PHP. Руководство по PHP. 2005
Radius
CXII. Radius
Введение
This package is based on the libradius of FreeBSD. This PECL adds full support for Radius Authentication (RFC 2865) and Radius Accounting (RFC 2866). This package is available for Unix (tested on FreeBSD and Linux) and for Windows.
Замечание: An exact description for libradius can be found here. A detailed description of the configuration file can be found here.
Установка
Howto install the package?
or if you would like to have it as .so:
For windows I recommend to use the php_radius.dll from http://snaps.php.net/. Вы можете получить не встроенное
расширение PECL с различных страниц снимков
PECL (выберите соответствующий репозиторий для вашей версии
PHP): PECL для PHP
4.3.x
Предопределенные константы
-Перечисленные ниже константы определены данным расширением и могут быть
доступны только в том случае, если PHP был собран с
поддержкой этого расширения или же в том случае, если
данное расширение подгружается во время выполнения.
RADIUS_ACCESS_REQUEST ()
Authentication Request
RADIUS_ACCESS_ACCEPT ()
Access accepted
RADIUS_ACCESS_REJECT ()
Access rejected
RADIUS_ACCOUNTING_REQUEST ()
Accounting request
RADIUS_ACCOUNTING_RESPONSE ()
Accounting response
RADIUS_ACCESS_CHALLENGE ()
Accsess challenge
RADIUS_USER_NAME (string)
Username
RADIUS_USER_PASSWORD (string)
Password
RADIUS_CHAP_PASSWORD (string)
Chap Password: chappass = md5(ident + plaintextpass + challenge)
RADIUS_NAS_IP_ADDRESS (string)
NAS IP-Adress
RADIUS_NAS_PORT (int)
NAS Port
RADIUS_SERVICE_TYPE (int)
Type of Service, one of:
RADIUS_LOGIN |
RADIUS_FRAMED |
RADIUS_CALLBACK_LOGIN |
RADIUS_CALLBACK_FRAMED |
RADIUS_OUTBOUND |
RADIUS_ADMINISTRATIVE |
RADIUS_NAS_PROMPT |
RADIUS_AUTHENTICATE_ONLY |
RADIUS_CALLBACK_NAS_PROMPT |
RADIUS_FRAMED_PROTOCOL (int)
Framed Protocol, one of:
RADIUS_PPP |
RADIUS_SLIP |
RADIUS_ARAP |
RADIUS_GANDALF |
RADIUS_XYLOGICS |
RADIUS_FRAMED_IP_ADDRESS (string)
IP-Address
RADIUS_FRAMED_IP_NETMASK (string)
Netmask
RADIUS_FRAMED_ROUTING (int)
Routing
RADIUS_FILTER_ID (string)
Filter ID
RADIUS_FRAMED_MTU (int)
MTU
RADIUS_FRAMED_COMPRESSION (int)
Compression, one of:
RADIUS_COMP_NONE |
RADIUS_COMP_VJ |
RADIUS_COMP_IPXHDR |
RADIUS_LOGIN_IP_HOST (string)
Login IP Host
RADIUS_LOGIN_SERVICE (int)
Login Service
RADIUS_LOGIN_TCP_PORT (int)
Login TCP Port
RADIUS_REPLY_MESSAGE (string)
Reply Message
RADIUS_CALLBACK_NUMBER (string)
Callback Number
RADIUS_CALLBACK_ID (string)
Callback ID
RADIUS_FRAMED_ROUTE (string)
Framed Route
RADIUS_FRAMED_IPX_NETWORK (string)
Framed IPX Network
RADIUS_STATE (string)
State
RADIUS_CLASS (int)
Class
RADIUS_VENDOR_SPECIFIC (int)
Vendor specific attribute
RADIUS_SESSION_TIMEOUT (int)
Session timeout
RADIUS_IDLE_TIMEOUT (int)
Idle timeout
RADIUS_TERMINATION_ACTION (int)
Termination action
RADIUS_CALLED_STATION_ID (int)
Called Station Id
RADIUS_CALLING_STATION_ID (string)
Calling Station Id
RADIUS_NAS_IDENTIFIER (int)
NAS ID
RADIUS_PROXY_STATE (int)
Proxy State
