Custom PHP using nas_port

FreeRADIUS / pam_radius

This is the PAM to RADIUS authentication module. It allows any Linux, OSX or Solaris machine to become a RADIUS client for authentication and password change requests.

GNU General Public License v2.0

103 stars 90 forks source link

Custom PHP using nas_port #37

Closed matt-horwood-mayden closed 6 years ago

matt-horwood-mayden commented 6 years ago

Evening good folk

I have some PHP code that I have inherited that is used to authenticate users with radius, I have now setup openVPN and pam_radius to add 2FA to our VPN.

But couldn't get it to work, on further investigation it seems we use the NAS_PORT to identify the type of authentication request. In our very bad code I have had to add the current running PID of openVPN as that is the NSA_PORT that pam_radius sends.

Could the NAS_PORT be added to a config file somewhere please?

alandekok commented 6 years ago

it seems we use the NAS_PORT to identify the type of authentication request.

Why? You can look at Service-Type, or other attributes to determine what kind of service the user is requesting.

NAS-Port doesn't really mean much, and you shouldn't be using it for anything. It should just be logged as part of the set of attributes which might help in identifying a users session.

TBH, I'd fix your code so that it follows the standards. Using NAS-Port as you say is just weird and broken.