Radius

Introducción

This package is based on the libradius of FreeBSD. This PECL adds full support for Radius Authentication (» RFC 2865) and Radius Accounting (» RFC 2866). This package is available for Unix (tested on FreeBSD and Linux) and for Windows.

Note: An exact description for libradius can be found » here. A detailed description of the configuration file can be found » here.

Instalación

Howto install the package?

• untar the package (usually into php4/ext)
• rename radius-x.x to radius
• run ./buildconf in php4
• run ./configure --enable-radius
• make; make install

• untar the package
• run phpize in the radius-x.x directory
• run ./configure in the radius-x.x directory
• make; make install

For Windows I recommend to use the php_radius.dll from » http://snaps.php.net/. Unbundled PECL extensions may be downloaded from: » http://pecl4win.php.net/

Constantes predefinidas

Estas constantes están definidas por esta extensión y estarán disponibles solamente cuando la extensión ha sido o bien compilada dentro de PHP o grabada dinámicamente en tiempo de ejecución.

RADIUS_ACCESS_REQUEST ()

Authentication Request

RADIUS_ACCESS_ACCEPT ()

Access accepted

RADIUS_ACCESS_REJECT ()

Access rejected

RADIUS_ACCOUNTING_REQUEST ()

Accounting request

RADIUS_ACCOUNTING_RESPONSE ()

Accounting response

RADIUS_ACCESS_CHALLENGE ()

Accsess challenge

RADIUS_USER_NAME (string)

Username

RADIUS_USER_PASSWORD (string)

Password

RADIUS_CHAP_PASSWORD (string)

Chap Password: chappass = md5(ident + plaintextpass + challenge)

RADIUS_NAS_IP_ADDRESS (string)

NAS IP-Adress

RADIUS_NAS_PORT (int)

NAS Port

RADIUS_SERVICE_TYPE (int)

Type of Service, one of:

• RADIUS_LOGIN
• RADIUS_FRAMED
• RADIUS_CALLBACK_LOGIN
• RADIUS_CALLBACK_FRAMED
• RADIUS_OUTBOUND
• RADIUS_ADMINISTRATIVE
• RADIUS_NAS_PROMPT
• RADIUS_AUTHENTICATE_ONLY
• RADIUS_CALLBACK_NAS_PROMPT

RADIUS_FRAMED_PROTOCOL (int)

Framed Protocol, one of:

• RADIUS_PPP
• RADIUS_SLIP
• RADIUS_ARAP
• RADIUS_GANDALF
• RADIUS_XYLOGICS

RADIUS_FRAMED_IP_ADDRESS (string)

IP-Address

RADIUS_FRAMED_IP_NETMASK (string)

Netmask

RADIUS_FRAMED_ROUTING (int)

Routing

RADIUS_FILTER_ID (string)

Filter ID

RADIUS_FRAMED_MTU (int)

MTU

RADIUS_FRAMED_COMPRESSION (int)

Compression, one of:

• RADIUS_COMP_NONE
• RADIUS_COMP_VJ
• RADIUS_COMP_IPXHDR

RADIUS_LOGIN_IP_HOST (string)

Login IP Host

RADIUS_LOGIN_SERVICE (int)

Login Service

RADIUS_LOGIN_TCP_PORT (int)

Login TCP Port

RADIUS_REPLY_MESSAGE (string)

Reply Message

RADIUS_CALLBACK_NUMBER (string)

Callback Number

RADIUS_CALLBACK_ID (string)

Callback ID

RADIUS_FRAMED_ROUTE (string)

Framed Route

RADIUS_FRAMED_IPX_NETWORK (string)

Framed IPX Network

RADIUS_STATE (string)

State

RADIUS_CLASS (int)

Class

RADIUS_VENDOR_SPECIFIC (int)

Vendor specific attribute

RADIUS_SESSION_TIMEOUT (int)

Session timeout

RADIUS_IDLE_TIMEOUT (int)

Idle timeout

RADIUS_TERMINATION_ACTION (int)

Termination action

RADIUS_CALLED_STATION_ID (int)

Called Station Id

RADIUS_CALLING_STATION_ID (string)

Calling Station Id

RADIUS_NAS_IDENTIFIER (int)

NAS ID

RADIUS_PROXY_STATE (int)

Proxy State

RADIUS_LOGIN_LAT_SERVICE (int)

Login LAT Service

RADIUS_LOGIN_LAT_NODE (int)

Login LAT Node

RADIUS_LOGIN_LAT_GROUP (int)

Login LAT Group

RADIUS_FRAMED_APPLETALK_LINK (int)

Framed Appletalk Link

RADIUS_FRAMED_APPLETALK_NETWORK (int)

Framed Appletalk Network

RADIUS_FRAMED_APPLETALK_ZONE (int)

Framed Appletalk Zone

RADIUS_CHAP_CHALLENGE (string)

Challenge

RADIUS_NAS_PORT_TYPE (int)

NAS port type, one of:

• RADIUS_ASYNC
• RADIUS_SYNC
• RADIUS_ISDN_SYNC
• RADIUS_ISDN_ASYNC_V120
• RADIUS_ISDN_ASYNC_V110
• RADIUS_VIRTUAL
• RADIUS_PIAFS
• RADIUS_HDLC_CLEAR_CHANNEL
• RADIUS_X_25
• RADIUS_X_75
• RADIUS_G_3_FAX
• RADIUS_SDSL
• RADIUS_ADSL_CAP
• RADIUS_ADSL_DMT
• RADIUS_IDSL
• RADIUS_ETHERNET
• RADIUS_XDSL
• RADIUS_CABLE
• RADIUS_WIRELESS_OTHER
• RADIUS_WIRELESS_IEEE_802_11

