TCCRadius Version 99 - 07.08.1999
Talon Computer Consulting, Inc.
Copyright 1999

HTML Documentation
===================

This readme.txt file is designed to get you started with TCCRadius.
More advanced documentation can be found in the Docs directory.
Double-Click TOC.htm for the Table of Contents.

TCCRadius Setup Information
================================

1.  Setup an icon for the TCCRadius.exe file with a working
path (Start IN:) pointing to the location of the TCCRadius.exe file.
You must also add a command line parameter from the Command Line 
section below.

2.  Configure the config\Clients.cfg file with your NAS IP Addresses
and shared secret.

3.  Configure the config\NAS.cfg with a default configuration for each NAS unit.  This section allows setup for default parameters for each NAS.

******EXTREMELY IMPORTANT*********

4.  Configure the TCCRadius.cfg with the appropriate IP Address and Radius Auth Ports.  The IP Address field must be correct for TCCRadius to work.

Note:  Changes to Config files currently require a TCCRadius restart

5.  Create accounts or set the default user to one of the options listed below.

Using TCCRadius
================

TCCRadius works like any other radius package.  Currently, text authentication and ODBC is available.

Command Line Parameters
=======================

-xauth
Shows only authentication information in the Console window.

-xacct
Shows only accounting information in the Console window

-debug
Shows both accounting and authentication information in the Console window

-install
Install as a Service

-remove
Remove as a Service

Default User
============
Checking the .\Users directory, you will notice a "Default" user.  The "Default" user provides a little bit of flexibility with the package.

By changing the "Default" user's password to read "accept" (no quotes), all users will be accepted no matter what they use for a password.  This is a great failsafe mode if you have to get a Radius online in a hurry.

If you set the password to "update", each user will be accepted and an account record will be created for the user with the password used to login.

Just set the password to anything else to disable any of these options.

User Information
================
The default Radius information storage is a single text file with the user attributes listed and separated by a carriage return.

If the user needs to change a password or has forgotten his/her password you can have Radius update the user's Radius record.  Set the password field in the user's profile to read: password=update.  The next time that the user logs in, his Radius password will be updated with the new password he used to Login.

The tccradius parameters below are custom only to TCCRadius.

### Sample user file - filename = 'tccraduser'

Updated=04/17/1999 18:02:56
username=tccraduser
password=thisisapassword
framed-ip-address=192.168.0.1
tccradius-time-intervals=2
tccradius-start-time1=12:00
tccradius-stop-time1=20:00
tccradius-start-time2=21:00
tccradius-stop-time2=22:00

### Sample Explained
tccradius-time-intervals
The number of time limited intervals if applicable

tccradius-start-time & tccradius-stop-time
Start and stop time intervals respectively.  If a user does not login within these time frames, access will be denied.

Dictionary Files
================
Both the Lucent and Ascend Dictionary files are included in the config directory so that you may copy any attributes that you wish from there to the TCCRadius Dictionary.cfg file.

Authentication Parameters Explained
===================================

ODBC-CONNECTION-FAILED
Connection to the specified DSN could not be established.

ACCESS-ACCEPT
Access has been granted to this user

BAD-PASSWORD
Password is incorrect

NO-PASSWORD
Password not contained in packet sent from NAS

NO-USERNAME
Username not contained in packet sent from NAS

NO-REQUEST
Packet sent to Authentication Server was not a 
RADIUS Access Request packet

INVALID-CLIENT
Packet received, but client is not listed in clients.cfg

USER-NOT-FOUND
User did not have a radius database entry

USER-DBASE-ERROR
There was an error connecting to the specified database
while retrieving specified user's information.

UPDATE
Invoked password update response, user file will now be
updated with new users password.

UPDATE-ERROR
An error occurred while attempting to update the ODBC record.

UPDATE-DBASE-ERROR
There was an error connecting to the specified database
while updating the specified user's information.

TIME-VIOLATION
User tried to login outside of time restrictions placed upon him/her

USER-INACTIVE
User account is disabled by the 'tccradius-active=0' parameter

Deactivation
=============
To set an account as inactive, simply add the following parameter to the attributes section.
tccradius-active = 0

Any other value other than 0 will activate the account.

Using TCCRadius As A Service
============================

To install the TCCRadius services, simply type: tccradius -install
To remove the services, type:  tccradius -remove

Installation as a service loads three distinct services:

TCCRadius - Performs Authentication
TCCRadius Accounting - Handles Accounting
TCCRadius Administration - Interfaces with the TCCAdmin tool.

