On Thu, Jul 21, 2016 at 08:21:53PM +0000, Janis Heller wrote:
I would like to use RADIUS to process the authentification of users to my VPN servers using a PHP script which is called by RADIUS processing the auth process.
That's generally a bad idea, and won't scale well. Forking a new process for each auth is really slow. You are probably better to just get FreeRADIUS to look directly at whatever authentication database your PHP script is looking at.
For this reason I added the following part into my exec file:
exec { wait = yes program = "/usr/bin/php -f /usr/local/auth.php %{User-Name} %{User-Password}" input_pairs = request shell_escape = yes timeout = 10 }
When I test the script by executing:
radtest testing password localhost -4 testing123
I get this error:
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
Your script didn't set Auth-Type, so FreeRADIUS doesn't know how to authenticate the request. You could try a couple of things. Use output_pairs = config, then get your script to print "Auth-Type := Accept" or "Auth-Type := Reject" on success/failure. Or follow the usual PAP/ntlm_auth examples at http://wiki.freeradius.org/guide/NTLM%20Auth%20with%20PAP%20HOWTO and do it properly with its own Auth-Type.
I attached my
Not useful. The output of radiusd -X would be. But try the above first. But really, I'd forget the PHP script if possible. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>