Radius

CXII. Radius

Введение

- This package is based on the libradius of FreeBSD. This PECL adds full support for Radius Authentication (RFC 2865) and Radius Accounting (RFC 2866). This package is available for Unix (tested on FreeBSD and Linux) and for Windows.

Замечание: An exact description for libradius can be found here. A detailed description of the configuration file can be found here.

Установка

- Howto install the package?

untar the package (usually into php4/ext)

rename radius-x.x to radius

run ./buildconf in php4

run ./configure --enable-radius

make; make install

or if you would like to have it as .so:

untar the package

run phpize in the radius-x.x directory

run ./configure in the radius-x.x directory

make; make install

- For windows I recommend to use the php_radius.dll from http://snaps.php.net/. Вы можете получить не встроенное

расширение PECL с различных страниц снимков

PECL (выберите соответствующий репозиторий для вашей версии

PHP): PECL для PHP

4.3.x, PECL для PHP5.0.x или PECL Нестабильные.

Предопределенные константы

-Перечисленные ниже константы определены данным расширением и могут быть

доступны только в том случае, если PHP был собран с

поддержкой этого расширения или же в том случае, если

данное расширение подгружается во время выполнения.

RADIUS_ACCESS_REQUEST ()

- Authentication Request

RADIUS_ACCESS_ACCEPT ()

- Access accepted

RADIUS_ACCESS_REJECT ()

- Access rejected

RADIUS_ACCOUNTING_REQUEST ()

- Accounting request

RADIUS_ACCOUNTING_RESPONSE ()

- Accounting response

RADIUS_ACCESS_CHALLENGE ()

- Accsess challenge

RADIUS_USER_NAME (string)

- Username

RADIUS_USER_PASSWORD (string)

- Password

RADIUS_CHAP_PASSWORD (string)

- Chap Password: chappass = md5(ident + plaintextpass + challenge)

RADIUS_NAS_IP_ADDRESS (string)

- NAS IP-Adress

RADIUS_NAS_PORT (int)

- NAS Port

RADIUS_SERVICE_TYPE (int)

- Type of Service, one of:

RADIUS_LOGIN
RADIUS_FRAMED
RADIUS_CALLBACK_LOGIN
RADIUS_CALLBACK_FRAMED
RADIUS_OUTBOUND
RADIUS_ADMINISTRATIVE
RADIUS_NAS_PROMPT
RADIUS_AUTHENTICATE_ONLY
RADIUS_CALLBACK_NAS_PROMPT

RADIUS_FRAMED_PROTOCOL (int)

- Framed Protocol, one of:

RADIUS_PPP
RADIUS_SLIP
RADIUS_ARAP
RADIUS_GANDALF
RADIUS_XYLOGICS

RADIUS_FRAMED_IP_ADDRESS (string)

- IP-Address

RADIUS_FRAMED_IP_NETMASK (string)

- Netmask

RADIUS_FRAMED_ROUTING (int)

- Routing

RADIUS_FILTER_ID (string)

- Filter ID

RADIUS_FRAMED_MTU (int)

- MTU

RADIUS_FRAMED_COMPRESSION (int)

- Compression, one of:

RADIUS_COMP_NONE
RADIUS_COMP_VJ
RADIUS_COMP_IPXHDR

RADIUS_LOGIN_IP_HOST (string)

- Login IP Host

RADIUS_LOGIN_SERVICE (int)

- Login Service

RADIUS_LOGIN_TCP_PORT (int)

- Login TCP Port

RADIUS_REPLY_MESSAGE (string)

- Reply Message

RADIUS_CALLBACK_NUMBER (string)

- Callback Number

RADIUS_CALLBACK_ID (string)

- Callback ID

RADIUS_FRAMED_ROUTE (string)

- Framed Route

RADIUS_FRAMED_IPX_NETWORK (string)

- Framed IPX Network

RADIUS_STATE (string)

- State

RADIUS_CLASS (int)

- Class

RADIUS_VENDOR_SPECIFIC (int)

- Vendor specific attribute

RADIUS_SESSION_TIMEOUT (int)

