Jump to navigation Jump to search
Release status: beta
|Description||SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users|
|License||GNU General Public License 2.0 or later|
|Translate the SimpleRadiusAuth extension if it is available at translatewiki.net|
|Check usage and version matrix.|
The SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users.
Visitors can not create an account and users can not change their password.
- You must have a RADIUS service running somewhere accessible from the Wiki server.
- You must use Wikimedia 1.27 or later
- You must have the PHP RADIUS extension (see http://php.net/manual/en/book.radius.php)
- On RHEL-7 PHP RADIUS Package can be installed using yum, e.g. yum install php-pear-Auth-RADIUS
- Put the SimpleRadiusAuth in the extensions directory
- Edit your LocalSettings.php file and add:
// Load SimpleRadiusAuth wfLoadExtension( 'SimpleRadiusAuth' ); $wgSimpleRadiusAuthServer = "IP_OR_DNSNAME_OF_RADIUS_SERVER"; $wgSimpleRadiusAuthSecret = "SHARED_SECRET"; // Disable account creation $wgGroupPermissions['*']['createaccount'] = false; // (Recommended) Allows auto account creation by the extension which bypasses the // need for manual account creation. The extension only creates the account if the RADIUS // authentication is successful. If this isn't set to 'true', accounts for each // RADIUS user will need to be manually created before the user will be able to log in. $wgGroupPermissions['*']['autocreateaccount'] = true;
- That's all !
- the hostname parameter specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address in text form.
- the port specifies the UDP port to contact on the server. If port is given as 0, the library looks up the radius/udp or radacct/udp service in the network services database, and uses the port found there. If no entry is found, the library uses the standard Radius ports, 1812 for authentication.
- the shared secret for the server host is passed to the secret parameter. The Radius protocol ignores all but the leading 128 bytes of the shared secret.
- the timeout for receiving replies from the server is passed to the timeout parameter, in units of seconds.
- the maximum number of repeated requests to make before giving up is passed into the max_tries.