		       I. Installation
	            ---------------------
    
    Before installing, take a glance at doc/MACHINES, it
    may describe some issues, specific to your configuration.
    To install the package, do:

    1. ./configure [options]

    For the list of available options consult file INSTALL.
    The applications-specific options are:
			      			      	
    --enable-yydebug
	Enable parser debugging. The parser debugging can be useful to
	track down errors in configuration files such as /etc/raddb/users
	and /etc/raddb/config.
	
	To enable the debugging on a given file, its first line should
	start with the following statement:
    
		#debug

	Debugging output goes to stderr or to the file
	/var/log/radius.stderr if such file exists.

    --disable-debug
	Disable debugging functions. This results in slightly more compact
    	code, but makes configuration issues difficult to debug. Use at
    	your own risk.

    --with-auth-port=NUMBER
	Specify port number to use for authentication. Default is 1645.
        The default port number for accounting is computed as auth_port + 1.

    --with-include-path=STRING
	Specify any additional include directories that are required for
	your configuration. Multiple directories are separated by colons.

    --with-lib-path=STRING
	Specify any additional library directories that are required for
	your configuration. Multiple directories are separated by
	colons.

    --enable-shadow
	Enable shadow support. Use this only if ./configure was unable to
        correctly determine if it should use the shadow support.

    --enable-pam
    	Enable PAM support.
	
    --enable-securid
	Enable SecurID support.  This option automatically detects libaceclnt.a
	first and then falls back to sdiclient.a.  However, on OS's that
	require a lib prefix to recognize a library it may be necessary to
	ln -s sdiclient.a libsdiclient.a before running configure.  In
	addition it may be necessary to set --with-lib-path and
	--with-include-path to include the directory containing the Ace
	client libraries.
	
	The code has been tested with 3.3.1 and 5.02 libraries against a
	4.1 ACE/Server.  However, experience shows that all libraries after
	2.3 (and possibly earlier) work with ACE/Server 2.3 onwards.  The
	reverse (where the library is newer than the server) may not be the
	case except with 5.02 and (presumably) later versions.

        Notice, that you may wish to enable extended request comparison
        in radius configuration to avoid account blocking problems. See
        doc/README.securid for more information on the subject.

    --enable-dbm[={dbm|ndbm}]
	Enable dbm support. If no argument is specified, usual DBM is
	assumed. The `ndbm' argument instructs to enable support of NDBM.
		
    --with-mysql
	Enable MySQL support. Usually this requires adding appropriate
	--with-lib-path and --with-include-path options.
    
    --with-postgres
	Enable PostgreSQL support. Usually this requires adding appropriate
	--with-lib-path and --with-include-path options.

    --with-sybase
	Enable Sybase support. Usually this requires adding appropriate
	--with-lib-path and --with-include-path options.  Note that with
	Sybase the SYBASE environment variable must be set appropriately
	before running the server.  In addition, the name specified in the sql
	server parameter must have an entry in the interfaces file and the
	port option is ignored.
    
    --with-odbc[={odbc|iodbc}]
        Configure to work with ODBC. This is an experimental feature, it
        has not been tested thoroughly.
    
    --without-guile
	Do not compile Guile support.

    --without-server-guile
	Do not compile server Guile support

    --with-client
	Build client programs. Requires presence of Guile >=1.4 and
	PAM on your system.

    --with-pamdir=DIR
	Install PAM modules in the given DIR. Default is
    	$prefix/lib/security.

    --enable-snmp
	Enable SNMP support.

    --enable-livingston-menus
        Enable support for Livingston-compatible menus.

    --enable-deny-shell=SHELL
	Always reject users with given shell.

    2. Run make.

    The GNU make is preferred.

    3. Check it.

    You can check the functionality of the package without installing
    it. To do so, run

	make check.

    Two test suites are provided:
    
	* The shell-based test suite (located in test/shell)
	* The DejaGNU-based test suite (located in test/dejagnu)

    Basically, both suites contain the same tests. The DejaGNU-based
    test suite allows for remote testing of the package. For instructions
    on how to test the package remotely, refer to file test/dejagnu/README.
    
    4. make install

    5. If you wish to install manual pages, do 

    make install-man.

    Please note, that the information in man pages is no longer being
    maintained and can therefore be inaccurate or incomplete. The
    Info files are the authoritative documentation. 

