[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnu-radius] RADIUS Access-Challenge packets (PHP)
From: |
Dwight Mowbray |
Subject: |
[Help-gnu-radius] RADIUS Access-Challenge packets (PHP) |
Date: |
Tue, 13 Sep 2005 10:17:06 +1000 |
User-agent: |
Mozilla Thunderbird 1.0.5 (Windows/20050711) |
Hi.
I have been using RADIUS Authentication php scripts to do an
implementation of SecurID. So far it has been working well but I have
hit a bit of a snag.
I have the script working fine for Accept and Reject status, but I am
having trouble with handling a challenge response. The response comes
through fine, but in this particular instance the response to the server
needs to include an additional parameter. The RFC document for RADIUS
specifies that the packet must have attached:
State = {Magic Cookie from Access-Challenge packet, unchanged}
The packet sent back must be an Access-Request format, as the original,
but with a different identifier and the same data.
This is as an additional attribute. This is the code I have to construct
packets sent to the RADIUS server.
$data=pack("CCCCa*CCCCCCCCa*CCa*CCCCCCCCCCCC",
1,$thisidentifier,$length/256,$length%256, // header
$RA, // authcode
6,6,0,0,0,1, // service type
1,2+strlen($username),$username, // username
2,2+strlen($encryptedpassword),$encryptedpassword, // userpassword
4,6,$nasIP[0],$nasIP[1],$nasIP[2],$nasIP[3], // nasIP
5,3,0,0,0,0 // nasPort
);
I would assume that to add an additional attribute, I would just need to
add an additional line (and alter the data format parameter in the
pack() call):
24, <packet data here> // State (24)
However, I am a little lost on how to get that data in there, and where
the "Magic Cookie" comes from (as described in the State detail above).
How do I get this state data? Is it in the response from the RADIUS server?
I understand what the RADIUS server needs, but I'm not 100% sure exactly
how to:
a) get the state data to send back
b) append this data to the packet
Is anyone able to shed any light on this for me? Has anyone had
experience with doing an implementation for software that deals with
Access-Challenge packets? Are there any links anyone can offer that
might explain how I can accomplish this? I have tried using the RADIUS
module for PHP but it appears to be a little obscure and different to
how we have already implemented the current version.
ANY help would be appreciated.
Thanks and regards,
Dwight.
- [Help-gnu-radius] RADIUS Access-Challenge packets (PHP),
Dwight Mowbray <=