AAA Server already running?)
244 (-12) init_id_to_key
243 (-13) list_copy
242 (-14) find_state
241 (-15) chdir
240 (-16) hostname
239 (-17) SC_OPEN_MAX error
238 (-18) exit on SIGQUIT

Also, look in the logfile, or syslog(3) entries, depending upon configuration, for information about error termination conditions.

FILES

/usr/private/etc/raddb/*

Directory containing Interlink AAA Server configuration and database files.

/etc/passwd

Contains user passwords for UNIX users.

/etc/(x)inetd.conf

Holds configuration information for (x)inetd(3).

/etc/services

Contains lists of TCP/UDP services and their port numbers.

/etc/shells

Used to check the user's shell entry in /etc/passwd.

users.dir

Directory file for dbm(3) support of the users file.

users.pag

Data file for dbm(3) support of the users file.

SEE ALSO

select(2), dbm(3), signal(3), strftime(3), syslog(3), authfile(5), clients(5), dictionary(5), engine.config(5), users(5), (x)inetd.conf(5), services(5), builddbm(8), radcheck(8), radpwtst(8), (x)inetd(8)

Prev  Up  Next
Chapter 5. RADIUS related information  Home  billmax.attributes
Document Revision A for BillMax 2.2.0   -   Copyright © 1997-2006 The iSpark Group, Inc.

All rights reserved. No part of this documentation may be reproduced or transmitted in any fashion without written permission by The iSpark Group, Inc. This documentation is for the sole use of licensees of the BillMax billing software created by The iSpark Group, Inc. Making the documentation available to a non-licensee of BillMax without written permission of The iSpark Group, Inc. is a violation of the use of this documentation.

While precautions have been taken in the preparation of this documentation, The iSpark Group, Inc. assumes neither liability nor responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

All terms mentioned that are known to be trademarks have been appropriately capitalized. Use of the a trademark does not affect the validity of any trademark or service mark.

Links to third-party Web sites are provided for convenience. The iSpark Group, Inc. is not responsible for any content contained in the third-party Web sites.

Comments about this documentation may be sent to doc@billmax.com