		       II. Creating SQL database.
		    -------------------------------

    Follow the procedure, described below if you have configured
    Radius with SQL support:
    
    1. Change to the subdirectory db/
    2. Edit file config.m4. Most of its contents is commented out, so
       uncomment anything that may be needed. Variables are:
    
    server   - SQL server name or IP address
    port     - port to connect to

	User credentials for creator of the database:
    
    CREATOR  - SQL username. This user must have create privileges.
    CREATOR_PASSWORD - SQL password.

	User credentials for the owner of the database:
    
    DB_USER  - SQL username.
    DB_PWD   - SQL password.
    (These must coincide with the values in raddb/sqlserver file)
    
    3. Depending on the type of SQL server you are using, run either
       `make mysql' or `make pgsql'.

       To get the database structure without creating it, run
       `make mysql.struct' or `make pgsql.struct'.
    
		       III. Upgrade
		    -------------------

    Please, read file NEWS. It describes many features, introduced
    with version 0.96.
               
    If you are upgrading from GNU Radius 0.94 or 0.95, you will need
    to run script scripts/config-conv. It converts old raddb/config to
    the new format. It assumes /usr/local as default prefix. If you have
    installed the previous version of radius under a different prefix, run

	scripts/config-conv --prefix=PATH

    The script will create a backup copy of your old config file in your
    raddb directory (It will name it config~). Please, take a look at
    converted file, and edit it to your liking.

    
		       IV. Configuring
		    ----------------------

    Be sure to read accompanying documentation. The online documentation
    is available at http://www.gnu.org/software/radius/manual.
    If you need help, subscribe to <help-gnu-radius@gnu.org> and send your
    questions there. To subscribe, visit

    http://mail.gnu.org/mailman/listinfo/help-gnu-radius

    Before asking a question, it will be a good idea to look through
    the mailing archives on the same page, as they might already
    contain the answer.
        
		       V. Testing.		
		    ------------------

    Both commands described below use the configuration file
    raddb/client.conf. See the documentation for the detailed
    description of it.
    
    Use radauth to send authentication requests to the running
    server. The invocation syntax is:

            radauth [-v][-sSERVER:SECRET[:PORT]] username [pass]

    The -v (--verbose) option produces verbose output. The -s (--server)
    option allows to set the parameters of the radius server to send
    the request to.
    
    If you have guile version 1.4 or better installed, you can use
    radsession script to send authentication/accounting requests
    to the server. To do so, you will first need to edit your
    raddb/client.conf file. The template installed from the distribution
    should suffice to test the server in default configuration.

    1. To test authentication do

	radsession -l LOGIN -p PASSWD -P PORT-ID --auth

    2. To test accounting do

	radsession -l LOGIN -p PASSWD -P PORT-ID -s SESSION-ID --start
     or
	radsession -l LOGIN -P PORT-ID -s SESSION-ID --stop

    Here,
	LOGIN		is the user's login name
	PASSWD		is his password. Use `.' (dot) to get prompted
			for the password as passwd(1) does.
	PORT-ID		is the port number
	SESSION-ID	is a session ID (a string uniquely identifying
			the session). It can be an arbitrary string
			when used with --start option. It should be
			a session ID of a previously started session
			when used with --stop option.

    For example, supposing user `hamlet' has an entry in the users file,
    the following would authenticate it and open a session for it:

	radsession -l hamlet -p guessme -P 1 -s "0001" --start

    Now, if you run radwho, you would get something like:

     Login             Name What  TTY     When     From        Location
hamlet           hamlet      PPP  S001  Mon 07:22 localhost    255.255.255.254

    radlast shows the following;

hamlet      local    001 127.0.0.2       Thu Mon 07 07:22 - still logged in

radwtmp begins Fri Dec 01 16:36:59 2000

    Then, suppose you run:

	radsession -l hamlet -P 1 -s "0001" --stop

    This will send a stop record for session 0001. Radlast would then show
    something like:

hamlet      local    001 127.0.0.2       Thu Mon 07 07:22 - 07:25  (00:03) 

radwtmp begins Fri Dec 01 16:36:59 2000

		        VI. Bug reporting.		
                      ----------------------

    Send bug reports to <bug-gnu-radius@gnu.org>. 
	

Local Variables:
mode: indented-text
indent-tabs-mode: nil
tab-stop-list: (4 8 12 16 20 24 28 32 36 40 44 48 52 56 60 64 68 72 76)
left-margin: 4
fill-column: 74
version-control: never
End:
