use freeRadius client to connect a java application
Noura Kossentini
kossentini.noura at gmail.com
Wed Sep 8 14:57:19 CEST 2010
Hi
I proposed to use TinyRadius but they refused it. they consider it
(contamination risk AND the IPR risk )
So they opt to FreeRadius Client. It's a C library, had to be used from a
Java application, it would need to be called either via JNI, or simply
linked into a small C main program and then spawned from Java as an external
process.
I'm a beginner in c development [?]. someone can help me to do this??
thanks in advance
2010/8/31 Michael Lecuyer <mjl at iterpacis.org>
> Sorry, I was looking at the client in the freeradius server source.
>
> Now I'm looking at the same source you are looking at.
>
>
> On 2010-08-31 4:37 AM, Noura Kossentini wrote:
>
>> i downloaded freeradius-client-1.1.6 and in radiusclient.c I found this
>> copyright
>>
>> /*
>> * Copyright (c) 2004 Maxim Sobolev <sobomax at FreeBSD.org>
>> * All rights reserved.
>> *
>> * Redistribution and use in source and binary forms, with or without
>> * modification, are permitted provided that the following conditions
>> * are met:
>> * 1. Redistributions of source code must retain the above copyright
>> * notice, this list of conditions and the following disclaimer.
>> * 2. Redistributions in binary form must reproduce the above copyright
>> * notice, this list of conditions and the following disclaimer in the
>> * documentation and/or other materials provided with the distribution.
>> *
>>
>> Please send me the link to download free radius client you speak about
>>
>> In this case (radiusclient is a BSD copyright) can I use JNI?? and how?
>>
>> thanks
>>
>> 2010/8/30 Michael Lecuyer <mjl at iterpacis.org <mailto:mjl at iterpacis.org>>
>>
>>
>> So our production must be supported on all platforms so I think
>> that
>> using JNI is the good solution.
>>
>>
>> The radius client is not written in a form suitable for JNI. That is
>> to say its not modular in the sense most Java programs are. The
>> main() function is the only way to call radclient. The radclient
>> main() sets all the internal structures up based on the command line
>> arguments.
>>
>> I've just noticed that the FreeRadius radclient.c is released as the
>> GNU General Public License which you can't use with your product.
>> You might go with tinyradius (LGPL). There are probably other free
>> RADIUS clients written in other languages (python, perl).
>>
>> /*
>> * radclient.c General radius packet debug tool.
>> *
>> * Version: $Id$
>> *
>> * This program is free software; you can redistribute it and/or
>> modify
>> * it under the terms of the GNU General Public License as
>> published by
>> * the Free Software Foundation; either version 2 of the License, or
>> * (at your option) any later version.
>>
>>
>> On 2010-08-30 8:45 AM, Noura Kossentini wrote:
>>
>> Hi
>>
>> Thanks for your detailed answer.
>> So our production must be supported on all platforms so I think
>> that
>> using JNI is the good solution.
>> Please can you help me on how to use the JNI with freeradius
>> client??
>>
>> thanks
>>
>>
>> 2010/8/27 Michael Lecuyer <mjl at iterpacis.org
>> <mailto:mjl at iterpacis.org> <mailto:mjl at iterpacis.org
>>
>> <mailto:mjl at iterpacis.org>>>
>>
>>
>> The radclient is limited to CHAP, PAP, and Digest
>> authentication
>> methods. It can send MSCHAP and MSCHAPV2 if you write the
>> code to
>> build the request (NT-Response & Challenge) and so on (not
>> trivial
>> to get right).
>>
>> Otherwise you can direct your attributes to send to the
>> Runtime.exec()
>>
>> Here's some example code for running the radclient:
>>
>> import java.io.*;
>>
>> public class RunRadClient
>> {
>> public static void main(String[] a)
>> {
>> try {
>> RunRadClient t = new RunRadClient();
>> t.go(a);
>> } catch (Exception e) {
>> e.printStackTrace();
>> }
>> }
>>
>> private void go(String[] a) throws Exception
>> {
>>
>> try {
>> //./radclient -c 2 -i 23 -s -x -f /tmp/radattr
>> 192.168.1.187 auth axltest
>> String path =
>> "/usr/src/freeradius/src/main/radclient";
>>
>> String[] cmd = {
>> path,
>> "-c", "1", // Send on packet.
