On Thu, Feb 16, 2012 at 5:21 PM, Peter Moreton <Peter.Moreton@cbi.org.uk> wrote:
I have a working RADIUS server, "RADIUS01" running Centos/Freeradius. Freeradius is configured to store username and PIN-style passwords in MySQL. To go live with our RADIUS implementation, I have been tasked with making the selection of PIN's a self-service process. I'm considering an email-based approach where user@foobar.org.uk can email PIN@foobar.org.uk in order to achieve PIN maintenance. (I understand the risk of email header spoofing).
Possible. But why not simply create a simple web page, possibly even as a captive portal? It's much easier that way, plus it's real-time and you have no risk of email missing (e.g. due to spam filters, etc).
Since I don't know Linux terribly well, I'm asking the group if my proposal is a sensible approach? Am I re-inventing any wheels? Should I consider an alternative method?
It's not really linux-specific.
Thanks -----------------------------------------------------------
My brief spec: RADIUS01 would be extended to use SENDMAIL and some Perl or similar processing to monitor a predefined email account such as PIN@foobar.org.uk
Why? When will you want radius to send email? During a failed auth? IMHO that's a terrible design, and could easily lead to mail floods. Again, it's easier to just use webpage. You seem to have a perception that the DB can only be modified by radius. It's not. You can have whatever process you want managing the db, and have FR simply reads from it.
The Sendmail/Perl script would make calls such as:
Mysql -u root -p
That line REALLY show your newbie-ness.
<MySQL Password> Use radsql INSERT INTO radcheck (username, attribute, op, value) VALUES ('janedoe','Cleartext-Password',':=','password'); INSERT INTO radusergroup VALUES ('janedoe','dynamic',1); QUIT
Ever heard of sql functions in scripts? e.g. http://www.php.net/manual/en/book.mysqli.php or http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm ? Looking at your post, I REALLY suggest you hire an expert instead. Either that, or spend lots of time (e.g. several weeks) to learn and have some trial-and-error. -- Fajar