Extension:SimpleRadiusAuth

From mediawiki.org
MediaWiki extensions manual
SimpleRadiusAuth
Release status: unmaintained
Implementation User identity
Description SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users
Author(s) (null.oztalk)
Latest version 0.1
MediaWiki 1.27+
License GNU General Public License 2.0 or later
Download
README

The SimpleRadiusAuth is an extension that queries a RADIUS server to authenticate users.

Visitors can not create an account and users can not change their password.

Requirements[edit]

  • You must have a RADIUS service running somewhere accessible from the Wiki server.
  • You must use Wikimedia 1.27 or later
  • You must have the PHP RADIUS extension (see https://php.net/book.radius)
  • On RHEL-7 PHP RADIUS Package can be installed using yum, e.g. yum install php-pear-Auth-RADIUS

Installation[edit]

  • Put the SimpleRadiusAuth in the extensions directory
  • Edit your LocalSettings.php file and add:
// Load SimpleRadiusAuth
wfLoadExtension( 'SimpleRadiusAuth' );
$wgSimpleRadiusAuthServer = "IP_OR_DNSNAME_OF_RADIUS_SERVER";
$wgSimpleRadiusAuthSecret = "SHARED_SECRET";

// Disable account creation
$wgGroupPermissions['*']['createaccount'] = false;

// (Recommended) Allows auto account creation by the extension which bypasses the
// need for manual account creation. The extension only creates the account if the RADIUS
// authentication is successful. If this isn't set to 'true', accounts for each
// RADIUS user will need to be manually created before the user will be able to log in.
$wgGroupPermissions['*']['autocreateaccount'] = true;
  • That's all !

Configuration parameters[edit]

$wgSimpleRadiusAuthServer
the hostname parameter specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address in text form.
$wgSimpleRadiusAuthPort
the port specifies the UDP port to contact on the server. If port is given as 0, the library looks up the radius/udp or radacct/udp service in the network services database, and uses the port found there. If no entry is found, the library uses the standard Radius ports, 1812 for authentication.
$wgSimpleRadiusAuthSecret
the shared secret for the server host is passed to the secret parameter. The Radius protocol ignores all but the leading 128 bytes of the shared secret.
$wgSimpleRadiusAuthTimeout
the timeout for receiving replies from the server is passed to the timeout parameter, in units of seconds.
$wgSimpleRadiusAuthMaxTries
the maximum number of repeated requests to make before giving up is passed into the max_tries.