About This Guide

  The RADIUS for UNIX Administrator's Guide provides complete installation, configuration, and troubleshooting instructions for the Remote Authentication Dial-In User Service (RADIUS) invented by the InterNetworking Systems of Lucent Technologies, Inc.--formerly Livingston Enterprises, Inc. This guide covers RADIUS server release 2.1 for UNIX platforms.

  RADIUS can be used with the PortMaster® family of products available from Lucent InterNetworking Systems, as well as with the ChoiceNet® client/server packet-filtering software.

  To install and configure these products, see "PortMaster Documentation."

       Audience

  This guide is designed to be used by qualified system administrators and network managers. Knowledge of UNIX and basic networking concepts is required to successfully install RADIUS for UNIX. If you use RADIUS with third-party products--such as ActivCard or SecurID--you also must be familiar with their installation, configuration, and use.

       PortMaster Documentation

  The following manuals are available from Lucent InterNetworking Systems. The hardware installation guides are included with most PortMaster products; other manuals can be ordered through your PortMaster distributor or directly from Lucent.

  The manuals are also provided as PDF and PostScript files on the PortMaster Software CD shipped with your PortMaster.

  In addition, you can download PortMaster information and documentation from http://www.livingston.com .

•  ChoiceNet Administrator's Guide

    This guide provides complete installation and configuration instructions for ChoiceNet server software.

•  PortMaster Command Line Reference

    This reference provides the complete description and syntax of each command in the ComOS command set.

•  PortMaster Configuration Guide

    This guide provides a comprehensive overview of networking and configuration for PortMaster products.

•  PortMaster hardware installation guides

    These guides contain complete hardware installation instructions. An installation guide is shipped with each PortMaster.

•  PortMaster Routing Guide

    This guide describes routing protocols supported by PortMaster products, and how to use them for a wide range of routing applications.

•  PortMaster Troubleshooting Guide

    This guide can be used to identify and solve software and hardware problems in the PortMaster family of products.

•  RADIUS for UNIX Administrator's Guide

    This guide provides complete installation and configuration instructions for Lucent Remote Authentication Dial-In User Service (RADIUS) software on UNIX platforms.

•  RADIUS for Windows NT Administrator's Guide

    This guide provides complete installation and configuration instructions for Lucent Remote Authentication Dial-In User Service (RADIUS) software on the Microsoft Windows NT platform.

       ActivCard Documentation

  If you are using the ActivEngine and ActivAdmin products from ActivCard, Inc., refer to the current manual set for your software version.

  For UNIX, the current manuals are

•  ActivEngine for UNIX Systems Installation and Administration Guide
•  ActivAdmin for UNIX Systems User Guide

  Contact ActivCard for the manuals. Additionally, ActivCard might have application notes that you might find useful. See Appendix E, "Contact Information for Third-Party Products," for information on how to contact ActivCard, Inc.

       Security Dynamics Documentation

  If you are using the ACE/Server security software from Security Dynamics, Inc., refer to the current manual set for your software version.

  For UNIX, the current manuals are

•  ACE/Server v 2.3 Installation Guide
•  ACE/Server v 2.3 for UNIX Administration Manual

  Contact Security Dynamics for the manuals. See Appendix E, "Contact Information for Third-Party Products," for information on how to contact Security Dynamics, Inc.

       Additional References

       RFCs

  To find a Request for Comments (RFC) online, visit the website of the Internet Engineering Task Force (IETF) at http://www.ietf.org/ .

  RFC 768, User Datagram Protocol

  RFC 791, Internet Protocol

  RFC 1321, The MD5 Message-Digest Algorithm

  RFC 1700, Assigned Numbers

  RFC 1824, Requirements for IP Version 4 Routers 

  RFC 1825, Security Architecture for the Internet Protocol 

  RFC 1826, IP Authentication Header

  RFC 1827, IP Encapsulating Payload

  RFC 1828, IP Authentication Using Keyed MD5 

  RFC 1829, The ESP DES-CBC Transform 

  RFC 2138, Remote Authentication Dial In User Service (RADIUS)

  RFC 2139, RADIUS Accounting

       Books

  Building Internet Firewalls . D. Brent Chapman and Elizabeth D. Zwicky. Sebastopol, CA: O'Reilly & Associates, Inc., 1995. (ISBN 1-56592-124-0)

  DNS and BIND , 2nd ed. Paul Albitz and Cricket Liu. Sebastopol, CA: O'Reilly & Associates, Inc., 1992. (ISBN 1-56592-236-0)

  Firewalls and Internet Security: Repelling the Wily Hacker . William R. Cheswick and Steven M. Bellovin. Reading, MA: Addison-Wesley Publishing Company, 1994. (ISBN 0-201-63357-4) (Japanese translation: ISBN 4-89052-672-2). Errata are available at ftp://ftp.research.att.com/dist/internet_security/firewall.book .

