use freeRadius client to connect a java application

Noura Kossentini kossentini.noura at gmail.com
Wed Sep 8 14:57:19 CEST 2010


Hi
I proposed to use TinyRadius but they refused it. they consider it
(contamination risk AND the IPR risk )

So they opt to FreeRadius Client. It's a C library, had to be used from a
Java application, it would need to be called either via JNI, or simply
linked into a small C main program and then spawned from Java as an external
process.

I'm a beginner in c development [?]. someone can help me  to do this??

thanks in advance


2010/8/31 Michael Lecuyer <mjl at iterpacis.org>

> Sorry, I was looking at the client in the freeradius server source.
>
> Now I'm looking at the same source you are looking at.
>
>
> On 2010-08-31 4:37 AM, Noura Kossentini wrote:
>
>> i downloaded freeradius-client-1.1.6 and in radiusclient.c I found this
>> copyright
>>
>> /*
>>  * Copyright (c) 2004 Maxim Sobolev <sobomax at FreeBSD.org>
>>  * All rights reserved.
>>  *
>>  * Redistribution and use in source and binary forms, with or without
>>  * modification, are permitted provided that the following conditions
>>  * are met:
>>  * 1. Redistributions of source code must retain the above copyright
>>  *    notice, this list of conditions and the following disclaimer.
>>  * 2. Redistributions in binary form must reproduce the above copyright
>>  *    notice, this list of conditions and the following disclaimer in the
>>  *    documentation and/or other materials provided with the distribution.
>>  *
>>
>> Please send me the link to download free radius client you speak about
>>
>> In this case (radiusclient is a BSD copyright) can I use JNI?? and how?
>>
>> thanks
>>
>> 2010/8/30 Michael Lecuyer <mjl at iterpacis.org <mailto:mjl at iterpacis.org>>
>>
>>
>>        So our production must be supported on all platforms so I think
>> that
>>        using JNI is the good solution.
>>
>>
>>    The radius client is not written in a form suitable for JNI. That is
>>    to say its not modular in the sense most Java programs are. The
>>    main() function is the only way to call radclient. The radclient
>>    main() sets all the internal structures up based on the command line
>>    arguments.
>>
>>    I've just noticed that the FreeRadius radclient.c is released as the
>>    GNU General Public License which you can't use with your product.
>>    You might go with tinyradius (LGPL). There are probably other free
>>    RADIUS clients written in other languages (python, perl).
>>
>>    /*
>>      * radclient.c  General radius packet debug tool.
>>      *
>>      * Version:     $Id$
>>      *
>>      *   This program is free software; you can redistribute it and/or
>>    modify
>>      *   it under the terms of the GNU General Public License as
>>    published by
>>      *   the Free Software Foundation; either version 2 of the License, or
>>      *   (at your option) any later version.
>>
>>
>>    On 2010-08-30 8:45 AM, Noura Kossentini wrote:
>>
>>        Hi
>>
>>        Thanks for your detailed answer.
>>        So our production must be supported on all platforms so I think
>> that
>>        using JNI is the good solution.
>>        Please can you help me on how to use the JNI with freeradius
>>        client??
>>
>>        thanks
>>
>>
>>        2010/8/27 Michael Lecuyer <mjl at iterpacis.org
>>        <mailto:mjl at iterpacis.org> <mailto:mjl at iterpacis.org
>>
>>        <mailto:mjl at iterpacis.org>>>
>>
>>
>>            The radclient is limited to CHAP, PAP, and Digest
>> authentication
>>            methods. It can send MSCHAP and MSCHAPV2 if you write the
>>        code to
>>            build the request (NT-Response & Challenge) and so on (not
>>        trivial
>>            to get right).
>>
>>            Otherwise you can direct your attributes to send to the
>>        Runtime.exec()
>>
>>            Here's some example code for running the radclient:
>>
>>            import java.io.*;
>>
>>            public class RunRadClient
>>            {
>>                    public static void main(String[] a)
>>                    {
>>                            try {
>>                                    RunRadClient t = new RunRadClient();
>>                                    t.go(a);
>>                            } catch (Exception e) {
>>                                    e.printStackTrace();
>>                            }
>>                    }
>>
>>                    private void go(String[] a) throws Exception
>>                    {
>>
>>                            try {
>>                            //./radclient -c 2 -i 23 -s -x  -f /tmp/radattr
>>              192.168.1.187 auth axltest
>>                                    String path =
>>        "/usr/src/freeradius/src/main/radclient";
>>
>>                                    String[] cmd = {
>>                                    path,
>>        "-c", "1", // Send on packet.
>>        "-i", "22", // Packet id (change this each time)
>>        "-s", // Display summary information.
>>        "192.168.1.187", // Server
>>        "auth", // Authentication packet.
>>        "axltest" // Secret
>>                            };
>>
>>                            // Attributes:
