Radius Self Service

Fajar A. Nugraha list at fajar.net
Thu Feb 16 14:42:19 CET 2012


On Thu, Feb 16, 2012 at 5:21 PM, Peter Moreton <Peter.Moreton at cbi.org.uk> wrote:
> I have a working RADIUS server, "RADIUS01" running Centos/Freeradius. Freeradius is configured to store username and PIN-style passwords in MySQL. To go live with our RADIUS implementation, I have been tasked with making the selection of PIN's a self-service process. I'm considering an email-based approach where user at foobar.org.uk can email PIN at foobar.org.uk in order to achieve PIN maintenance. (I understand the risk of email header spoofing).

Possible.

But why not simply create a simple web page, possibly even as a
captive portal? It's much easier that way, plus it's real-time and you
have no risk of email missing (e.g. due to spam filters, etc).


>
> Since I don't know Linux terribly well, I'm asking the group if my proposal is a sensible approach? Am I re-inventing any wheels? Should I consider an alternative method?

It's not really linux-specific.

>
> Thanks
> -----------------------------------------------------------
>
> My brief spec:
> RADIUS01 would be extended to use SENDMAIL and some Perl or similar processing to monitor a predefined email account such as PIN at foobar.org.uk
>

Why? When will you want radius to send email? During a failed auth?
IMHO that's a terrible design, and could easily lead to mail floods.

Again, it's easier to just use webpage. You seem to have a perception
that the DB can only be modified by radius. It's not. You can have
whatever process you want managing the db, and have FR simply reads
from it.


> The Sendmail/Perl script would make calls such as:
>
>  Mysql -u root -p

That line REALLY show your newbie-ness.

>  <MySQL Password>
>  Use radsql
>  INSERT INTO radcheck (username, attribute, op, value) VALUES ('janedoe','Cleartext-Password',':=','password');
>  INSERT INTO radusergroup VALUES ('janedoe','dynamic',1);
>  QUIT

Ever heard of sql functions in scripts? e.g.
http://www.php.net/manual/en/book.mysqli.php or
http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm ?

Looking at your post, I REALLY suggest you hire an expert instead.
Either that, or spend lots of time (e.g. several weeks) to learn and
have some trial-and-error.

-- 
Fajar




More information about the Freeradius-Users mailing list