[pptp-server] Radius Support

[David Luyer]

Steve Langasek wrote:
> pptpd does not do authentication, it passes that part off to pppd.  If
> you have a pppd server that can authenticate (and accept IP 
> assignments)
> from a RADIUS server, that's all you need.  Note that, in order to
> support MPPE encryption in pptp, you must be able to do MSCHAPv2
> authentication over RADIUS.  As far as I know, the software to do this
> does not yet exist for Unix, although I'm currently hacking on Linux
> pppd and freeradiusd to provide this support.

There are a number of different ways to achieve pppd IP/auth via RADIUS
under Linux - I first did this with an erpcd and RADIUS using the same
back-end database and a pppd which talks to an erpcd, then I moved to
using "PortSlave" at the next site I did it at.

PortSlave includes changes to pppd to support RADIUS authentication and
accounting among other things.

The situations I've used pptpd in have been rather atypical, though,
and have not needed MPPE/MSCHAPv2.

If you also need to distribute routes as the interfaces go up and down,
gated will do that for you.  Zebra wasn't able to do things quite right
when I last tried.

David.
--
David Luyer                                     Phone:   +61 3 9674 7525
Network Manager                P A C I F I C    Fax:     +61 3 9699 8693
Pacific Internet (Australia)  I N T E R N E T   Mobile:  +61 4 1111 2983
http://www.pacific.net.au/                      NASDAQ:  PCNTF