CODEWITHSUNDEEP
phpradiusfreeradius
Asitha De Silva
Asitha De Silva

Reputation: 183

FreeRadius + PHP Configuration

I'm trying to configure FreeRadius to authenticate using a PHP script. I've been messing around trying to get it to get the server to authenticate based on the script, but I can't find much documentation on doing it that way.

This is what we're trying to configure.

We have a web server, that has a Wordpress site installed on it with thousands of users. We're wanting to install a WiFi service at certain locations that uses FreeRadius for authentication and we want it to allow users that are signed up on the Wordpress site to use their credentials.

The problem I'm facing right now is that I can't seem to get FreeRadius to authenticate based on the PHP script.

This is what I've configured thus far based on other StackOverflow posts have mentioned with their configuration.

I've created the following file in /etc/modules/php and added this

exec php {
    wait = yes
    program = "/usr/bin/php -f /etc/raddb/myscript.php"
    input_pairs = request
    output_pairs = reply
}

In /etc/raddb/sites-enabled/default I've added the following:

authenticate {
  Auth-Type PHP {
    php
  }
}

In /etc/raddb/users I've added the following line to the end

DEFAULT Auth-Type := PHP

In terms of the myscript.php file, I've added responses just to see what I could get and printed "Access-Accept" or "Access-Reject" to see if it would give me any clues whether it would authenticate based on those responses, but neither helped.

Any guidance or examples would be greatly appreciated.

Also, I've tried the method listed here: Freeradius and PHP auth script to no avail.

Upvotes: 0

Views: 2724

Answers (1)

Arran Cudbard-Bell
Arran Cudbard-Bell

Reputation: 6065

The method in your link for updating control:Auth-Type should work. Make sure it's done in authorize {}

Change your responses to Accept and Reject (as per the link you posted). Access-Accept != Accept, Access-Reject != Reject.

For clarity and to avoid annoying log message add:

authenticate {
    reject
}

Which will add an Auth-Type reject { reject } section.

You don't need to do anything for Accept, as there's a builtin auth type Accept that causes authentication to always succeed.

Upvotes: 1

Related Questions