RADIUS_LOGIN_LAT_SERVICE (int)
Login LAT Service
RADIUS_LOGIN_LAT_NODE (int)
Login LAT Node
RADIUS_LOGIN_LAT_GROUP (int)
Login LAT Group
RADIUS_FRAMED_APPLETALK_LINK (int)
Framed Appletalk Link
RADIUS_FRAMED_APPLETALK_NETWORK (int)
Framed Appletalk Network
RADIUS_FRAMED_APPLETALK_ZONE (int)
Framed Appletalk Zone
RADIUS_CHAP_CHALLENGE (string)
Challenge
RADIUS_NAS_PORT_TYPE (int)
NAS port type, one of:
RADIUS_ASYNC |
RADIUS_SYNC |
RADIUS_ISDN_SYNC |
RADIUS_ISDN_ASYNC_V120 |
RADIUS_ISDN_ASYNC_V110 |
RADIUS_VIRTUAL |
RADIUS_PIAFS |
RADIUS_HDLC_CLEAR_CHANNEL |
RADIUS_X_25 |
RADIUS_X_75 |
RADIUS_G_3_FAX |
RADIUS_SDSL |
RADIUS_ADSL_CAP |
RADIUS_ADSL_DMT |
RADIUS_IDSL |
RADIUS_ETHERNET |
RADIUS_XDSL |
RADIUS_CABLE |
RADIUS_WIRELESS_OTHER |
RADIUS_WIRELESS_IEEE_802_11 |
RADIUS_PORT_LIMIT (int)
Port Limit
RADIUS_LOGIN_LAT_PORT (int)
Login LAT Port
RADIUS_CONNECT_INFO (string)
Connect info
RADIUS_ACCT_STATUS_TYPE (int)
Accounting status type, one of:
RADIUS_START |
RADIUS_STOP |
RADIUS_ACCOUNTING_ON |
RADIUS_ACCOUNTING_OFF |
RADIUS_ACCT_DELAY_TIME (int)
Accounting delay time
RADIUS_ACCT_INPUT_OCTETS (int)
Accounting input bytes
RADIUS_ACCT_OUTPUT_OCTETS (int)
Accounting output bytes
RADIUS_ACCT_SESSION_ID (int)
Accounting session ID
RADIUS_ACCT_AUTHENTIC (int)
Accounting authentic, one of:
RADIUS_AUTH_RADIUS |
RADIUS_AUTH_LOCAL |
RADIUS_AUTH_REMOTE |
RADIUS_ACCT_SESSION_TIME (int)
Accounting session time
RADIUS_ACCT_INPUT_PACKETS (int)
Accounting input packets
RADIUS_ACCT_OUTPUT_PACKETS (int)
Accounting output packets
RADIUS_ACCT_TERMINATE_CAUSE (int)
Accounting terminate cause, one of:
RADIUS_TERM_USER_REQUEST |
RADIUS_TERM_LOST_CARRIER |
RADIUS_TERM_LOST_SERVICE |
RADIUS_TERM_IDLE_TIMEOUT |
RADIUS_TERM_SESSION_TIMEOUT |
RADIUS_TERM_ADMIN_RESET |
RADIUS_TERM_ADMIN_REBOOT |
RADIUS_TERM_PORT_ERROR |
RADIUS_TERM_NAS_ERROR |
RADIUS_TERM_NAS_REQUEST |
RADIUS_TERM_NAS_REBOOT |
RADIUS_TERM_PORT_UNNEEDED |
RADIUS_TERM_PORT_PREEMPTED |
RADIUS_TERM_PORT_SUSPENDED |
RADIUS_TERM_SERVICE_UNAVAILABLE |
RADIUS_TERM_CALLBACK |
RADIUS_TERM_USER_ERROR |
RADIUS_TERM_HOST_REQUEST |
RADIUS_ACCT_MULTI_SESSION_ID (string)
Accounting multi session ID
RADIUS_ACCT_LINK_COUNT (int)
Accounting link count
RADIUS_VENDOR_MICROSOFT (int)
Microsoft specific vendor attributes (RFC 2548), one of:
RADIUS_MICROSOFT_MS_CHAP_RESPONSE |
RADIUS_MICROSOFT_MS_CHAP_ERROR |
RADIUS_MICROSOFT_MS_CHAP_PW_1 |
RADIUS_MICROSOFT_MS_CHAP_PW_2 |
RADIUS_MICROSOFT_MS_CHAP_LM_ENC_PW |
RADIUS_MICROSOFT_MS_CHAP_NT_ENC_PW |
RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY |
RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES |
RADIUS_MICROSOFT_MS_RAS_VENDOR |
RADIUS_MICROSOFT_MS_CHAP_DOMAIN |
RADIUS_MICROSOFT_MS_CHAP_CHALLENGE |
RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS |
RADIUS_MICROSOFT_MS_BAP_USAGE |
RADIUS_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD |
RADIUS_MICROSOFT_MS_LINK_DROP_TIME_LIMIT |
RADIUS_MICROSOFT_MS_MPPE_SEND_KEY |
RADIUS_MICROSOFT_MS_MPPE_RECV_KEY |
