$75.00 USD Bounty

Phil Mayers p.mayers at imperial.ac.uk
Mon Mar 21 17:48:19 CET 2011


On 21/03/11 12:14, Craig Smith wrote:
> Good Morning!
>
> I will pay $75.00 USD (via PayPal) to the first person who can send me
> the documentation and working configuration files for external
> authentication using a PHP script.

Well, your question is not as simple as you imagine; you haven't defined 
which authentication method(s) (PAP, CHAP, EAP) you want to handle, and 
how you want to determine success or failure


If you want to handle CHAP/EAP or something else using 
challenge/response; don't. You won't be able to do this in an external 
script.


Assuming it's PAP or something else similar which doesn't involve any 
challenge/response (e.g. macauth) you simply do the following:

/etc/raddb/modules/my_exec:

exec my_exec {
   program = "/..."
   wait = yes
   input_pairs = request
   output_pairs = reply
}

/etc/raddb/sites-enabled/default:

authorize {
   ...
   my_exec
   if (ok) {
     update control {
       Auth-Type := Accept
     }
   }
   ...
}

...then write your script. It will receive

User-Name=x
Other-Attr=y

...on stdin. You can print out reply variables on stdout:

Reply-Message="some string"
Vendor-Vlan=1234

...and you return exit codes as demonstrated in scripts/exec-program-wait.

I don't code in PHP so can't give you an example of the script.



More information about the Freeradius-Users mailing list