  Internet Routing Architectures . Bassam Halabi. San Jose, CA: Cisco Press, 1997.
(ISBN 1-56205-652-2)

  Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architecture . Douglas Comer. Prentice Hall, Inc. 1995. (ISBN 0-13-216987-8 (v.1))

  Routing in the Internet . Christian Huitema. Upper Saddle River, NJ: Prentice Hall PTR, 1995. (ISBN 0-13-132192-7)

  TCP/IP Illustrated, Volume 1: The Protocols . W. Richard Stevens. Reading, MA:
Addison-Wesley Publishing Company. 1994. (ISBN 0-201-63346-9)

  TCP/IP Network Administration . Craig Hunt. Sebastopol, CA: O'Reilly & Associates, Inc. 1994. (ISBN 0-937175-82-X)

       Document Conventions

  The following conventions are used in this guide:

Convention	Use	Examples
Bold font	Indicates a user entry--a command, menu option, button, or key--or the name of a file, directory, or utility, except in code samples.	· Enter version  to display the version number.   · Press Enter .   · Open the permit_list  file.
Italic font	Identifies a command-line placeholder. Replace with a real name or value.	· set Ether0 address Ipaddress   · Replace Area with the name of the OSPF area.
Square brackets ([ ])	Enclose optional keywords and values in command syntax.	· set nameserver [2] Ipaddress   · set S0 destination Ipaddress [Ipmask]
Curly braces ({  })	Enclose a required choice between keywords and/or values in command syntax.	set syslog Logtype {[disabled] [Facility.Priority]}
Vertical bar (|)	Separates two or more possible options in command syntax.	· set S0|W1 ospf on|off   · set S0 host default|prompt|Ipaddress

       Document Advisories

  Note ¯ means take note. Notes contain information of importance or special interest.

 

  Caution ¯ means be careful. You might do something--or fail to do something--that results in equipment failure or loss of data.
  Warning ¯ means danger. You might do something--or fail to do something--that results in personal injury or equipment damage.

 

       Contacting Lucent InterNetworking Systems Technical Support

  The PortMaster comes with a 1-year hardware warranty.

  For all technical support requests, record your PortMaster ComOS version number and report it to the technical support staff or your authorized sales channel partner.

  New releases and upgrades of PortMaster software are available by anonymous FTP from ftp://ftp.livingston.com/pub/le/ .

  In North America you can schedule a 1-hour software installation appointment by calling the technical support telephone number listed below. Appointments must be scheduled at least one business day in advance.

       For the EMEA Region

  If you are an Internet service provider (ISP) or other end user in Europe, the Middle East, Africa, India, or Pakistan, contact your local Lucent InterNetworking Systems sales channel partner. For a list of authorized sales channel partners, see the World Wide Web at http://www. livingston .com/International/EMEA/distributors.html .

  If you are an authorized Lucent InterNetworking Systems sales channel partner in this region, contact the Lucent InterNetworking Systems EMEA Support Center Monday through Friday between the hours of 8 a.m. and 8 p.m. (GMT+1), excluding French public holidays.

•  By voice, dial +33-4-92-92-48-48.
•  By fax, dial +33-4-92-92-48-40.
•  By electronic mail (email) send mail to emea-support@livingston.com. 

       For North America, Latin America, and the Asia Pacific Region

  Contact Lucent InterNetworking Systems Monday through Friday between the hours of 7 a.m.
and 5 p.m. (GMT -8).

•  By voice, dial 800-458-9966 within the United States (including Alaska and Hawaii), Canada, and the Caribbean, or +1-925-737-2100 from elsewhere.
•  By fax, dial +1-925-737-2110.
•  By email, send mail as follows:

    ¯ From North America and Latin America to support@ livingston .com .

    ¯ From the Asia Pacific Region to asia-support@ livingston .com .

•  Using the World Wide Web, see http://www. livingston .com/ .

       PortMaster Training Courses

  Lucent InterNetworking Systems offers hands-on, technical training courses on PortMaster products and their applications. For course information, schedules, and pricing, visit the Lucent InterNetworking Systems website at http://www.livingston.com/tech/training/index.html .

       Subscribing to PortMaster Mailing Lists

  Lucent InterNetworking Systems maintains the following Internet mailing lists for PortMaster users:

•  portmaster-users --a discussion of general and specific PortMaster issues, including configuration and troubleshooting suggestions. To subscribe, send email to majordomo@ livingston .com  with subscribe portmaster-users  in the body of the message.

    The mailing list is also available in a daily digest format. To receive the digest, send email to majordomo@ livingston .com  with subscribe portmaster-users-digest  in the body of the message.

•  portmaster-radius --a discussion of general and specific RADIUS issues, including configuration and troubleshooting suggestions. To subscribe, send email to majordomo@ livingston .com  with subscribe portmaster-radius  in the body of the message.

    The mailing list is also available in a daily digest format. To receive the digest, send email to majordomo@ livingston .com  with subscribe portmaster-radius-digest  in the body of the message.

•  portmaster-announce --announcements of new PortMaster products and software releases. To subscribe, send email to majordomo@ livingston .com  with subscribe portmaster-announce  in the body of the message. All announcements to this list also go to the portmaster-users list. You do not need to subscribe to both lists.