RADIUS_PORT_LIMIT (int)

Port Limit

RADIUS_LOGIN_LAT_PORT (int)

Login LAT Port

RADIUS_CONNECT_INFO (string)

Connect info

RADIUS_ACCT_STATUS_TYPE (int)

Accounting status type, one of:

• RADIUS_START
• RADIUS_STOP
• RADIUS_ACCOUNTING_ON
• RADIUS_ACCOUNTING_OFF

RADIUS_ACCT_DELAY_TIME (int)

Accounting delay time

RADIUS_ACCT_INPUT_OCTETS (int)

Accounting input bytes

RADIUS_ACCT_OUTPUT_OCTETS (int)

Accounting output bytes

RADIUS_ACCT_SESSION_ID (int)

Accounting session ID

RADIUS_ACCT_AUTHENTIC (int)

Accounting authentic, one of:

• RADIUS_AUTH_RADIUS
• RADIUS_AUTH_LOCAL
• RADIUS_AUTH_REMOTE

RADIUS_ACCT_SESSION_TIME (int)

Accounting session time

RADIUS_ACCT_INPUT_PACKETS (int)

Accounting input packets

RADIUS_ACCT_OUTPUT_PACKETS (int)

Accounting output packets

RADIUS_ACCT_TERMINATE_CAUSE (int)

Accounting terminate cause, one of:

• RADIUS_TERM_USER_REQUEST
• RADIUS_TERM_LOST_CARRIER
• RADIUS_TERM_LOST_SERVICE
• RADIUS_TERM_IDLE_TIMEOUT
• RADIUS_TERM_SESSION_TIMEOUT
• RADIUS_TERM_ADMIN_RESET
• RADIUS_TERM_ADMIN_REBOOT
• RADIUS_TERM_PORT_ERROR
• RADIUS_TERM_NAS_ERROR
• RADIUS_TERM_NAS_REQUEST
• RADIUS_TERM_NAS_REBOOT
• RADIUS_TERM_PORT_UNNEEDED
• RADIUS_TERM_PORT_PREEMPTED
• RADIUS_TERM_PORT_SUSPENDED
• RADIUS_TERM_SERVICE_UNAVAILABLE
• RADIUS_TERM_CALLBACK
• RADIUS_TERM_USER_ERROR
• RADIUS_TERM_HOST_REQUEST

RADIUS_ACCT_MULTI_SESSION_ID (string)

Accounting multi session ID

RADIUS_ACCT_LINK_COUNT (int)

Accounting link count

RADIUS_VENDOR_MICROSOFT (int)

Microsoft specific vendor attributes (» RFC 2548), one of:

• RADIUS_MICROSOFT_MS_CHAP_RESPONSE
• RADIUS_MICROSOFT_MS_CHAP_ERROR
• RADIUS_MICROSOFT_MS_CHAP_PW_1
• RADIUS_MICROSOFT_MS_CHAP_PW_2
• RADIUS_MICROSOFT_MS_CHAP_LM_ENC_PW
• RADIUS_MICROSOFT_MS_CHAP_NT_ENC_PW
• RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY
• RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES
• RADIUS_MICROSOFT_MS_RAS_VENDOR
• RADIUS_MICROSOFT_MS_CHAP_DOMAIN
• RADIUS_MICROSOFT_MS_CHAP_CHALLENGE
• RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS
• RADIUS_MICROSOFT_MS_BAP_USAGE
• RADIUS_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD
• RADIUS_MICROSOFT_MS_LINK_DROP_TIME_LIMIT
• RADIUS_MICROSOFT_MS_MPPE_SEND_KEY
• RADIUS_MICROSOFT_MS_MPPE_RECV_KEY
• RADIUS_MICROSOFT_MS_RAS_VERSION
• RADIUS_MICROSOFT_MS_OLD_ARAP_PASSWORD
• RADIUS_MICROSOFT_MS_NEW_ARAP_PASSWORD
• RADIUS_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON
• RADIUS_MICROSOFT_MS_FILTER
• RADIUS_MICROSOFT_MS_ACCT_AUTH_TYPE
• RADIUS_MICROSOFT_MS_ACCT_EAP_TYPE
• RADIUS_MICROSOFT_MS_CHAP2_RESPONSE
• RADIUS_MICROSOFT_MS_CHAP2_SUCCESS
• RADIUS_MICROSOFT_MS_CHAP2_PW
• RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER
• RADIUS_MICROSOFT_MS_SECONDARY_DNS_SERVER
• RADIUS_MICROSOFT_MS_PRIMARY_NBNS_SERVER
• RADIUS_MICROSOFT_MS_SECONDARY_NBNS_SERVER
• RADIUS_MICROSOFT_MS_ARAP_CHALLENGE

Quickstart

Howto start?

• get a radius resource
• configure the library
• create the request
• put attributes
• send the request
• receive attributes
• close the radius resource (optional)

The package contains an example php script. This script demonstrates howto authenticate with radius using PAP or CHAP (md5). If you authenticate with Microsoft Radius servers then its not possible to use CHAP (md5). If you would like to authenticate with Microsoft Servers you have to use MS-CHAPv1 or MS-CHAPv2, but its more complicated, because you need md4, sha1 and des to generate the right data. The enclosed examples demonstrate all authentication-methods, including MS-CHAPv1 and MS-CHAPv2. To get the MS-CHAP to work you need the mcrypt and the mhash extension, starting with version 1.2 of the package, the mcrypt extension is no longer needed.

Contact Information

If you have comments, bugfixes, enhancements or want to help to develop this you can send me a mail at » mbretter@php.net. Binaries for Windows can be downloaded from » here.