>>                            StringBuffer sb = new StringBuffer();
>>                            sb.append("NAS-IP-Address=192.168.1.187\n");
>>                            sb.append("NAS-Port =1\n");
>>                            sb.append("User-Name=michael\n");
>>                            sb.append("Chap-Password=test\n");
>>
>>                            Process  p = Runtime.getRuntime().exec(cmd);
>>
>>                            // For our purposes stdin, stdout, and
>>        stderr are
>>            reversed in sense because
>>                            // they relate to the exec'd process.
>>                            BufferedReader stderr = new BufferedReader( new
>>            InputStreamReader(p.getErrorStream()));
>>                            BufferedReader stdout = new BufferedReader( new
>>            InputStreamReader(p.getInputStream()));
>>                            BufferedWriter stdin = new BufferedWriter( new
>>            OutputStreamWriter(p.getOutputStream()));
>>
>>                            // Build the attributes as a StringBuilder
>>        and write
>>            them to stdout.
>>                            stdin.write(sb.toString(), 0, sb.length());
>>                            stdin.flush();
>>                            stdin.close();
>>
>>                            p.waitFor();
>>                            int exitValue = p.exitValue();
>>                            if (exitValue != 0)
>>                            {
>>                                    System.out.println("Error running
>>        command,
>>            exit = " + exitValue);
>>                            }
>>                            String line;
>>                            while ((line = stdout.readLine()) != null)
>>                            {
>>                                    System.out.println(line);
>>                            }
>>                            } catch (Exception e) {
>>                                    System.err.println("Exec failed" +
>>            e.getMessage());
>>                                    e.printStackTrace();
>>                            }
>>
>>                    }
>>            }
>>
>>            The result is this, which must be parsed to extract any
>> response
>>            attributes and to get the packet status.
>>
>>            Sending Access-Request of id 100 to 192.168.1.187 port 1812
>>                    NAS-IP-Address = 192.168.1.187
>>                    NAS-Port = 1
>>                    User-Name = "michael"
>>                    CHAP-Password = 0x64234c1d14fde1c04c8590c13b8c9aa181
>>            rad_recv: Access-Accept packet from host 192.168.1.187 port
>>        1812,
>>            id=100, length=85
>>                    Reply-Message = "Howdy."
>>                    Cisco-Attr-0 = 0x683332332d63757272656e63793d555344
>>                    Cisco-Attr-0 = 0x436973636f2d586d69742d526174653d3939
>>                    Framed-IP-Address = 192.123.231.123
>>
>>                       Total approved auths:  1
>>                         Total denied auths:  0
>>                           Total lost auths:  0
>>
>>
>>
>>
>>            On 2010-08-27 9:24 AM, Noura Kossentini wrote:
>>
>>                Hi
>>
>>                thanks for quick answer.
>>                Can you help me on how to use JNI with freeradius client??
>>
>>
>>                2010/8/27 Michael Lecuyer <mjl at iterpacis.org
>>        <mailto:mjl at iterpacis.org>
>>        <mailto:mjl at iterpacis.org <mailto:mjl at iterpacis.org>>
>>        <mailto:mjl at iterpacis.org <mailto:mjl at iterpacis.org>
>>
>>        <mailto:mjl at iterpacis.org <mailto:mjl at iterpacis.org>>>>
>>
>>
>>
>>                    You have two methods: JNI (Java native interface) to
>>        call the
>>                    Freeradius client or purchase a very good Java
>>        RADIUS Client API
>>                    from AXLRadius.com
>>
>>
>>                    On 2010-08-27 7:05 AM, Noura Kossentini wrote:
>>
>>                        Hi,
>>
>>                        In our company it's forbidden to use products
>>        with GPL
>>                License.
>>                        So I ca
>>                        not use Jradius client to connect my client
>>        application to a
>>                        radius server.
>>
>>                        Since that FreeRadius is distributed under BSD,
>> it's
>>                allowed to
>>                        me to
>>                        use this library.
>>
>>                        My queqtion is can you help me on how can I
>>        connect and
>>                        authenticate my
>>                        java application to a radius server using
>> FreeRadius
>>                client??
>>
>>                        Thanks in advance
>>
>>                        Regards
>>                        Noura
>>
>>
>>
>>                        -
>>                        List info/subscribe/unsubscribe? See
>>        http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100908/60e6f981/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 33D.gif
Type: image/gif
Size: 104 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100908/60e6f981/attachment.gif>


More information about the Freeradius-Users mailing list