Extension:SimpleRadiusAuth

From MediaWiki.org
Jump to navigation Jump to search


MediaWiki extensions manual
OOjs UI icon advanced.svg
SimpleRadiusAuth
Release status: beta
Implementation User identity
Description SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users
Author(s) (null.oztalk)
Latest version 0.1
MediaWiki 1.27+
License GNU General Public License 2.0 or later
Download Github
README
Translate the SimpleRadiusAuth extension if it is available at translatewiki.net
Check usage and version matrix.

The SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users.

Visitors can not create an account and users can not change their password.

Requirements[edit]

  • You must have a RADIUS service running somewhere accessible from the Wiki server.
  • You must use Wikimedia 1.27 or later
  • You must have the PHP RADIUS extension (see http://php.net/manual/en/book.radius.php)

Installation[edit]

  • Put the SimpleRadiusAuth in the extensions directory
  • Edit your LocalSettings.php file and add:
// Load SimpleRadiusAuth
wfLoadExtension( 'SimpleRadiusAuth' );
$wgSimpleRadiusAuthServer = "IP_OR_DNSNAME_OF_RADIUS_SERVER";
$wgSimpleRadiusAuthSecret = "SHARED_SECRET";

// Disable account creation
$wgGroupPermissions['*']['createaccount'] = false;

// (Recommended) Allows auto account creation by the extension which bypasses the
// need for manual account creation. The extension only creates the account if the RADIUS
// authentication is successful. If this isn't set to 'true', accounts for each
// RADIUS user will need to be manually created before the user will be able to log in.
$wgGroupPermissions['*']['autocreateaccount'] = true;
  • That's all !

Configuration parameters[edit]

$wgSimpleRadiusAuthServer 
the hostname parameter specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address in text form.
$wgSimpleRadiusAuthPort 
the port specifies the UDP port to contact on the server. If port is given as 0, the library looks up the radius/udp or radacct/udp service in the network services database, and uses the port found there. If no entry is found, the library uses the standard Radius ports, 1812 for authentication.
$wgSimpleRadiusAuthSecret 
the shared secret for the server host is passed to the secret parameter. The Radius protocol ignores all but the leading 128 bytes of the shared secret.
$wgSimpleRadiusAuthTimeout 
the timeout for receiving replies from the server is passed to the timeout parameter, in units of seconds.
$wgSimpleRadiusAuthMaxTries 
the maximum number of repeated requests to make before giving up is passed into the max_tries.