Radius
Introduktion
This package is based on the libradius of FreeBSD. This PECL adds full support for Radius Authentication (» RFC 2865) and Radius Accounting (» RFC 2866). This package is available for Unix (tested on FreeBSD and Linux) and for Windows.
Note: An exact description for libradius can be found » here. A detailed description of the configuration file can be found » here.
Installation
Howto install the package?
- untar the package (usually into php4/ext)
- rename radius-x.x to radius
- run ./buildconf in php4
- run ./configure --enable-radius
- make; make install
- untar the package
- run phpize in the radius-x.x directory
- run ./configure in the radius-x.x directory
- make; make install
For Windows I recommend to use the php_radius.dll from » https://snaps.php.net/. Unbundled PECL extensions may be downloaded from: » https://pecl4win.php.net/
Foruddefinerede Konstanter
Konstanterne nedenunder er defineret af denne udvidelse, og vil kun være tilgængelige når denne udvidelse enten er blevet kompileret ind i PHP eller dynamisk indsat under runtime.
- RADIUS_ACCESS_REQUEST ()
- Authentication Request
- RADIUS_ACCESS_ACCEPT ()
- Access accepted
- RADIUS_ACCESS_REJECT ()
- Access rejected
- RADIUS_ACCOUNTING_REQUEST ()
- Accounting request
- RADIUS_ACCOUNTING_RESPONSE ()
- Accounting response
- RADIUS_ACCESS_CHALLENGE ()
- Accsess challenge
- RADIUS_USER_NAME (string)
- Username
- RADIUS_USER_PASSWORD (string)
- Password
- RADIUS_CHAP_PASSWORD (string)
- Chap Password: chappass = md5(ident + plaintextpass + challenge)
- RADIUS_NAS_IP_ADDRESS (string)
- NAS IP-Adress
- RADIUS_NAS_PORT (int)
- NAS Port
- RADIUS_SERVICE_TYPE (int)
-
Type of Service, one of:
- RADIUS_LOGIN
- RADIUS_FRAMED
- RADIUS_CALLBACK_LOGIN
- RADIUS_CALLBACK_FRAMED
- RADIUS_OUTBOUND
- RADIUS_ADMINISTRATIVE
- RADIUS_NAS_PROMPT
- RADIUS_AUTHENTICATE_ONLY
- RADIUS_CALLBACK_NAS_PROMPT
- RADIUS_FRAMED_PROTOCOL (int)
-
Framed Protocol, one of:
- RADIUS_PPP
- RADIUS_SLIP
- RADIUS_ARAP
- RADIUS_GANDALF
- RADIUS_XYLOGICS
- RADIUS_FRAMED_IP_ADDRESS (string)
- IP-Address
- RADIUS_FRAMED_IP_NETMASK (string)
- Netmask
- RADIUS_FRAMED_ROUTING (int)
- Routing
- RADIUS_FILTER_ID (string)
- Filter ID
- RADIUS_FRAMED_MTU (int)
- MTU
- RADIUS_FRAMED_COMPRESSION (int)
-
Compression, one of:
- RADIUS_COMP_NONE
- RADIUS_COMP_VJ
- RADIUS_COMP_IPXHDR
- RADIUS_LOGIN_IP_HOST (string)
- Login IP Host
- RADIUS_LOGIN_SERVICE (int)
- Login Service
- RADIUS_LOGIN_TCP_PORT (int)
- Login TCP Port
- RADIUS_REPLY_MESSAGE (string)
- Reply Message
- RADIUS_CALLBACK_NUMBER (string)
- Callback Number
- RADIUS_CALLBACK_ID (string)
- Callback ID
- RADIUS_FRAMED_ROUTE (string)
- Framed Route
- RADIUS_FRAMED_IPX_NETWORK (string)
- Framed IPX Network
- RADIUS_STATE (string)
- State
- RADIUS_CLASS (int)
- Class
- RADIUS_VENDOR_SPECIFIC (int)
- Vendor specific attribute
- RADIUS_SESSION_TIMEOUT (int)
- Session timeout
- RADIUS_IDLE_TIMEOUT (int)
- Idle timeout
- RADIUS_TERMINATION_ACTION (int)
- Termination action
- RADIUS_CALLED_STATION_ID (int)
- Called Station Id
- RADIUS_CALLING_STATION_ID (string)
- Calling Station Id