Remember to open the Services Applet in Control Panel and set all three services to Automatic rather than Manual.  If you wish to disable remote administration, you can disable the TCCRadius Administration Service.  If you wish to provide only Accounting or Authentication, you can disable either one.


User Query Function of the TCCAdmin Tool
==========================================
This function requires the AcctSum.log files to be created by TCCRadius with either of the following field parameters:

LogSummaryAttributes = 44,46,47,48

or

LogSummaryAttributes = 44,46,42,43


LogSummaryAttributes Explained:

44 = Acct-Session-ID
This must be logged first.
This is the unique ID of the user's session.

46 = Acct-Session-Time
This must be logged second.
This is the total time of a user's session in seconds.

47 = Acct-Input-Packets
This must be logged third.
This is the total packets received by the user.

48 = Acct-Output-Packets
This must be logged fourth.
This is the total packets sent by the user.

42 = Acct-Input-Octets
This must be logged third.
This is the total octets (bytes) received by the user.

43 = Acct-Output-Octets
This must be logged fourth.
This is the total packets (bytes) sent by the user.

Additional fields can be added to the summary, but the four listed above must be in place (and in order) to use the User Query tool.  See the Dictionary.cfg file and look at Attributes 40-60 for other accounting attributes.  See also RFC 2139.

Using TCCRadius With ODBC
=========================

TCCRadius uses ADO, the latest Microsoft technology wrapper for OLE-DB.  Therefore to use TCCRadius, you need to have the latest Microsoft Universal Data Access Components.  At the time of this release, the latest version was 2.1.1.3711.11 (GA) and could be found at http://www.microsoft.com/data/download.htm.  The main ADO website is at http://www.microsoft.com/ado.

You must have at least ADO Version 2.0 in order to use TCCRadius.

Setting Up ODBC
===============

1. Create a System DSN that points to the database that contains the usernames, passwords, and attributes.  See the included sample database for an example of what a very simple user database would look like.

2. Modify the TCCRadius.cfg file and put the name of the DSN that you have created.  The default is DSN = TCCRadius.

3. Verify the DSNUsername and DSNPassword match the System DSN information.  If you opted to not use passwords, comment out these entries with a #.

4. Verify that the Database Table information in the TCCRadius.cfg file matches your database.  

Default:

## ODBC/SQL Information
# All fields must be in the same table
Table = UserInfo
UsernameField = Username
PasswordField = Password
AttributesField = Attributes

Default Explained:

Table:  This is the name of the table inside the database that contains the username, password, and attributes.

Field Names:  If your field names differ from the standard Username, Password, and Attributes, you can change them here.

Example:

If your database had a table called AuthInformation and had the usernames in the User field and the Passwords in the Pass field, your entry would look like this:

## ODBC/SQL Information
# All fields must be in the same table
Table = AuthInformation
UsernameField = User
PasswordField = Pass
AttributesField = Attributes

Attributes ODBC Field
=====================

The attributes field works exactly the same as the attributes section in Text mode (see the Text Mode section), but the attributes would be semicolon delimited.

Example ODBC User:

Username:  Tom
Password:  pizzapie
Attributes: framed-ip-address=192.168.0.1;tccradius-time-intervals=2;tccradius-start-time1=12:00;tccradius-stop-time1=20:00;tccradius-start-time2=21:00;tccradius-stop-time2=22:00

ODBC-CONNECTION-FAILED
======================

Receiving this error indicates a failure to load the Microsoft ADO and connect to the SQL server.

Steps to take to correct this:
1. Upgrade to the latest Microsoft Universal Data Access Components.
2. Verify that you have a msado15.dll on your system, typically at this location:  c:\program files\common files\system\ado\msado15.dll
3. Verify that the System DSN you have created matches the same information specified in the TCCRadius.cfg file.

General Pricing Info
====================
TCCRadius is targeted toward small to medium ISPs.

Pricing for unlimited NAS: $300
Each Additional License:  $150
One-year subscription for free updates:  $150

Includes 30 days free email support.
Voice support contracts also available.

Feedback
========
Direct all feedback to support@tccsoftware.com

TCCSoftware Development Team
Talon Computer Consulting, Inc.
(877) 629-7828
