Radius Функції

Зміст

radius_acct_open — Creates a Radius handle for accounting
radius_add_server — Adds a server
radius_auth_open — Creates a Radius handle for authentication
radius_close — Frees all ressources
radius_config — Causes the library to read the given configuration file
radius_create_request — Create accounting or authentication request
radius_cvt_addr — Converts raw data to IP-Address
radius_cvt_int — Converts raw data to integer
radius_cvt_string — Converts raw data to string
radius_demangle — Demangles data
radius_demangle_mppe_key — Derives mppe-keys from mangled data
radius_get_attr — Extracts an attribute
radius_get_tagged_attr_data — Extracts the data from a tagged attribute
radius_get_tagged_attr_tag — Extracts the tag from a tagged attribute
radius_get_vendor_attr — Extracts a vendor specific attribute
radius_put_addr — Attaches an IP address attribute
radius_put_attr — Attaches a binary attribute
radius_put_int — Attaches an integer attribute
radius_put_string — Attaches a string attribute
radius_put_vendor_addr — Attaches a vendor specific IP address attribute
radius_put_vendor_attr — Attaches a vendor specific binary attribute
radius_put_vendor_int — Attaches a vendor specific integer attribute
radius_put_vendor_string — Attaches a vendor specific string attribute
radius_request_authenticator — Returns the request authenticator
radius_salt_encrypt_attr — Salt-encrypts a value
radius_send_request — Sends the request and waits for a reply
radius_server_secret — Returns the shared secret
radius_strerror — Returns an error message

Found A Problem?

Learn How To Improve This Page • Submit a Pull Request • Report a Bug

＋add a note

User Contributed Notes 5 notes

down

SysCo/al - developer [at] sysco[dot] ch ¶

17 years ago

Pure PHP radius class (do not need the radius package !)We have implemented a pure PHP radius class following the RFC 2865 rules. Using this class, it is also possible to do WWW realm authentication.Class abstract, full class implementation (LGPL) with helper files and examples can be found at http://developer.sysco.ch/php/<?php// (...)class Radius{    // (...)    public function Radius($ip_radius_server = '127.0.0.1', $shared_secret = '', $radius_suffix = '', $udp_timeout = 5, $authentication_port = 1812, $accounting_port = 1813)    {        // (...)    }    // (...)    function AccessRequest($username = '', $password = '', $udp_timeout = 0)    {        // (...)        $_socket_to_server = socket_create(AF_INET, SOCK_DGRAM, 17); // UDP packet = 17                if ($_socket_to_server === FALSE)        {            // (...)        }        elseif (FALSE === socket_connect($_socket_to_server, $this->_ip_radius_server, $this->_authentication_port))        {            // (...)        }        elseif (FALSE === socket_write($_socket_to_server, $packet_data, $packet_length))        {            // (...)        }        else        {            // (...)            $read_socket_array   = array($_socket_to_server);            $write_socket_array  = NULL;            $except_socket_array = NULL;            $received_packet = chr(0);            if (!(FALSE === socket_select($read_socket_array, $write_socket_array, $except_socket_array, $this->_udp_timeout)))            {                if (in_array($_socket_to_server, $read_socket_array))                {                    if (FALSE === ($received_packet = @socket_read($_socket_to_server, 1024))) // @ used, than no error is displayed if the connection is closed by the remote host                    {                        // (...)                    }                    else                    {                        socket_close($_socket_to_server);                    }                }            }            else            {                socket_close($_socket_to_server);            }        }        // (...)                return (2 == ($this->_radius_packet_received));    }}?>Example<?php    require_once('radius.class.php');    $radius = new Radius('127.0.0.1', 'secret');    if ($radius->AccessRequest('user', 'pass'))    {        echo "Authentication accepted.";    }    else    {        echo "Authentication rejected.";    }?>

down

andac dot aydin at code64 dot de ¶

19 years ago

If you are constantly getting the errormessage: Fatal error: Unknown function: radius_auth_open() in...And your Server is a Windows-System (for example standard-xampp installation), you propably did not remove the comment symbol ";" in front of "extension=php_radius.dll" in php.ini.If you did that, but get the error anyway:Additionally be sure you edited the right php.ini, since xampp installs several php.exe's but only "xampp/apache/bin/php.ini"  is the correct one!It did cost me 2 days to find that out!

down

shaun at verticalevolution dot com ¶

19 years ago

To expand on the simple example by jengo at phpgroupware dot org you can add a NAS IP address to the request by using:radius_put_addr($radius, RADIUS_NAS_IP_ADDRESS, '127.0.0.1');and not radius_put_attr or radius_put_string. I also had to use radius_put_string for the user name and password.

down

-2

jengo at phpgroupware dot org ¶

19 years ago

Here is a simple example on how to auth against radius.  Note:  This doesn't handle challenge responses.

<?php
    $radius = radius_auth_open();
    if (! radius_add_server($radius,'localhost',0,'radiussecret',5,3))
    {
        die('Radius Error: ' . radius_strerror($radius));
    }

    if (! radius_create_request($radius,RADIUS_ACCESS_REQUEST))
    {
        die('Radius Error: ' . radius_strerror($radius));
    }

    radius_put_attr($radius,RADIUS_USER_NAME,'username');
    radius_put_attr($radius,RADIUS_USER_PASSWORD,'password');

    switch (radius_send_request($radius))
    {
        case RADIUS_ACCESS_ACCEPT:
            echo 'GOOD LOGIN';
            break;
        case RADIUS_ACCESS_REJECT:
            echo 'BAD LOGIN';
            break;
        case RADIUS_ACCESS_CHALLENGE:
            echo 'CHALLENGE REQUESTED';
            break;
        default:
            die('Radius Error: ' . radius_strerror($radius));
    }
?>

down

-2

brett at silcon dot com ¶

19 years ago

Here's a longer example that DOES do Challenge Response and works with SecurID Authentication Managers.http://www.webtrotter.com/securid_radius.txt(script wouldn't let me post it because of the long lines, plus it was too long of an example).

＋add a note