Credential validation using RADIUS in PHP

Validating a username and password pair against a remote RADIUS server is an easy task in PHP. This page shows two methods via which credentials can be checked using the RADIUS protocol.

The first method will use PHP's RADIUS PECL extension (see http://www.php.net/manual/en/book.radius.php). The second method will use an open source RADIUS class.

RADIUS validation example using the PHP RADIUS PECL extension

The RADIUS PECL extension is not installed by default on a PHP application server. The PHP documentation (see http://www.php.net/manual/en/radius.setup.php) provides information and links on how to install the RADIUS PECL extension on both a Linux and a Windows server. If you are running PHP on a Debian or Ubuntu server, the installation is limited to installing an additional package:
# apt-get install php5-radius

The following example shows the minimal function calls that are required to do a RADIUS authentication in PHP. It is recommended to add error handling functions to make the code more robust.

$radius = radius_auth_open();
radius_add_server($radius, $ip_address, $port, $shared_secret, 5, 3);
radius_create_request($radius, RADIUS_ACCESS_REQUEST);
radius_put_attr($radius, RADIUS_USER_NAME, $username);
radius_put_attr($radius, RADIUS_USER_PASSWORD, $password);

$result = radius_send_request($radius);

switch ($result) {
case RADIUS_ACCESS_ACCEPT:
  // An Access-Accept response to an Access-Request indicating that the RADIUS server authenticated the user successfully.
  echo 'Authentication successful';
  break;
case RADIUS_ACCESS_REJECT:
  // An Access-Reject response to an Access-Request indicating that the RADIUS server could not authenticate the user.
  echo 'Authentication failed';
  break;
case RADIUS_ACCESS_CHALLENGE:
  // An Access-Challenge response to an Access-Request indicating that the RADIUS server requires further information in another Access-Request before authenticating the user.
  echo 'Challenge required';
  break;
default:
  die('A RADIUS error has occurred: ' . radius_strerror($radius));
}

RADIUS validation example using an open source RADIUS class

In this example we'll use the open source RADIUS class available from http://developer.sysco.ch/php/
Simply download the ZIP file (http://developer.sysco.ch/php/radius_class_pure_php.zip), unzip it to a directory and include the radius.class.php file in your code.

Since we're using a PHP class to handle the RADIUS authentication, the required number of lines of code becomes much smaller:

require_once('radius.class.php');
$radius = new Radius($ip_radius_server, $shared_secret);
$result = $radius->AccessRequest($username, $password);
if ($result) {
  echo 'Authentication successful';
} else {
  echo 'Authentication failed';
}

Tags: 

Share