This package is based on the libradius of FreeBSD. This PECL adds full support for Radius Authentication (RFC 2865) and Radius Accounting (RFC 2866). This package is available for Unix (tested on FreeBSD and Linux) and for Windows.
Howto install the package?
untar the package (usually into php4/ext)
rename radius-x.x to radius
run ./buildconf in php4
run ./configure --enable-radius
make; make install
untar the package
run phpize in the radius-x.x directory
run ./configure in the radius-x.x directory
make; make install
For windows I recommend to use the php_radius.dll from http://snaps.php.net/. You may obtain this unbundled PECL extension from the various PECL snaps pages (select the appropriate repository for your version of PHP): PECL for PHP 4.3.x, PECL for PHP 5.0.x or PECL Unstable.
The constants below are defined by this extension, and will only be available when the extension has either been compiled into PHP or dynamically loaded at runtime.
Authentication Request
Access accepted
Access rejected
Accounting request
Accounting response
Accsess challenge
Username
Password
Chap Password: chappass = md5(ident + plaintextpass + challenge)
NAS IP-Adress
NAS Port
Type of Service, one of:
| RADIUS_LOGIN |
| RADIUS_FRAMED |
| RADIUS_CALLBACK_LOGIN |
| RADIUS_CALLBACK_FRAMED |
| RADIUS_OUTBOUND |
| RADIUS_ADMINISTRATIVE |
| RADIUS_NAS_PROMPT |
| RADIUS_AUTHENTICATE_ONLY |
| RADIUS_CALLBACK_NAS_PROMPT |
Framed Protocol, one of:
| RADIUS_PPP |
| RADIUS_SLIP |
| RADIUS_ARAP |
| RADIUS_GANDALF |
| RADIUS_XYLOGICS |
IP-Address
Netmask
Routing
Filter ID
MTU
Compression, one of:
| RADIUS_COMP_NONE |
| RADIUS_COMP_VJ |
| RADIUS_COMP_IPXHDR |
Login IP Host
Login Service
Login TCP Port
Reply Message
Callback Number
Callback ID
Framed Route
Framed IPX Network
State
Class
Vendor specific attribute
Session timeout
Idle timeout
Termination action
Called Station Id
Calling Station Id
NAS ID
Proxy State
Login LAT Service
Login LAT Node
Login LAT Group
Framed Appletalk Link
Framed Appletalk Network
Framed Appletalk Zone
Challenge
NAS port type, one of:
| RADIUS_ASYNC |
| RADIUS_SYNC |
| RADIUS_ISDN_SYNC |
| RADIUS_ISDN_ASYNC_V120 |
| RADIUS_ISDN_ASYNC_V110 |
| RADIUS_VIRTUAL |
| RADIUS_PIAFS |
| RADIUS_HDLC_CLEAR_CHANNEL |
| RADIUS_X_25 |
| RADIUS_X_75 |
| RADIUS_G_3_FAX |
| RADIUS_SDSL |
| RADIUS_ADSL_CAP |
| RADIUS_ADSL_DMT |
| RADIUS_IDSL |
| RADIUS_ETHERNET |
| RADIUS_XDSL |
| RADIUS_CABLE |
| RADIUS_WIRELESS_OTHER |
| RADIUS_WIRELESS_IEEE_802_11 |
Port Limit
Login LAT Port
Connect info
Accounting status type, one of:
| RADIUS_START |
| RADIUS_STOP |
| RADIUS_ACCOUNTING_ON |
| RADIUS_ACCOUNTING_OFF |
Accounting delay time
Accounting input bytes
Accounting output bytes
Accounting session ID
Accounting authentic, one of:
| RADIUS_AUTH_RADIUS |
| RADIUS_AUTH_LOCAL |
| RADIUS_AUTH_REMOTE |
Accounting session time
Accounting input packets
Accounting output packets
Accounting terminate cause, one of:
