<pre style="margin-top:0px;margin-bottom:0px;padding:0px;white-space:pre-wrap!important;font-size:12px;background-color:rgb(255,255,255)">Hi Arran,
Can you tell me please what is wrong with this php script below. Or is there any working example script?
Note that this script is just for simplifying at all.
Thanks.
#!/usr/local/bin/php-5.3
<?php
$f = fopen("php://stdin", "r");
while ($line = fgets($f)) {
$line = trim($line);
$fields = explode(' ', $line);
$username = rawurldecode($fields[0]);
$password = rawurldecode($fields[1]);
if ($username == 'hello'
and $password == 'world') {
fwrite(STDOUT, "Access-Accept\n");
} else if ($username == 'foo'
and $password == 'bar') {
fwrite(STDOUT, "Access-Accept\n");
} else {
fwrite(STDOUT, "Access-Reject\n");
}
}
?>
Connection is failed. (It asks for user/pass again) Here is output of radiusd -X command:
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.35.100 port 10587, id=5, length=144
User-Name = "foo"
NAS-IP-Address = 192.168.35.100
NAS-Port = 0
Called-Station-Id = "74-EA-3A-AE-9E-FB:Radius"
Calling-Station-Id = "C4-85-08-11-59-EA"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0201000801666f6f
Message-Authenticator = 0x71d5d45adea35cdd7c4d6cbeb425b08d
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://192.168.35.100/auth-detail-20120920">192.168.35.100/auth-detail-20120920</a>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://192.168.35.100/auth-detail-20120920">192.168.35.100/auth-detail-20120920</a>
[auth_log] expand: %t -> Thu Sep 20 22:39:07 2012
++[auth_log] returns ok
++[mschap] returns noop
[files] users: Matched entry DEFAULT at line 60
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = TEST
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group TEST {...}
[php] expand: %{mschap:User-Name} -> foo
[php] expand: %{User-Password} ->
Exec-Program output:
Exec-Program-Wait: plaintext:
Exec-Program: returned: 0
++[php] returns ok
Login OK: [foo/<via Auth-Type = TEST>] (from client myAp port 0 cli C4-85-08-11-59-EA)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[reply_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radius/radacct/<a href="http://192.168.35.100/reply-detail-20120920">192.168.35.100/reply-detail-20120920</a>
[reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/<a href="http://192.168.35.100/reply-detail-20120920">192.168.35.100/reply-detail-20120920</a>
[reply_log] expand: %t -> Thu Sep 20 22:39:07 2012
++[reply_log] returns ok
[sql_log] Processing sql_log_postauth
[sql_log] expand: %{User-Name} -> foo
[sql_log] expand: %{%{User-Name}:-DEFAULT} -> foo
[sql_log] sql_set_user escaped user --> 'foo'
[sql_log] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
[sql_log] ... expanding second conditional
[sql_log] expand: Chap-Password -> Chap-Password
[sql_log] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S'); -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ('foo', 'Chap-Password', 'Access-Accept', '2012-09-20 22:39:07');
[sql_log] expand: /var/log/radius/radacct/sql-relay -> /var/log/radius/radacct/sql-relay
++[sql_log] returns ok
++[exec] returns noop
Sending Access-Accept of id 5 to 192.168.35.100 port 10587
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 5 with timestamp +9
Ready to process requests.</pre><br><div class="gmail_quote">2012/9/20 Arran Cudbard-Bell <span dir="ltr"><<a href="mailto:a.cudbardb@freeradius.org" target="_blank">a.cudbardb@freeradius.org</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br>
On 20 Sep 2012, at 18:00, Taręk Kabak <<a href="mailto:tarikkabak@gmail.com">tarikkabak@gmail.com</a>> wrote:<br>
<br>
> Hello again,<br>
><br>
><br>
> Thanks for your help. So external script support is possible for only PAP? I wanted to authenticate windows 7 wireless interfaces via radius server cause of an old/non-supported sql db so i had to use my own external/customized php script.<br>
<br>
</div>you can do it, if your old unsupport database has the passwords available in cleartext, or the nt hashes of the passwords...<br>
<span class="HOEnZb"><font color="#888888"><br>
-Arran<br>
</font></span><div class="HOEnZb"><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>