11111

Radius

Пред.

След.

CXII. Radius

Введение

- This package is based on the libradius of FreeBSD. This PECL adds full support for Radius Authentication (RFC 2865) and Radius Accounting (RFC 2866). This package is available for Unix (tested on FreeBSD and Linux) and for Windows.

Замечание: An exact description for libradius can be found here. A detailed description of the configuration file can be found here.

Установка

- Howto install the package?

  • untar the package (usually into php4/ext)
  • rename radius-x.x to radius
  • run ./buildconf in php4
  • run ./configure --enable-radius
  • make; make install

    or if you would like to have it as .so:

  • untar the package
  • run phpize in the radius-x.x directory
  • run ./configure in the radius-x.x directory
  • make; make install

    - For windows I recommend to use the php_radius.dll from http://snaps.php.net/. Вы можете получить не встроенное

    расширение PECL с различных страниц снимков

    PECL (выберите соответствующий репозиторий для вашей версии

    PHP): PECL для PHP

    4.3.x, PECL для PHP5.0.x или PECL Нестабильные.

    Предопределенные константы

    -Перечисленные ниже константы определены данным расширением и могут быть

    доступны только в том случае, если PHP был собран с

    поддержкой этого расширения или же в том случае, если

    данное расширение подгружается во время выполнения.

    RADIUS_ACCESS_REQUEST ()

    - Authentication Request

    RADIUS_ACCESS_ACCEPT ()

    - Access accepted

    RADIUS_ACCESS_REJECT ()

    - Access rejected

    RADIUS_ACCOUNTING_REQUEST ()

    - Accounting request

    RADIUS_ACCOUNTING_RESPONSE ()

    - Accounting response

    RADIUS_ACCESS_CHALLENGE ()

    - Accsess challenge

    RADIUS_USER_NAME (string)

    - Username

    RADIUS_USER_PASSWORD (string)

    - Password

    RADIUS_CHAP_PASSWORD (string)

    - Chap Password: chappass = md5(ident + plaintextpass + challenge)

    RADIUS_NAS_IP_ADDRESS (string)

    - NAS IP-Adress

    RADIUS_NAS_PORT (int)

    - NAS Port

    RADIUS_SERVICE_TYPE (int)

    - Type of Service, one of:
    RADIUS_LOGIN
    RADIUS_FRAMED
    RADIUS_CALLBACK_LOGIN
    RADIUS_CALLBACK_FRAMED
    RADIUS_OUTBOUND
    RADIUS_ADMINISTRATIVE
    RADIUS_NAS_PROMPT
    RADIUS_AUTHENTICATE_ONLY
    RADIUS_CALLBACK_NAS_PROMPT

    RADIUS_FRAMED_PROTOCOL (int)

    - Framed Protocol, one of:
    RADIUS_PPP
    RADIUS_SLIP
    RADIUS_ARAP
    RADIUS_GANDALF
    RADIUS_XYLOGICS

    RADIUS_FRAMED_IP_ADDRESS (string)

    - IP-Address

    RADIUS_FRAMED_IP_NETMASK (string)

    - Netmask

    RADIUS_FRAMED_ROUTING (int)

    - Routing

    RADIUS_FILTER_ID (string)

    - Filter ID

    RADIUS_FRAMED_MTU (int)

    - MTU

    RADIUS_FRAMED_COMPRESSION (int)

    - Compression, one of:
    RADIUS_COMP_NONE
    RADIUS_COMP_VJ
    RADIUS_COMP_IPXHDR

    RADIUS_LOGIN_IP_HOST (string)

    - Login IP Host

    RADIUS_LOGIN_SERVICE (int)

    - Login Service

    RADIUS_LOGIN_TCP_PORT (int)

    - Login TCP Port

    RADIUS_REPLY_MESSAGE (string)

    - Reply Message

    RADIUS_CALLBACK_NUMBER (string)

    - Callback Number

    RADIUS_CALLBACK_ID (string)

    - Callback ID

    RADIUS_FRAMED_ROUTE (string)

    - Framed Route

    RADIUS_FRAMED_IPX_NETWORK (string)

    - Framed IPX Network

    RADIUS_STATE (string)

    - State

    RADIUS_CLASS (int)

    - Class

    RADIUS_VENDOR_SPECIFIC (int)

    - Vendor specific attribute

    RADIUS_SESSION_TIMEOUT (int)

    - Session timeout

    RADIUS_IDLE_TIMEOUT (int)

    - Idle timeout

    RADIUS_TERMINATION_ACTION (int)

    - Termination action

    RADIUS_CALLED_STATION_ID (int)

