On Thu, Feb 16, 2012 at 5:21 PM, Peter Moreton <peter.more...@cbi.org.uk> wrote: > I have a working RADIUS server, "RADIUS01" running Centos/Freeradius. > Freeradius is configured to store username and PIN-style passwords in MySQL. > To go live with our RADIUS implementation, I have been tasked with making the > selection of PIN's a self-service process. I'm considering an email-based > approach where u...@foobar.org.uk can email p...@foobar.org.uk in order to > achieve PIN maintenance. (I understand the risk of email header spoofing).
Possible. But why not simply create a simple web page, possibly even as a captive portal? It's much easier that way, plus it's real-time and you have no risk of email missing (e.g. due to spam filters, etc). > > Since I don't know Linux terribly well, I'm asking the group if my proposal > is a sensible approach? Am I re-inventing any wheels? Should I consider an > alternative method? It's not really linux-specific. > > Thanks > ----------------------------------------------------------- > > My brief spec: > RADIUS01 would be extended to use SENDMAIL and some Perl or similar > processing to monitor a predefined email account such as p...@foobar.org.uk > Why? When will you want radius to send email? During a failed auth? IMHO that's a terrible design, and could easily lead to mail floods. Again, it's easier to just use webpage. You seem to have a perception that the DB can only be modified by radius. It's not. You can have whatever process you want managing the db, and have FR simply reads from it. > The Sendmail/Perl script would make calls such as: > > Mysql -u root -p That line REALLY show your newbie-ness. > <MySQL Password> > Use radsql > INSERT INTO radcheck (username, attribute, op, value) VALUES > ('janedoe','Cleartext-Password',':=','password'); > INSERT INTO radusergroup VALUES ('janedoe','dynamic',1); > QUIT Ever heard of sql functions in scripts? e.g. http://www.php.net/manual/en/book.mysqli.php or http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm ? Looking at your post, I REALLY suggest you hire an expert instead. Either that, or spend lots of time (e.g. several weeks) to learn and have some trial-and-error. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html