Extension:SimpleRadiusAuth
This extension is currently not actively maintained! Although it may still work, any bug reports or feature requests will more than likely be ignored. |
SimpleRadiusAuth Release status: unmaintained |
|
---|---|
Implementation | User identity |
Description | SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users |
Author(s) | (null.oztalk) |
Latest version | 0.1 |
MediaWiki | 1.27+ |
License | GNU General Public License 2.0 or later |
Download | GitHub: Note: README |
The SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users.
Visitors can not create an account and users can not change their password.
Requirements
edit- You must have a RADIUS service running somewhere accessible from the Wiki server.
- You must use Wikimedia 1.27 or later
- You must have the PHP RADIUS extension (see https://php.net/book.radius)
- On RHEL-7 PHP RADIUS Package can be installed using yum, e.g. yum install php-pear-Auth-RADIUS
Installation
edit- Put the SimpleRadiusAuth in the extensions directory
- Edit your LocalSettings.php file and add:
// Load SimpleRadiusAuth
wfLoadExtension( 'SimpleRadiusAuth' );
$wgSimpleRadiusAuthServer = "IP_OR_DNSNAME_OF_RADIUS_SERVER";
$wgSimpleRadiusAuthSecret = "SHARED_SECRET";
// Disable account creation
$wgGroupPermissions['*']['createaccount'] = false;
// (Recommended) Allows auto account creation by the extension which bypasses the
// need for manual account creation. The extension only creates the account if the RADIUS
// authentication is successful. If this isn't set to 'true', accounts for each
// RADIUS user will need to be manually created before the user will be able to log in.
$wgGroupPermissions['*']['autocreateaccount'] = true;
- That's all !
Configuration parameters
edit- $wgSimpleRadiusAuthServer
- the hostname parameter specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address in text form.
- $wgSimpleRadiusAuthPort
- the port specifies the UDP port to contact on the server. If port is given as 0, the library looks up the radius/udp or radacct/udp service in the network services database, and uses the port found there. If no entry is found, the library uses the standard Radius ports, 1812 for authentication.
- $wgSimpleRadiusAuthSecret
- the shared secret for the server host is passed to the secret parameter. The Radius protocol ignores all but the leading 128 bytes of the shared secret.
- $wgSimpleRadiusAuthTimeout
- the timeout for receiving replies from the server is passed to the timeout parameter, in units of seconds.
- $wgSimpleRadiusAuthMaxTries
- the maximum number of repeated requests to make before giving up is passed into the max_tries.