    - Called Station Id

    RADIUS_CALLING_STATION_ID (string)

    - Calling Station Id

    RADIUS_NAS_IDENTIFIER (int)

    - NAS ID

    RADIUS_PROXY_STATE (int)

    - Proxy State

    RADIUS_LOGIN_LAT_SERVICE (int)

    - Login LAT Service

    RADIUS_LOGIN_LAT_NODE (int)

    - Login LAT Node

    RADIUS_LOGIN_LAT_GROUP (int)

    - Login LAT Group

    RADIUS_FRAMED_APPLETALK_LINK (int)

    - Framed Appletalk Link

    RADIUS_FRAMED_APPLETALK_NETWORK (int)

    - Framed Appletalk Network

    RADIUS_FRAMED_APPLETALK_ZONE (int)

    - Framed Appletalk Zone

    RADIUS_CHAP_CHALLENGE (string)

    - Challenge

    RADIUS_NAS_PORT_TYPE (int)

    - NAS port type, one of:
    RADIUS_ASYNC
    RADIUS_SYNC
    RADIUS_ISDN_SYNC
    RADIUS_ISDN_ASYNC_V120
    RADIUS_ISDN_ASYNC_V110
    RADIUS_VIRTUAL
    RADIUS_PIAFS
    RADIUS_HDLC_CLEAR_CHANNEL
    RADIUS_X_25
    RADIUS_X_75
    RADIUS_G_3_FAX
    RADIUS_SDSL
    RADIUS_ADSL_CAP
    RADIUS_ADSL_DMT
    RADIUS_IDSL
    RADIUS_ETHERNET
    RADIUS_XDSL
    RADIUS_CABLE
    RADIUS_WIRELESS_OTHER
    RADIUS_WIRELESS_IEEE_802_11

    RADIUS_PORT_LIMIT (int)

    - Port Limit

    RADIUS_LOGIN_LAT_PORT (int)

    - Login LAT Port

    RADIUS_CONNECT_INFO (string)

    - Connect info

    RADIUS_ACCT_STATUS_TYPE (int)

    - Accounting status type, one of:
    RADIUS_START
    RADIUS_STOP
    RADIUS_ACCOUNTING_ON
    RADIUS_ACCOUNTING_OFF

    RADIUS_ACCT_DELAY_TIME (int)

    - Accounting delay time

    RADIUS_ACCT_INPUT_OCTETS (int)

    - Accounting input bytes

    RADIUS_ACCT_OUTPUT_OCTETS (int)

    - Accounting output bytes

    RADIUS_ACCT_SESSION_ID (int)

    - Accounting session ID

    RADIUS_ACCT_AUTHENTIC (int)

    - Accounting authentic, one of:
    RADIUS_AUTH_RADIUS
    RADIUS_AUTH_LOCAL
    RADIUS_AUTH_REMOTE

    RADIUS_ACCT_SESSION_TIME (int)

    - Accounting session time

    RADIUS_ACCT_INPUT_PACKETS (int)

    - Accounting input packets

    RADIUS_ACCT_OUTPUT_PACKETS (int)

    - Accounting output packets

    RADIUS_ACCT_TERMINATE_CAUSE (int)

    - Accounting terminate cause, one of:
    RADIUS_TERM_USER_REQUEST
    RADIUS_TERM_LOST_CARRIER
    RADIUS_TERM_LOST_SERVICE
    RADIUS_TERM_IDLE_TIMEOUT
    RADIUS_TERM_SESSION_TIMEOUT
    RADIUS_TERM_ADMIN_RESET
    RADIUS_TERM_ADMIN_REBOOT
    RADIUS_TERM_PORT_ERROR
    RADIUS_TERM_NAS_ERROR
    RADIUS_TERM_NAS_REQUEST
    RADIUS_TERM_NAS_REBOOT
    RADIUS_TERM_PORT_UNNEEDED
    RADIUS_TERM_PORT_PREEMPTED
    RADIUS_TERM_PORT_SUSPENDED
    RADIUS_TERM_SERVICE_UNAVAILABLE
    RADIUS_TERM_CALLBACK
    RADIUS_TERM_USER_ERROR
    RADIUS_TERM_HOST_REQUEST

    RADIUS_ACCT_MULTI_SESSION_ID (string)

    - Accounting multi session ID

    RADIUS_ACCT_LINK_COUNT (int)

    - Accounting link count

    RADIUS_VENDOR_MICROSOFT (int)

