On Thu, Feb 16, 2012 at 5:21 PM, Peter Moreton <peter.more...@cbi.org.uk> wrote:
> I have a working RADIUS server, "RADIUS01" running Centos/Freeradius.
> Freeradius is configured to store username and PIN-style passwords in MySQL.
> To go live with our RADIUS implementation, I have been tasked with making the
> selection of PIN's a self-service process. I'm considering an email-based
> approach where u...@foobar.org.uk can email p...@foobar.org.uk in order to
> achieve PIN maintenance. (I understand the risk of email header spoofing).
Possible.
But why not simply create a simple web page, possibly even as a
captive portal? It's much easier that way, plus it's real-time and you
have no risk of email missing (e.g. due to spam filters, etc).
>
> Since I don't know Linux terribly well, I'm asking the group if my proposal
> is a sensible approach? Am I re-inventing any wheels? Should I consider an
> alternative method?
It's not really linux-specific.
>
> Thanks
> -----------------------------------------------------------
>
> My brief spec:
> RADIUS01 would be extended to use SENDMAIL and some Perl or similar
> processing to monitor a predefined email account such as p...@foobar.org.uk
>
Why? When will you want radius to send email? During a failed auth?
IMHO that's a terrible design, and could easily lead to mail floods.
Again, it's easier to just use webpage. You seem to have a perception
that the DB can only be modified by radius. It's not. You can have
whatever process you want managing the db, and have FR simply reads
from it.
> The Sendmail/Perl script would make calls such as:
>
> Mysql -u root -p
That line REALLY show your newbie-ness.
> <MySQL Password>
> Use radsql
> INSERT INTO radcheck (username, attribute, op, value) VALUES
> ('janedoe','Cleartext-Password',':=','password');
> INSERT INTO radusergroup VALUES ('janedoe','dynamic',1);
> QUIT
Ever heard of sql functions in scripts? e.g.
http://www.php.net/manual/en/book.mysqli.php or
http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm ?
Looking at your post, I REALLY suggest you hire an expert instead.
Either that, or spend lots of time (e.g. several weeks) to learn and
have some trial-and-error.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
