Freeradius-Users Digest, Vol 82, Issue 50

Peter Moreton Peter.Moreton at cbi.org.uk
Fri Feb 17 01:54:20 CET 2012


But why not simply create a simple web page, possibly even as a
captive portal? It's much easier that way, plus it's real-time and you
have no risk of email missing (e.g. due to spam filters, etc).

>> if I build a webpage, then I also have to authenticate users who present themselves requesting self service


Since I don't know Linux terribly well, I'm asking the group if my proposal is a sensible approach? Am I re-inventing any wheels? Should I consider an alternative method?

It's not really linux-specific.

>> I want to keep the entire radius PIN authentication system on Linux, to keep it independent of Windows, a security "island" perhaps, so in this case, it is Linux specific.


Thanks
-----------------------------------------------------------

My brief spec:
RADIUS01 would be extended to use SENDMAIL and some Perl or similar processing to monitor a predefined email account such as <mailto:PIN at foobar.org.uk> PIN at foobar.org.uk<mailto:PIN at foobar.org.uk>


Why? When will you want radius to send email? During a failed auth?
IMHO that's a terrible design, and could easily lead to mail floods.

Again, it's easier to just use webpage. You seem to have a perception
that the DB can only be modified by radius. It's not. You can have
whatever process you want managing the db, and have FR simply reads
from it.

>> Nope, I said "radius01 would be extended" that's a hostname not the radius software. Perhaps I should have made this more clear. In my implementation, RADIUS01 replaces another security island, RSA01.

The Sendmail/Perl script would make calls such as:

?Mysql -u root -p

That line REALLY show your newbie-ness.

>> cheers. helpful.

?<MySQL Password>
?Use radsql
?INSERT INTO radcheck (username, attribute, op, value) VALUES ('janedoe','Cleartext-Password',':=','password');
?INSERT INTO radusergroup VALUES ('janedoe','dynamic',1);
?QUIT

Ever heard of sql functions in scripts? e.g.
<http://www.php.net/manual/en/book.mysqli.php>http://www.php.net/manual/en/book.mysqli.php or
<http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm>http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm ?

>> of course I have. My post tries to explain what I'm trying to achieve using simple language. Implementation detail isn't required.

Looking at your post, I REALLY suggest you hire an expert instead.
Either that, or spend lots of time (e.g. several weeks) to learn and
have some trial-and-error.

>> no, radius, mysql, php - these are all just tools to be learned. I'd rather spend a couple of weeks and build a solution that I know and trust. I'm sure we are all experts in our fields, and as such its much better to expand personal horizons than give in an hire someone.

>> anyhow, no one responded to say, "it exists, use the xyz-addon" so I'm guessing that I'm not reinventing anything, so I'll crack on. Thanks everyone.
***************************************************************************************

The CBI's (Confederation of British Industry's) registered address is:
Centre Point, 103 New Oxford Street, London WC1A 1DU
Company number: RC000139 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120217/54d3ddd4/attachment.html>


More information about the Freeradius-Users mailing list