- RADIUS_NAS_IDENTIFIER (int)
- NAS ID
- RADIUS_PROXY_STATE (int)
- Proxy State
- RADIUS_LOGIN_LAT_SERVICE (int)
- Login LAT Service
- RADIUS_LOGIN_LAT_NODE (int)
- Login LAT Node
- RADIUS_LOGIN_LAT_GROUP (int)
- Login LAT Group
- RADIUS_FRAMED_APPLETALK_LINK (int)
- Framed Appletalk Link
- RADIUS_FRAMED_APPLETALK_NETWORK (int)
- Framed Appletalk Network
- RADIUS_FRAMED_APPLETALK_ZONE (int)
- Framed Appletalk Zone
- RADIUS_CHAP_CHALLENGE (string)
- Challenge
- RADIUS_NAS_PORT_TYPE (int)
-
NAS port type, one of:
- RADIUS_ASYNC
- RADIUS_SYNC
- RADIUS_ISDN_SYNC
- RADIUS_ISDN_ASYNC_V120
- RADIUS_ISDN_ASYNC_V110
- RADIUS_VIRTUAL
- RADIUS_PIAFS
- RADIUS_HDLC_CLEAR_CHANNEL
- RADIUS_X_25
- RADIUS_X_75
- RADIUS_G_3_FAX
- RADIUS_SDSL
- RADIUS_ADSL_CAP
- RADIUS_ADSL_DMT
- RADIUS_IDSL
- RADIUS_ETHERNET
- RADIUS_XDSL
- RADIUS_CABLE
- RADIUS_WIRELESS_OTHER
- RADIUS_WIRELESS_IEEE_802_11
- RADIUS_PORT_LIMIT (int)
- Port Limit
- RADIUS_LOGIN_LAT_PORT (int)
- Login LAT Port
- RADIUS_CONNECT_INFO (string)
- Connect info
- RADIUS_ACCT_STATUS_TYPE (int)
-
Accounting status type, one of:
- RADIUS_START
- RADIUS_STOP
- RADIUS_ACCOUNTING_ON
- RADIUS_ACCOUNTING_OFF
- RADIUS_ACCT_DELAY_TIME (int)
- Accounting delay time
- RADIUS_ACCT_INPUT_OCTETS (int)
- Accounting input bytes
- RADIUS_ACCT_OUTPUT_OCTETS (int)
- Accounting output bytes
- RADIUS_ACCT_SESSION_ID (int)
- Accounting session ID
- RADIUS_ACCT_AUTHENTIC (int)
-
Accounting authentic, one of:
- RADIUS_AUTH_RADIUS
- RADIUS_AUTH_LOCAL
- RADIUS_AUTH_REMOTE
- RADIUS_ACCT_SESSION_TIME (int)
- Accounting session time
- RADIUS_ACCT_INPUT_PACKETS (int)
- Accounting input packets
- RADIUS_ACCT_OUTPUT_PACKETS (int)
- Accounting output packets
- RADIUS_ACCT_TERMINATE_CAUSE (int)
-
Accounting terminate cause, one of:
- RADIUS_TERM_USER_REQUEST
- RADIUS_TERM_LOST_CARRIER
- RADIUS_TERM_LOST_SERVICE
- RADIUS_TERM_IDLE_TIMEOUT
- RADIUS_TERM_SESSION_TIMEOUT
- RADIUS_TERM_ADMIN_RESET
- RADIUS_TERM_ADMIN_REBOOT
- RADIUS_TERM_PORT_ERROR
- RADIUS_TERM_NAS_ERROR
- RADIUS_TERM_NAS_REQUEST
- RADIUS_TERM_NAS_REBOOT
- RADIUS_TERM_PORT_UNNEEDED
- RADIUS_TERM_PORT_PREEMPTED
- RADIUS_TERM_PORT_SUSPENDED
- RADIUS_TERM_SERVICE_UNAVAILABLE
- RADIUS_TERM_CALLBACK
- RADIUS_TERM_USER_ERROR
- RADIUS_TERM_HOST_REQUEST
- RADIUS_ACCT_MULTI_SESSION_ID (string)
- Accounting multi session ID
- RADIUS_ACCT_LINK_COUNT (int)
- Accounting link count
- RADIUS_VENDOR_MICROSOFT (int)
-
Microsoft specific vendor attributes (» RFC 2548), one of:
- RADIUS_MICROSOFT_MS_CHAP_RESPONSE
- RADIUS_MICROSOFT_MS_CHAP_ERROR
- RADIUS_MICROSOFT_MS_CHAP_PW_1
- RADIUS_MICROSOFT_MS_CHAP_PW_2
- RADIUS_MICROSOFT_MS_CHAP_LM_ENC_PW
- RADIUS_MICROSOFT_MS_CHAP_NT_ENC_PW
- RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY
- RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES
- RADIUS_MICROSOFT_MS_RAS_VENDOR
- RADIUS_MICROSOFT_MS_CHAP_DOMAIN
- RADIUS_MICROSOFT_MS_CHAP_CHALLENGE
- RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS
- RADIUS_MICROSOFT_MS_BAP_USAGE
- RADIUS_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD
- RADIUS_MICROSOFT_MS_LINK_DROP_TIME_LIMIT
- RADIUS_MICROSOFT_MS_MPPE_SEND_KEY