>> "-i", "22", // Packet id (change this each time)
>> "-s", // Display summary information.
>> "192.168.1.187", // Server
>> "auth", // Authentication packet.
>> "axltest" // Secret
>> };
>>
>> // Attributes:
>> StringBuffer sb = new StringBuffer();
>> sb.append("NAS-IP-Address=192.168.1.187\n");
>> sb.append("NAS-Port =1\n");
>> sb.append("User-Name=michael\n");
>> sb.append("Chap-Password=test\n");
>>
>> Process p = Runtime.getRuntime().exec(cmd);
>>
>> // For our purposes stdin, stdout, and
>> stderr are
>> reversed in sense because
>> // they relate to the exec'd process.
>> BufferedReader stderr = new BufferedReader( new
>> InputStreamReader(p.getErrorStream()));
>> BufferedReader stdout = new BufferedReader( new
>> InputStreamReader(p.getInputStream()));
>> BufferedWriter stdin = new BufferedWriter( new
>> OutputStreamWriter(p.getOutputStream()));
>>
>> // Build the attributes as a StringBuilder
>> and write
>> them to stdout.
>> stdin.write(sb.toString(), 0, sb.length());
>> stdin.flush();
>> stdin.close();
>>
>> p.waitFor();
>> int exitValue = p.exitValue();
>> if (exitValue != 0)
>> {
>> System.out.println("Error running
>> command,
>> exit = " + exitValue);
>> }
>> String line;
>> while ((line = stdout.readLine()) != null)
>> {
>> System.out.println(line);
>> }
>> } catch (Exception e) {
>> System.err.println("Exec failed" +
>> e.getMessage());
>> e.printStackTrace();
>> }
>>
>> }
>> }
>>
>> The result is this, which must be parsed to extract any
>> response
>> attributes and to get the packet status.
>>
>> Sending Access-Request of id 100 to 192.168.1.187 port 1812
>> NAS-IP-Address = 192.168.1.187
>> NAS-Port = 1
>> User-Name = "michael"
>> CHAP-Password = 0x64234c1d14fde1c04c8590c13b8c9aa181
>> rad_recv: Access-Accept packet from host 192.168.1.187 port
>> 1812,
>> id=100, length=85
>> Reply-Message = "Howdy."
>> Cisco-Attr-0 = 0x683332332d63757272656e63793d555344
>> Cisco-Attr-0 = 0x436973636f2d586d69742d526174653d3939
>> Framed-IP-Address = 192.123.231.123
>>
>> Total approved auths: 1
>> Total denied auths: 0
>> Total lost auths: 0
>>
>>
>>
>>
>> On 2010-08-27 9:24 AM, Noura Kossentini wrote:
>>
>> Hi
>>
>> thanks for quick answer.
>> Can you help me on how to use JNI with freeradius client??
>>
>>
>> 2010/8/27 Michael Lecuyer <mjl at iterpacis.org
>> <mailto:mjl at iterpacis.org>
>> <mailto:mjl at iterpacis.org <mailto:mjl at iterpacis.org>>
>> <mailto:mjl at iterpacis.org <mailto:mjl at iterpacis.org>
>>
>> <mailto:mjl at iterpacis.org <mailto:mjl at iterpacis.org>>>>
>>
>>
>>
>> You have two methods: JNI (Java native interface) to
>> call the
>> Freeradius client or purchase a very good Java
>> RADIUS Client API
>> from AXLRadius.com
>>
>>
>> On 2010-08-27 7:05 AM, Noura Kossentini wrote:
>>
>> Hi,
>>
>> In our company it's forbidden to use products
>> with GPL
>> License.
>> So I ca
>> not use Jradius client to connect my client
>> application to a
>> radius server.
>>
>> Since that FreeRadius is distributed under BSD,
>> it's
>> allowed to
>> me to
>> use this library.
>>
>> My queqtion is can you help me on how can I
>> connect and
>> authenticate my
>> java application to a radius server using
>> FreeRadius
>> client??
>>
>> Thanks in advance
>>
>> Regards
>> Noura
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100908/60e6f981/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 33D.gif
Type: image/gif
Size: 104 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100908/60e6f981/attachment.gif>
More information about the Freeradius-Users
mailing list