help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnu-radius] RADIUS Access-Challenge packets (PHP)

From: Dwight Mowbray
Subject: [Help-gnu-radius] RADIUS Access-Challenge packets (PHP)
Date: Tue, 13 Sep 2005 10:17:06 +1000
User-agent: Mozilla Thunderbird 1.0.5 (Windows/20050711) 
Hi.
I have been using RADIUS Authentication php scripts to do an implementation of SecurID. So far it has been working well but I have hit a bit of a snag.
I have the script working fine for Accept and Reject status, but I am having trouble with handling a challenge response. The response comes through fine, but in this particular instance the response to the server needs to include an additional parameter. The RFC document for RADIUS specifies that the packet must have attached: 

State =     {Magic Cookie from Access-Challenge packet, unchanged}
The packet sent back must be an Access-Request format, as the original, but with a different identifier and the same data.
This is as an additional attribute. This is the code I have to construct packets sent to the RADIUS server. 

  $data=pack("CCCCa*CCCCCCCCa*CCa*CCCCCCCCCCCC",
  1,$thisidentifier,$length/256,$length%256,        // header
  $RA,                        // authcode
  6,6,0,0,0,1,                    // service type
  1,2+strlen($username),$username,            // username
  2,2+strlen($encryptedpassword),$encryptedpassword,    // userpassword
  4,6,$nasIP[0],$nasIP[1],$nasIP[2],$nasIP[3],    // nasIP
  5,3,0,0,0,0                        // nasPort
  );
I would assume that to add an additional attribute, I would just need to add an additional line (and alter the data format parameter in the pack() call): 

  24, <packet data here>               // State (24)
However, I am a little lost on how to get that data in there, and where the "Magic Cookie" comes from (as described in the State detail above). How do I get this state data? Is it in the response from the RADIUS server?
I understand what the RADIUS server needs, but I'm not 100% sure exactly how to: 

a) get the state data to send back
b) append this data to the packet
Is anyone able to shed any light on this for me? Has anyone had experience with doing an implementation for software that deals with Access-Challenge packets? Are there any links anyone can offer that might explain how I can accomplish this? I have tried using the RADIUS module for PHP but it appears to be a little obscure and different to how we have already implemented the current version. 

ANY help would be appreciated.

Thanks and regards,
Dwight.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]