AW: Freeradius + External PHP script

Moe moenster at hotmail.de
Sun Feb 7 03:00:56 CET 2010 

Well, I think it's a good start, to terminate the code lines with
semicolons.

I'm not too familiar with FreeRadius, but I guess, the each Tunnel-XY-line
should have an "\n" at the end to insert a line wrap.

You would get something like this: 

<?php
  $user = getenv("USER_NAME");
  $password = getenv("USER_PASSWORD");
  if ($user == "test" && $password == "test") {
     echo "Access-Accept\n";
     echo "Tunnel-Type = 13,\n";
     echo "Tunnel-Medium-Type = 6,\n";
     echo "Tunnel-Private-Group-Id = 1\n";
  }
  else
     echo "Access-Reject";
?>


Hope this helps :)



-----Ursprüngliche Nachricht-----
Von: freeradius-users-bounces+moenster=hotmail.de at lists.freeradius.org
[mailto:freeradius-users-bounces+moenster=hotmail.de at lists.freeradius.org]
Im Auftrag von X.x - x.X
Gesendet: Samstag, 6. Februar 2010 23:18
An: freeradius-users at lists.freeradius.org
Betreff: Freeradius + External PHP script


Hello everyone :)

I'm having some problems with Freeradius, which I'm sure some folks here
will know how to solve. :)

Version: 2.0.4 (debian custom build to support SSL)

Objective: Upon receiving a request with a username & password (from NAS),
Freeradius should invoke an external script (PHP in this case). Script
should look-up the username/password, and based on some internal logic
return an Access-Accept or Access-Reject. In case of a Access-Accept, script
should also provide some VLAN information. Prefered method is EAP/TTLS.

I haven't been able to find much info on this subject (maybe I'm looking in
wrong place?). This is what I have so far (only the important parts):

*radiusd.conf*
exec php {
  wait = yes
  program = "/usr/bin/php -f myscript.php"
  input_pairs = request
  output_pairs = reply
}

*site-enabled/default*
authenticate {
  Auth-Type TEST {
     php
  }

*users*
DEFAULT    Auth-Type := TEST

*myscript.php* (simplified version)
<?php
  $user = getenv("USER_NAME");
  $password = getenv("USER_PASSWORD");
  if ($user == "test" && $password == "test") {
     echo "Access-Accept";
     echo "Tunnel-Type = 13,"
     echo "Tunnel-Medium-Type = 6,"
     echo "Tunnel-Private-Group-Id = 1"
  }
  else
     echo "Access-Reject";
?>

The echo-part in myscript.php is obviously wrongly implemented, so please
help..

With the above mentioned, invoking the script works, but always returns
Access-Accepted packet (testing with radtest utility).
 		 	   		  
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list