Radius Self Service
Peter Moreton
Peter.Moreton at cbi.org.uk
Thu Feb 16 11:21:37 CET 2012
DISCLAIMER: We are a Windows-shop, and this is our first Linux server deployment, so I'm having to ask newbie questions, sorry about that!
I have a working RADIUS server, "RADIUS01" running Centos/Freeradius. Freeradius is configured to store username and PIN-style passwords in MySQL. To go live with our RADIUS implementation, I have been tasked with making the selection of PIN's a self-service process. I'm considering an email-based approach where user at foobar.org.uk can email PIN at foobar.org.uk in order to achieve PIN maintenance. (I understand the risk of email header spoofing).
Since I don't know Linux terribly well, I'm asking the group if my proposal is a sensible approach? Am I re-inventing any wheels? Should I consider an alternative method?
Thanks
-----------------------------------------------------------
My brief spec:
RADIUS01 would be extended to use SENDMAIL and some Perl or similar processing to monitor a predefined email account such as PIN at foobar.org.uk
Sending a blank email to PIN at foobar.org.uk will respond with:
Reply with a Subject line of :
SENDPIN - To send your current PIN to your email address
NEWPIN xxxx - To set you pin to the value xxxx and confirm by email
HELP - To receive an email with extensive guidance
The Sendmail/Perl script would make calls such as:
Mysql -u root -p
<MySQL Password>
Use radsql
INSERT INTO radcheck (username, attribute, op, value) VALUES ('janedoe','Cleartext-Password',':=','password');
INSERT INTO radusergroup VALUES ('janedoe','dynamic',1);
QUIT
***************************************************************************************
The CBI's (Confederation of British Industry's) registered address is:
Centre Point, 103 New Oxford Street, London WC1A 1DU
Company number: RC000139
More information about the Freeradius-Users
mailing list