PHP Radius: Set Cisco Attribute-Value Pairs (AVPairs)

Question

I have a CISCO and I want to authenticate users with RADIUS using PHP. CISCO has its own vendor and attributes and I have to set them in my PHP scripts. I am using PECL RADIUS API.

This is my sample code:

$radius = radius_auth_open();

radius_add_server($radius, $ip_address, $port, $shared_secret, 5, 3);
radius_create_request($radius, RADIUS_ACCESS_REQUEST);

// How to set CISCO attributes here?

$result = radius_send_request($radius);

I've tried radius_put_attr, radius_put_string, radius_put_vendor_attr, radius_put_vendor_string and other methods but none of them works.

I've tried another open source library (Pure PHP Radius) that uses Sockets and UDP to communicate with RADIUS server but I cannot set my own attributes either.

There is not enough examples out there so any help would be appreciated.

check bellow code it works for me will work for you as well. — ManMohan Vyas, Jan 31 '17 at 14:54

ManMohan Vyas · Answer 1 · 2017-01-31T14:58:38.103

$radius = radius_auth_open();
radius_add_server($radius, "172.17.10.1",1812, "12345", 5, 3);
radius_create_request($radius, RADIUS_ACCESS_REQUEST);

radius_put_attr($radius, RADIUS_USER_PASSWORD, "mouse");


radius_put_vendor_attr (  $radius , 9 , 250 , "S115.12.11.10" );

radius_put_attr (  $radius , RADIUS_USER_NAME , "testusername" ) ;
radius_put_addr ($radius,RADIUS_NAS_IP_ADDRESS,"172.17.10.9");
radius_put_attr (  $radius , 87   , "0x0"  );
radius_put_vendor_attr (  $radius , 9 , 249 , "mypassword" );
radius_put_vendor_attr (  $radius , 9 , 252 , "\001" );
radius_put_vendor_string (  $radius , 9 , 250 , "S115.12.11.10" );
$result = radius_send_request($radius);

switch ($result) {
case RADIUS_ACCESS_ACCEPT:
  // An Access-Accept response to an Access-Request indicating that the RADIUS server authenticated the user successfully.
  echo 'Authentication successful';
  break;
case RADIUS_ACCESS_REJECT:
  // An Access-Reject response to an Access-Request indicating that the RADIUS server could not authenticate the user.
  echo 'Authentication failed';
  break;
case RADIUS_ACCESS_CHALLENGE:
  // An Access-Challenge response to an Access-Request indicating that the RADIUS server requires further information in another Access-Request before authenticating the user.
  echo 'Challenge required';
  break;
default:
  die('A RADIUS error has occurred: ' . radius_strerror($radius));
}

Below are Cisco custom attributes description

250-> Cisco-Account-Info

252-> Cisco-Command-Code

249-> Cisco-Subscriber-Password

87-> NAS-Port-ID

http://docstore.mik.ua/univercd/cc/td/doc/product/access/acs_serv/6510ssg/6510sw11/app_d_rd.htm

PHP Radius: Set Cisco Attribute-Value Pairs (AVPairs)

1 Answers1