Extension:SimpleRadiusAuth
 | This extension is currently not actively maintained! Although it may still work, any bug reports or feature requests will more than likely be ignored. |
 Release status: unmaintained |
|
|---|---|
| Implementation | User identity |
| Description | SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users |
| Author(s) | (null.oztalk) |
| Latest version | 0.1 |
| MediaWiki | 1.27+ |
| License | GNU General Public License 2.0 or later |
| Download | GitHub: Note: README |
The SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users.
Visitors can not create an account and users can not change their password.
Requirements
[edit]- You must have a RADIUS service running somewhere accessible from the Wiki server.
- You must use Wikimedia 1.27 or later
- You must have the PHP RADIUS extension (see https://php.net/book.radius)
- On RHEL-7 PHP RADIUS Package can be installed using yum, e.g. yum install php-pear-Auth-RADIUS
Installation
[edit]- Put the SimpleRadiusAuth in the extensions directory
- Edit your LocalSettings.php file and add:
// Load SimpleRadiusAuth
wfLoadExtension( 'SimpleRadiusAuth' );
$wgSimpleRadiusAuthServer = "IP_OR_DNSNAME_OF_RADIUS_SERVER";
$wgSimpleRadiusAuthSecret = "SHARED_SECRET";
// Disable account creation
$wgGroupPermissions['*']['createaccount'] = false;
// (Recommended) Allows auto account creation by the extension which bypasses the
// need for manual account creation. The extension only creates the account if the RADIUS
// authentication is successful. If this isn't set to 'true', accounts for each
// RADIUS user will need to be manually created before the user will be able to log in.
$wgGroupPermissions['*']['autocreateaccount'] = true;
- That's all !
Configuration parameters
[edit]- $wgSimpleRadiusAuthServer
- the hostname parameter specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address in text form.
- $wgSimpleRadiusAuthPort
- the port specifies the UDP port to contact on the server. If port is given as 0, the library looks up the radius/udp or radacct/udp service in the network services database, and uses the port found there. If no entry is found, the library uses the standard Radius ports, 1812 for authentication.
- $wgSimpleRadiusAuthSecret
- the shared secret for the server host is passed to the secret parameter. The Radius protocol ignores all but the leading 128 bytes of the shared secret.
- $wgSimpleRadiusAuthTimeout
- the timeout for receiving replies from the server is passed to the timeout parameter, in units of seconds.
- $wgSimpleRadiusAuthMaxTries
- the maximum number of repeated requests to make before giving up is passed into the max_tries.