- RADIUS_MICROSOFT_MS_MPPE_RECV_KEY
- RADIUS_MICROSOFT_MS_RAS_VERSION
- RADIUS_MICROSOFT_MS_OLD_ARAP_PASSWORD
- RADIUS_MICROSOFT_MS_NEW_ARAP_PASSWORD
- RADIUS_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON
- RADIUS_MICROSOFT_MS_FILTER
- RADIUS_MICROSOFT_MS_ACCT_AUTH_TYPE
- RADIUS_MICROSOFT_MS_ACCT_EAP_TYPE
- RADIUS_MICROSOFT_MS_CHAP2_RESPONSE
- RADIUS_MICROSOFT_MS_CHAP2_SUCCESS
- RADIUS_MICROSOFT_MS_CHAP2_PW
- RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER
- RADIUS_MICROSOFT_MS_SECONDARY_DNS_SERVER
- RADIUS_MICROSOFT_MS_PRIMARY_NBNS_SERVER
- RADIUS_MICROSOFT_MS_SECONDARY_NBNS_SERVER
- RADIUS_MICROSOFT_MS_ARAP_CHALLENGE
Quickstart
Howto start?
- get a radius resource
- configure the library
- create the request
- put attributes
- send the request
- receive attributes
- close the radius resource (optional)
The package contains an example php script. This script demonstrates howto authenticate with radius using PAP or CHAP (md5). If you authenticate with Microsoft Radius servers then its not possible to use CHAP (md5). If you would like to authenticate with Microsoft Servers you have to use MS-CHAPv1 or MS-CHAPv2, but its more complicated, because you need md4, sha1 and des to generate the right data. The enclosed examples demonstrate all authentication-methods, including MS-CHAPv1 and MS-CHAPv2. To get the MS-CHAP to work you need the mcrypt and the mhash extension, starting with version 1.2 of the package, the mcrypt extension is no longer needed.
Contact Information
If you have comments, bugfixes, enhancements or want to help to develop this you can send me a mail at » mbretter@php.net. Binaries for Windows can be downloaded from » here.
Table of Contents
- radius_acct_open — Creates a Radius handle for accounting
- radius_add_server — Adds a server
- radius_auth_open — Creates a Radius handle for authentication
- radius_close — Frees all ressources
- radius_config — Causes the library to read the given configuration file
- radius_create_request — Create accounting or authentication request
- radius_cvt_addr — Converts raw data to IP-Address
- radius_cvt_int — Converts raw data to integer
- radius_cvt_string — Converts raw data to string
- radius_demangle_mppe_key — Derives mppe-keys from mangled data
- radius_demangle — Demangles data
- radius_get_attr — Extracts an attribute
- radius_get_vendor_attr — Extracts a vendor specific attribute
- radius_put_addr — Attaches an IP-Address attribute
- radius_put_attr — Attaches a binary attribute
- radius_put_int — Attaches an integer attribute
- radius_put_string — Attaches a string attribute
- radius_put_vendor_addr — Attaches a vendor specific IP-Address attribute
- radius_put_vendor_attr — Attaches a vendor specific binary attribute
- radius_put_vendor_int — Attaches a vendor specific integer attribute
- radius_put_vendor_string — Attaches a vendor specific string attribute
- radius_request_authenticator — Returns the request authenticator
- radius_send_request — Sends the request and waites for a reply
- radius_server_secret — Returns the shared secret
- radius_strerror — Returns an error message