Help with external authentication using PHP

Alan DeKok aland at
Fri Apr 5 17:28:52 CEST 2019

On Apr 5, 2019, at 11:22 AM, Ekene Ezeasor <ezeasorekene at> wrote:
> Please our users' password are encrypted using crypt() (blowfish) function
> in PHP. Now I want to use password_verify() to check the submitted password
> and I intend doing that in PHP. I have updated my authorize section to use
> the external PHP script like this:
> update control {
>      Auth-type := "/usr/bin/php -f
> /etc/freeradius/3.0/php/checkpassword.php %{User-Name} %{User-Password}"
>      &Proxy-To-Realm := LOCAL
>    }
> But only the username is sent to the external PHP file. The password is
> empty.

  If you're using WiFi, the User-Password won't exist.  See the debug output for more information.

> We are already running a large database and it may not be easy to change to
> another encryption method. Therefore this is very important and we really
> need to implement it.


  The clients will need to do TTLS with inner-tunnel PAP.  Everything else won't work.

  Your choices are:

* use TTLS with inner PAP
* don't do WiFi
* change all the passwords in the database to clear-text

  Pick one.

  Alan DeKok

More information about the Freeradius-Users mailing list