RADIUS_MICROSOFT_MS_RAS_VERSION |
RADIUS_MICROSOFT_MS_OLD_ARAP_PASSWORD |
RADIUS_MICROSOFT_MS_NEW_ARAP_PASSWORD |
RADIUS_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON |
RADIUS_MICROSOFT_MS_FILTER |
RADIUS_MICROSOFT_MS_ACCT_AUTH_TYPE |
RADIUS_MICROSOFT_MS_ACCT_EAP_TYPE |
RADIUS_MICROSOFT_MS_CHAP2_RESPONSE |
RADIUS_MICROSOFT_MS_CHAP2_SUCCESS |
RADIUS_MICROSOFT_MS_CHAP2_PW |
RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER |
RADIUS_MICROSOFT_MS_SECONDARY_DNS_SERVER |
RADIUS_MICROSOFT_MS_PRIMARY_NBNS_SERVER |
RADIUS_MICROSOFT_MS_SECONDARY_NBNS_SERVER |
RADIUS_MICROSOFT_MS_ARAP_CHALLENGE |
Quickstart
Howto start?
Take also a look at the examples in this package.
The package contains an example php script. This script demonstrates howto authenticate with radius using PAP or CHAP (md5). If you authenticate with Microsoft Radius servers then its not possible to use CHAP (md5). If you would like to authenticate with Microsoft Servers you have to use MS-CHAPv1 or MS-CHAPv2, but its more complicated, because you need md4, sha1 and des to generate the right data. The enclosed examples demonstrate all authentication-methods, including MS-CHAPv1 and MS-CHAPv2. To get the MS-CHAP to work you need the mcrypt and the mhash extension, starting with version 1.2 of the package, the mcrypt extension is no longer needed.
Contact Information
If you have comments, bugfixes, enhancements or want to help to develop this you can send me a mail at mbretter@php.net. Binaries for Windows can be downloaded from here.
Содержание
radius_acct_open -- Creates a Radius handle for accounting
radius_add_server -- Adds a server
radius_auth_open -- Creates a Radius handle for authentication
radius_close -- Frees all ressources
radius_config -- Causes the library to read the given configuration file
radius_create_request -- Create accounting or authentication request
radius_cvt_addr -- Converts raw data to IP-Address
radius_cvt_int -- Converts raw data to integer
radius_cvt_string -- Converts raw data to string
radius_demangle_mppe_key -- Derives mppe-keys from mangled data
radius_demangle -- Demangles data
radius_get_attr -- Extracts an attribute
radius_get_vendor_attr -- Extracts a vendor specific attribute
radius_put_addr -- Attaches an IP-Address attribute
radius_put_attr -- Attaches a binary attribute
radius_put_int -- Attaches an integer attribute
radius_put_string -- Attaches a string attribute
radius_put_vendor_addr -- Attaches a vendor specific IP-Address attribute
radius_put_vendor_attr -- Attaches a vendor specific binary attribute
radius_put_vendor_int -- Attaches a vendor specific integer attribute
radius_put_vendor_string -- Attaches a vendor specific string attribute
radius_request_authenticator -- Returns the request authenticator
radius_send_request -- Sends the request and waites for a reply
radius_server_secret -- Returns the shared secret
radius_strerror -- Returns an error message
qdom_tree
radius_acct_open