| RADIUS_TERM_USER_REQUEST |
| RADIUS_TERM_LOST_CARRIER |
| RADIUS_TERM_LOST_SERVICE |
| RADIUS_TERM_IDLE_TIMEOUT |
| RADIUS_TERM_SESSION_TIMEOUT |
| RADIUS_TERM_ADMIN_RESET |
| RADIUS_TERM_ADMIN_REBOOT |
| RADIUS_TERM_PORT_ERROR |
| RADIUS_TERM_NAS_ERROR |
| RADIUS_TERM_NAS_REQUEST |
| RADIUS_TERM_NAS_REBOOT |
| RADIUS_TERM_PORT_UNNEEDED |
| RADIUS_TERM_PORT_PREEMPTED |
| RADIUS_TERM_PORT_SUSPENDED |
| RADIUS_TERM_SERVICE_UNAVAILABLE |
| RADIUS_TERM_CALLBACK |
| RADIUS_TERM_USER_ERROR |
| RADIUS_TERM_HOST_REQUEST |
Accounting multi session ID
Accounting link count
Microsoft specific vendor attributes (RFC 2548), one of:
| RADIUS_MICROSOFT_MS_CHAP_RESPONSE |
| RADIUS_MICROSOFT_MS_CHAP_ERROR |
| RADIUS_MICROSOFT_MS_CHAP_PW_1 |
| RADIUS_MICROSOFT_MS_CHAP_PW_2 |
| RADIUS_MICROSOFT_MS_CHAP_LM_ENC_PW |
| RADIUS_MICROSOFT_MS_CHAP_NT_ENC_PW |
| RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY |
| RADIUS_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES |
| RADIUS_MICROSOFT_MS_RAS_VENDOR |
| RADIUS_MICROSOFT_MS_CHAP_DOMAIN |
| RADIUS_MICROSOFT_MS_CHAP_CHALLENGE |
| RADIUS_MICROSOFT_MS_CHAP_MPPE_KEYS |
| RADIUS_MICROSOFT_MS_BAP_USAGE |
| RADIUS_MICROSOFT_MS_LINK_UTILIZATION_THRESHOLD |
| RADIUS_MICROSOFT_MS_LINK_DROP_TIME_LIMIT |
| RADIUS_MICROSOFT_MS_MPPE_SEND_KEY |
| RADIUS_MICROSOFT_MS_MPPE_RECV_KEY |
| RADIUS_MICROSOFT_MS_RAS_VERSION |
| RADIUS_MICROSOFT_MS_OLD_ARAP_PASSWORD |
| RADIUS_MICROSOFT_MS_NEW_ARAP_PASSWORD |
| RADIUS_MICROSOFT_MS_ARAP_PASSWORD_CHANGE_REASON |
| RADIUS_MICROSOFT_MS_FILTER |
| RADIUS_MICROSOFT_MS_ACCT_AUTH_TYPE |
| RADIUS_MICROSOFT_MS_ACCT_EAP_TYPE |
| RADIUS_MICROSOFT_MS_CHAP2_RESPONSE |
| RADIUS_MICROSOFT_MS_CHAP2_SUCCESS |
| RADIUS_MICROSOFT_MS_CHAP2_PW |
| RADIUS_MICROSOFT_MS_PRIMARY_DNS_SERVER |
| RADIUS_MICROSOFT_MS_SECONDARY_DNS_SERVER |
| RADIUS_MICROSOFT_MS_PRIMARY_NBNS_SERVER |
| RADIUS_MICROSOFT_MS_SECONDARY_NBNS_SERVER |
| RADIUS_MICROSOFT_MS_ARAP_CHALLENGE |
Howto start?
get a radius resource
configure the library
create the request
put attributes
send the request
receive attributes
close the radius resource (optional)
The package contains an example php script. This script demonstrates howto authenticate with radius using PAP or CHAP (md5). If you authenticate with Microsoft Radius servers then its not possible to use CHAP (md5). If you would like to authenticate with Microsoft Servers you have to use MS-CHAPv1 or MS-CHAPv2, but its more complicated, because you need md4, sha1 and des to generate the right data. The enclosed examples demonstrate all authentication-methods, including MS-CHAPv1 and MS-CHAPv2. To get the MS-CHAP to work you need the mcrypt and the mhash extension, starting with version 1.2 of the package, the mcrypt extension is no longer needed.
If you have comments, bugfixes, enhancements or want to help to develop this you can send me a mail at mbretter@php.net. Binaries for Windows can be downloaded from here.