Documentation
Users
Awards
Developers
Translation
Release plan
Mailinglists
Support
Download


Available in 1.5 1.6 1.7 1.8 1.9 trunk

RADIUS module

The RADIUS module provides a single authentication module:

radius:Radius
Authenticate a user against a RADIUS server.

This authentication module contacts a RADIUS server, and authenticates the user by using username & password authentication.

To use this module, enable the radius module by creating a file named enable in the modules/radius/-directory. Then you need to add a authentication source which uses the radius:Radius module to config/authsources.php:

'example-radius' => array(
    'radius:Radius',

    /*
     * The hostname of the RADIUS server.
     * Required.
     */
    'hostname' => 'radius.example.org',

    /*
     * The port number of the radius server.
     * Optional, defaults to 1812.
     */
    'port' => 1812,

    /*
     * The shared secret which is used when contacting the RADUIS server.
     * Required.
     */
    'secret' => 'topsecret',

    /*
     * The timeout for contacting the RADIUS server, in seconds.
     * Optional, defaults to 5 seconds.
     */
    'timeout' => 5,

    /*
     * The number of times we should retry connections to the RADIUS server.
     * Optional, defaults to 3 attempts.
     */
    'retries' => 3,

    /*
     * The attribute name we should store the username in. Ths username
     * will not be saved in any attribute if this is NULL.
     * Optional, defaults to NULL.
     */
    'username_attribute' => 'eduPersonPrincipalName',
),

1 User attributes

If the RADIUS server is configured to include attributes for the user in the response, this module may be able to extract them. This requires the attributes to be stored in a vendor-specific attribute in the response from the RADIUS server.

The code expects one vendor-attribute with a specific vendor and a specific vendor attribute type for each user attribute. The vendor-attribute must contain a value on the form =.

The following configuration options are available for user attributes:

    /*
     * This is the vendor for the vendor-specific attribute which contains
     * the attributes for this user. This can be NULL if no attributes are
     * included in the response.
     * Optional, defaults to NULL.
     */
    'attribute_vendor' => 23735,

    /*
     * The vendor attribute-type of the attribute which contains the
     * attributes for the user.
     * Required if 'vendor' is set.
     */
    'attribute_vendor_type' => 4,