Halaman

Tampilkan postingan dengan label Radius. Tampilkan semua postingan
Tampilkan postingan dengan label Radius. Tampilkan semua postingan

Sabtu, 09 Oktober 2010

Using PHP Radius Extension


The FreeRADIUS server software package includes several tools to assist in testing and using the server, some pf them is Radclient and Radtest. To work with applications such as Web inventory Systems, the system has to connect with Radius server using Radius Client. Today I use PHP Radius Extension as Radius client.

PHP Radius client library
This package is PECL extension for Radius (Remote Authentication Dial In User Service). This extension is based on the libradius of FreeBSD. It allows clients to perform authentication and accounting by means of network requests to remote servers.


Auth_RADIUS
This package is a php wrapper around the php radius extension. There are different Classes for the different authentication methods available through RADIUS. If we are using CHAP-MD5 or MS-CHAP authentication, we will also need the Crypt_CHAP package. In addition, if using MS-CHAP authentication, we will need to enable the mhash and mcrypt extension in php.ini. Documentation of the radius extension is available through the PHP manual at http://www.php.net/radius

In previous install link, my sistem has these modules installed
# php -m
[PHP Modules]
Core
date
ereg
gd
libxml
mysql
mysqlnd
pcre
Reflection
session
SPL
standard

I started the installation with the following sequence:

1. Install Auth_Radius a PEAR wrapper classes for the RADIUS PECL.
#/usr/ports/net/pear-Auth_RADIUS
#make
===> Registering installation for pear-1.9.1
===> Returning to build of pear-Auth_RADIUS-1.0.6
===> Configuring for pear-Auth_RADIUS-1.0.6
===> Registering installation for pecl-radius-1.2.5
#make install
----------------------------------------------------------------------
Libraries have been installed in:
/usr/ports/net/pecl-radius/work/radius-1.2.5/modules
****************************************************************************
The following line has been added to your /usr/local/etc/php/extensions.ini
configuration file to automatically load the installed extension:
extension=radius.so
****************************************************************************
===> Returning to build of pear-Auth_RADIUS-1.0.6
===> Generating packing list
===> Generating temporary packing list
===> Checking if net/pear-Auth_RADIUS already installed
===> Installing examples in /usr/local/share/examples/pear/Auth_RADIUS.
install ok: channel://pear.php.net/Auth_RADIUS-1.0.6
===> Registering installation for pear-Auth_RADIUS-1.0.6

# make clean
===> Cleaning for pear-1.9.1 ###PEAR framework for PHP
===> Cleaning for php5-5.3.3_2
===> Cleaning for pecl-radius-1.2.5 ###Radius client library for PHP
===> Cleaning for php5-xml-5.3.3_2
===> Cleaning for pear-Auth_RADIUS-1.0.6 ###PEAR wrapper classes for the RADIUS PECL


2. Install additional package
#/usr/ports/security/pear-Crypt_CHAP
extension=mcrypt.so
extension=hash.so

3. List modules installed
# php -m
[PHP Modules]
Core
date
ereg
gd
hash
libxml
mcrypt
mhash
mysql
mysqlnd
pcre
radius
Reflection
session
SPL
standard
xml

# pear list
Installed packages, channel pear.php.net:
=========================================
Package Version State
Archive_Tar 1.3.7 stable
Auth_RADIUS 1.0.6 stable
Console_Getopt 1.2.3 stable
Crypt_CHAP 1.0.2 stable ### here version 1.0.2
PEAR 1.9.1 stable
Structures_Graph 1.0.3 stable


4.I have to upgrade Crypt_CHAP (replace mhash function to hash function, because I'm on php5.3)
# pear upgrade
downloading Crypt_CHAP-1.5.0.tar ...
Starting to download Crypt_CHAP-1.5.0.tar (Unknown size)
........done: 22,528 bytes
upgrade ok: channel://pear.php.net/Crypt_CHAP-1.5.0
Installed packages, channel pear.php.net:
=========================================
Package Version State
Archive_Tar 1.3.7 stable
Auth_RADIUS 1.0.6 stable
Console_Getopt 1.2.3 stable
Crypt_CHAP 1.5.0 stable
PEAR 1.9.1 stable
Structures_Graph 1.0.3 stable

5. Restart Apache service
#apachectl graceful

6. Start Radius in debug mode



7. Test authentication



8. Use sample number 2 from here and modify arguments as needed, and test it. It works.