    - Microsoft specific vendor attributes (RFC 2548), one of:
    RADIUS_MICROSOFT_MS_CHAP_RESPONSE
    RADIUS_MICROSOFT_MS_CHAP_ERROR
    RADIUS_MICROSOFT_MS_CHAP_PW_1
    RADIUS_MICROSOFT_MS_CHAP_PW_2
    RADIUS_MICROSOFT_MS_CHAP_LM_ENC_PW
    RADIUS_MICROSOFT_MS_CHAP_NT_ENC_PW
    RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY
    RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES
    RADIUS_MICROSOFT_MS_RAS_VENDOR
    RADIUS_MICROSOFT_MS_CHAP_DOMAIN
    RADIUS_MICROSOFT_MS_CHAP_CHALLENGE
    RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS
    RADIUS_MICROSOFT_MS_BAP_USAGE
    RADIUS_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD
    RADIUS_MICROSOFT_MS_LINK_DROP_TIME_LIMIT
    RADIUS_MICROSOFT_MS_MPPE_SEND_KEY
    RADIUS_MICROSOFT_MS_MPPE_RECV_KEY
    RADIUS_MICROSOFT_MS_RAS_VERSION
    RADIUS_MICROSOFT_MS_OLD_ARAP_PASSWORD
    RADIUS_MICROSOFT_MS_NEW_ARAP_PASSWORD
    RADIUS_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON
    RADIUS_MICROSOFT_MS_FILTER
    RADIUS_MICROSOFT_MS_ACCT_AUTH_TYPE
    RADIUS_MICROSOFT_MS_ACCT_EAP_TYPE
    RADIUS_MICROSOFT_MS_CHAP2_RESPONSE
    RADIUS_MICROSOFT_MS_CHAP2_SUCCESS
    RADIUS_MICROSOFT_MS_CHAP2_PW
    RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER
    RADIUS_MICROSOFT_MS_SECONDARY_DNS_SERVER
    RADIUS_MICROSOFT_MS_PRIMARY_NBNS_SERVER
    RADIUS_MICROSOFT_MS_SECONDARY_NBNS_SERVER
    RADIUS_MICROSOFT_MS_ARAP_CHALLENGE

    Quickstart

    - Howto start?

  • get a radius resource
  • configure the library
  • create the request
  • put attributes
  • send the request
  • receive attributes
  • close the radius resource (optional)

    Take also a look at the examples in this package.

    - The package contains an example php script. This script demonstrates howto authenticate with radius using PAP or CHAP (md5). If you authenticate with Microsoft Radius servers then its not possible to use CHAP (md5). If you would like to authenticate with Microsoft Servers you have to use MS-CHAPv1 or MS-CHAPv2, but its more complicated, because you need md4, sha1 and des to generate the right data. The enclosed examples demonstrate all authentication-methods, including MS-CHAPv1 and MS-CHAPv2. To get the MS-CHAP to work you need the mcrypt and the mhash extension, starting with version 1.2 of the package, the mcrypt extension is no longer needed.

    Contact Information

    - If you have comments, bugfixes, enhancements or want to help to develop this you can send me a mail at mbretter@php.net. Binaries for Windows can be downloaded from here.

    Содержание

    radius_acct_open -- Creates a Radius handle for accounting

    radius_add_server -- Adds a server

    radius_auth_open -- Creates a Radius handle for authentication

    radius_close -- Frees all ressources

    radius_config -- Causes the library to read the given configuration file

    radius_create_request -- Create accounting or authentication request

    radius_cvt_addr -- Converts raw data to IP-Address

    radius_cvt_int -- Converts raw data to integer

    radius_cvt_string -- Converts raw data to string

    radius_demangle_mppe_key -- Derives mppe-keys from mangled data

    radius_demangle -- Demangles data

    radius_get_attr -- Extracts an attribute

    radius_get_vendor_attr -- Extracts a vendor specific attribute

    radius_put_addr -- Attaches an IP-Address attribute

    radius_put_attr -- Attaches a binary attribute

    radius_put_int -- Attaches an integer attribute

    radius_put_string -- Attaches a string attribute

    radius_put_vendor_addr -- Attaches a vendor specific IP-Address attribute

    radius_put_vendor_attr -- Attaches a vendor specific binary attribute

    radius_put_vendor_int -- Attaches a vendor specific integer attribute

    radius_put_vendor_string -- Attaches a vendor specific string attribute

    radius_request_authenticator -- Returns the request authenticator

    radius_send_request -- Sends the request and waites for a reply

    radius_server_secret -- Returns the shared secret

    radius_strerror -- Returns an error message

    Пред.

    Начало

    След.

    qdom_tree

    Уровень выше

    radius_acct_open 22222

    Free Web Hosting