- Session timeout

RADIUS_IDLE_TIMEOUT (int)

- Idle timeout

RADIUS_TERMINATION_ACTION (int)

- Termination action

RADIUS_CALLED_STATION_ID (int)

- Called Station Id

RADIUS_CALLING_STATION_ID (string)

- Calling Station Id

RADIUS_NAS_IDENTIFIER (int)

- NAS ID

RADIUS_PROXY_STATE (int)

- Proxy State

RADIUS_LOGIN_LAT_SERVICE (int)

- Login LAT Service

RADIUS_LOGIN_LAT_NODE (int)

- Login LAT Node

RADIUS_LOGIN_LAT_GROUP (int)

- Login LAT Group

RADIUS_FRAMED_APPLETALK_LINK (int)

- Framed Appletalk Link

RADIUS_FRAMED_APPLETALK_NETWORK (int)

- Framed Appletalk Network

RADIUS_FRAMED_APPLETALK_ZONE (int)

- Framed Appletalk Zone

RADIUS_CHAP_CHALLENGE (string)

- Challenge

RADIUS_NAS_PORT_TYPE (int)

- NAS port type, one of:

RADIUS_ASYNC
RADIUS_SYNC
RADIUS_ISDN_SYNC
RADIUS_ISDN_ASYNC_V120
RADIUS_ISDN_ASYNC_V110
RADIUS_VIRTUAL
RADIUS_PIAFS
RADIUS_HDLC_CLEAR_CHANNEL
RADIUS_X_25
RADIUS_X_75
RADIUS_G_3_FAX
RADIUS_SDSL
RADIUS_ADSL_CAP
RADIUS_ADSL_DMT
RADIUS_IDSL
RADIUS_ETHERNET
RADIUS_XDSL
RADIUS_CABLE
RADIUS_WIRELESS_OTHER
RADIUS_WIRELESS_IEEE_802_11

RADIUS_PORT_LIMIT (int)

- Port Limit

RADIUS_LOGIN_LAT_PORT (int)

- Login LAT Port

RADIUS_CONNECT_INFO (string)

- Connect info

RADIUS_ACCT_STATUS_TYPE (int)

- Accounting status type, one of:

RADIUS_START
RADIUS_STOP
RADIUS_ACCOUNTING_ON
RADIUS_ACCOUNTING_OFF

RADIUS_ACCT_DELAY_TIME (int)

- Accounting delay time

RADIUS_ACCT_INPUT_OCTETS (int)

- Accounting input bytes

RADIUS_ACCT_OUTPUT_OCTETS (int)

- Accounting output bytes

RADIUS_ACCT_SESSION_ID (int)

- Accounting session ID

RADIUS_ACCT_AUTHENTIC (int)

- Accounting authentic, one of:

RADIUS_AUTH_RADIUS
RADIUS_AUTH_LOCAL
RADIUS_AUTH_REMOTE

RADIUS_ACCT_SESSION_TIME (int)

- Accounting session time

RADIUS_ACCT_INPUT_PACKETS (int)

- Accounting input packets

RADIUS_ACCT_OUTPUT_PACKETS (int)

- Accounting output packets

RADIUS_ACCT_TERMINATE_CAUSE (int)

- Accounting terminate cause, one of:

RADIUS_TERM_USER_REQUEST
RADIUS_TERM_LOST_CARRIER
RADIUS_TERM_LOST_SERVICE
RADIUS_TERM_IDLE_TIMEOUT
RADIUS_TERM_SESSION_TIMEOUT
RADIUS_TERM_ADMIN_RESET
RADIUS_TERM_ADMIN_REBOOT
RADIUS_TERM_PORT_ERROR
RADIUS_TERM_NAS_ERROR
RADIUS_TERM_NAS_REQUEST
RADIUS_TERM_NAS_REBOOT
RADIUS_TERM_PORT_UNNEEDED
RADIUS_TERM_PORT_PREEMPTED
RADIUS_TERM_PORT_SUSPENDED
RADIUS_TERM_SERVICE_UNAVAILABLE
RADIUS_TERM_CALLBACK
RADIUS_TERM_USER_ERROR
RADIUS_TERM_HOST_REQUEST

