PHP authentication
Alan DeKok
aland at deployingradius.com
Mon Dec 14 00:20:42 CET 2015
On Dec 13, 2015, at 5:59 PM, Arjan Sinnige <a.sinnige at sae.edu> wrote:
> I've been asked to research the possibility to link radius to an
> external login server.(out of my control)
OK.
> The external server needs a username and cleartext password via a php
> script and will only reply 'ok' or 'fail'. It will not send back a
> password or anything.
How does it send a PHP script?
> The devices we need to authenticate are numerous. From ipads, iphones,
> windows phones & android to all iterations of windows (7 and onwards),
> OSX & linux computers.
> Most if not all of them are students user devices which cannot be
> pre-configured. So it needs to work "out of the box".
Good luck...
> Now I can get this to work easily if I authenticate against a local
> LDAP server which has NTLM and local user passwd accounts. All of
> these devices can do EAP-TTLS-Mschapv2 or EAP-PEAP-Mschapv2 but not
> all of them do TTLS-PAP (Windows & Windows phone etc...)
Exactly.
> It is not possible with this setup to always get a cleartext password,
> or is it ?
It's not always possible to get a cleartext password.
> In your valued opinion : Can it be done or should I spend my time on
> advising and creating a custom capture portal for the network ?
It's impossible in general.
http://deployingradius.com/documents/protocols/compatibility.html
Alan DeKok.
More information about the Freeradius-Users
mailing list