Radius 関数
目次
- radius_acct_open — 課金用の Radius ハンドルを作成する
- radius_add_server — サーバーを追加する
- radius_auth_open — 認証用の Radius ハンドルを作成する
- radius_close — すべてのリソースを開放する
- radius_config — 指定した設定ファイルをライブラリに読み込ませる
- radius_create_request — 課金あるいは認証のリクエストを作成する
- radius_cvt_addr — 生データを IP アドレスに変換する
- radius_cvt_int — 生データを整数に変換する
- radius_cvt_string — 生データを文字列に変換する
- radius_demangle — データを復元する
- radius_demangle_mppe_key — 変形されたデータから mppe キーを得る
- radius_get_attr — 属性を取得する
- radius_get_tagged_attr_data — Extracts the data from a tagged attribute
- radius_get_tagged_attr_tag — Extracts the tag from a tagged attribute
- radius_get_vendor_attr — ベンダ固有の属性を取得する
- radius_put_addr — IP アドレス属性を設定する
- radius_put_attr — バイナリ属性を設定する
- radius_put_int — 整数属性を設定する
- radius_put_string — 文字列属性を設定する
- radius_put_vendor_addr — ベンダー固有の IP アドレス属性を設定する
- radius_put_vendor_attr — ベンダー固有のバイナリ属性を設定する
- radius_put_vendor_int — ベンダー固有の整数属性を設定する
- radius_put_vendor_string — ベンダー固有の文字列属性を設定する
- radius_request_authenticator — リクエスト認証子を返す
- radius_salt_encrypt_attr — Salt-encrypts a value
- radius_send_request — リクエストを送信し、応答を待つ
- radius_server_secret — 共有秘密鍵を返す
- radius_strerror — エラーメッセージを返す
+add a note
User Contributed Notes 5 notes
andac dot aydin at code64 dot de ¶
18 years ago
If you are constantly getting the errormessage:
Fatal error: Unknown function: radius_auth_open() in...
And your Server is a Windows-System (for example standard-xampp installation), you propably did not remove the comment symbol ";" in front of "extension=php_radius.dll" in php.ini.
If you did that, but get the error anyway:
Additionally be sure you edited the right php.ini, since xampp installs several php.exe's but only "xampp/apache/bin/php.ini" is the correct one!
It did cost me 2 days to find that out!
SysCo/al - developer [at] sysco[dot] ch ¶
16 years ago
Pure PHP radius class (do not need the radius package !)
We have implemented a pure PHP radius class following the RFC 2865 rules. Using this class, it is also possible to do WWW realm authentication.
Class abstract, full class implementation (LGPL) with helper files and examples can be found at http://developer.sysco.ch/php/
<?php
// (...)
class Radius
{
// (...)
public function Radius($ip_radius_server = '127.0.0.1', $shared_secret = '', $radius_suffix = '', $udp_timeout = 5, $authentication_port = 1812, $accounting_port = 1813)
{
// (...)
}
// (...)
function AccessRequest($username = '', $password = '', $udp_timeout = 0)
{
// (...)
$_socket_to_server = socket_create(AF_INET, SOCK_DGRAM, 17); // UDP packet = 17
if ($_socket_to_server === FALSE)
{
// (...)
}
elseif (FALSE === socket_connect($_socket_to_server, $this->_ip_radius_server, $this->_authentication_port))
{
// (...)
}
elseif (FALSE === socket_write($_socket_to_server, $packet_data, $packet_length))
{
// (...)
}
else
{
// (...)
$read_socket_array = array($_socket_to_server);
$write_socket_array = NULL;
$except_socket_array = NULL;
$received_packet = chr(0);
if (!(FALSE === socket_select($read_socket_array, $write_socket_array, $except_socket_array, $this->_udp_timeout)))
{
if (in_array($_socket_to_server, $read_socket_array))
{
if (FALSE === ($received_packet = @socket_read($_socket_to_server, 1024))) // @ used, than no error is displayed if the connection is closed by the remote host
{
// (...)
}
else
{
socket_close($_socket_to_server);
}
}
}
else
{
socket_close($_socket_to_server);
}
}
// (...)
return (2 == ($this->_radius_packet_received));
}
}
?>
Example
<?php
require_once('radius.class.php');
$radius = new Radius('127.0.0.1', 'secret');
if ($radius->AccessRequest('user', 'pass'))
{
echo "Authentication accepted.";
}
else
{
echo "Authentication rejected.";
}
?>
shaun at verticalevolution dot com ¶
18 years ago
To expand on the simple example by jengo at phpgroupware dot org you can add a NAS IP address to the request by using:
radius_put_addr($radius, RADIUS_NAS_IP_ADDRESS, '127.0.0.1');
and not radius_put_attr or radius_put_string. I also had to use radius_put_string for the user name and password.
brett at silcon dot com ¶
18 years ago
Here's a longer example that DOES do Challenge Response and works with SecurID Authentication Managers.
http://www.webtrotter.com/securid_radius.txt
(script wouldn't let me post it because of the long lines, plus it was too long of an example).
jengo at phpgroupware dot org ¶
19 years ago
Here is a simple example on how to auth against radius. Note: This doesn't handle challenge responses.
<?php
$radius = radius_auth_open();
if (! radius_add_server($radius,'localhost',0,'radiussecret',5,3))
{
die('Radius Error: ' . radius_strerror($radius));
}
if (! radius_create_request($radius,RADIUS_ACCESS_REQUEST))
{
die('Radius Error: ' . radius_strerror($radius));
}
radius_put_attr($radius,RADIUS_USER_NAME,'username');
radius_put_attr($radius,RADIUS_USER_PASSWORD,'password');
switch (radius_send_request($radius))
{
case RADIUS_ACCESS_ACCEPT:
echo 'GOOD LOGIN';
break;
case RADIUS_ACCESS_REJECT:
echo 'BAD LOGIN';
break;
case RADIUS_ACCESS_CHALLENGE:
echo 'CHALLENGE REQUESTED';
break;
default:
die('Radius Error: ' . radius_strerror($radius));
}
?>