RADIUS_ACCT_MULTI_SESSION_ID (string)

- Accounting multi session ID

RADIUS_ACCT_LINK_COUNT (int)

- Accounting link count

RADIUS_VENDOR_MICROSOFT (int)

- Microsoft specific vendor attributes (RFC 2548), one of:

RADIUS_MICROSOFT_MS_CHAP_RESPONSE
RADIUS_MICROSOFT_MS_CHAP_ERROR
RADIUS_MICROSOFT_MS_CHAP_PW_1
RADIUS_MICROSOFT_MS_CHAP_PW_2
RADIUS_MICROSOFT_MS_CHAP_LM_ENC_PW
RADIUS_MICROSOFT_MS_CHAP_NT_ENC_PW
RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY
RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES
RADIUS_MICROSOFT_MS_RAS_VENDOR
RADIUS_MICROSOFT_MS_CHAP_DOMAIN
RADIUS_MICROSOFT_MS_CHAP_CHALLENGE
RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS
RADIUS_MICROSOFT_MS_BAP_USAGE
RADIUS_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD
RADIUS_MICROSOFT_MS_LINK_DROP_TIME_LIMIT
RADIUS_MICROSOFT_MS_MPPE_SEND_KEY
RADIUS_MICROSOFT_MS_MPPE_RECV_KEY
RADIUS_MICROSOFT_MS_RAS_VERSION
RADIUS_MICROSOFT_MS_OLD_ARAP_PASSWORD
RADIUS_MICROSOFT_MS_NEW_ARAP_PASSWORD
RADIUS_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON
RADIUS_MICROSOFT_MS_FILTER
RADIUS_MICROSOFT_MS_ACCT_AUTH_TYPE
RADIUS_MICROSOFT_MS_ACCT_EAP_TYPE
RADIUS_MICROSOFT_MS_CHAP2_RESPONSE
RADIUS_MICROSOFT_MS_CHAP2_SUCCESS
RADIUS_MICROSOFT_MS_CHAP2_PW
RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER
RADIUS_MICROSOFT_MS_SECONDARY_DNS_SERVER
RADIUS_MICROSOFT_MS_PRIMARY_NBNS_SERVER
RADIUS_MICROSOFT_MS_SECONDARY_NBNS_SERVER
RADIUS_MICROSOFT_MS_ARAP_CHALLENGE

Quickstart

- Howto start?

get a radius resource

configure the library

create the request

put attributes

send the request

receive attributes

close the radius resource (optional)

Take also a look at the examples in this package.

- The package contains an example php script. This script demonstrates howto authenticate with radius using PAP or CHAP (md5). If you authenticate with Microsoft Radius servers then its not possible to use CHAP (md5). If you would like to authenticate with Microsoft Servers you have to use MS-CHAPv1 or MS-CHAPv2, but its more complicated, because you need md4, sha1 and des to generate the right data. The enclosed examples demonstrate all authentication-methods, including MS-CHAPv1 and MS-CHAPv2. To get the MS-CHAP to work you need the mcrypt and the mhash extension, starting with version 1.2 of the package, the mcrypt extension is no longer needed.

Contact Information

- If you have comments, bugfixes, enhancements or want to help to develop this you can send me a mail at mbretter@php.net. Binaries for Windows can be downloaded from here.

Содержание

radius_acct_open -- Creates a Radius handle for accounting

radius_add_server -- Adds a server

radius_auth_open -- Creates a Radius handle for authentication

radius_close -- Frees all ressources

radius_config -- Causes the library to read the given configuration file

radius_create_request -- Create accounting or authentication request

radius_cvt_addr -- Converts raw data to IP-Address

radius_cvt_int -- Converts raw data to integer

radius_cvt_string -- Converts raw data to string

radius_demangle_mppe_key -- Derives mppe-keys from mangled data

radius_demangle -- Demangles data