But why not simply create a simple web page, possibly even as a captive portal? It's much easier that way, plus it's real-time and you have no risk of email missing (e.g. due to spam filters, etc).
>> if I build a webpage, then I also have to authenticate users who present >> themselves requesting self service Since I don't know Linux terribly well, I'm asking the group if my proposal is a sensible approach? Am I re-inventing any wheels? Should I consider an alternative method? It's not really linux-specific. >> I want to keep the entire radius PIN authentication system on Linux, to keep >> it independent of Windows, a security "island" perhaps, so in this case, it >> is Linux specific. Thanks ----------------------------------------------------------- My brief spec: RADIUS01 would be extended to use SENDMAIL and some Perl or similar processing to monitor a predefined email account such as <mailto:p...@foobar.org.uk> p...@foobar.org.uk<mailto:p...@foobar.org.uk> Why? When will you want radius to send email? During a failed auth? IMHO that's a terrible design, and could easily lead to mail floods. Again, it's easier to just use webpage. You seem to have a perception that the DB can only be modified by radius. It's not. You can have whatever process you want managing the db, and have FR simply reads from it. >> Nope, I said "radius01 would be extended" that's a hostname not the radius >> software. Perhaps I should have made this more clear. In my implementation, >> RADIUS01 replaces another security island, RSA01. The Sendmail/Perl script would make calls such as: ?Mysql -u root -p That line REALLY show your newbie-ness. >> cheers. helpful. ?<MySQL Password> ?Use radsql ?INSERT INTO radcheck (username, attribute, op, value) VALUES ('janedoe','Cleartext-Password',':=','password'); ?INSERT INTO radusergroup VALUES ('janedoe','dynamic',1); ?QUIT Ever heard of sql functions in scripts? e.g. <http://www.php.net/manual/en/book.mysqli.php>http://www.php.net/manual/en/book.mysqli.php or <http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm>http://search.cpan.org/dist/DBD-mysql/lib/DBD/mysql.pm ? >> of course I have. My post tries to explain what I'm trying to achieve using >> simple language. Implementation detail isn't required. Looking at your post, I REALLY suggest you hire an expert instead. Either that, or spend lots of time (e.g. several weeks) to learn and have some trial-and-error. >> no, radius, mysql, php - these are all just tools to be learned. I'd rather >> spend a couple of weeks and build a solution that I know and trust. I'm sure >> we are all experts in our fields, and as such its much better to expand >> personal horizons than give in an hire someone. >> anyhow, no one responded to say, "it exists, use the xyz-addon" so I'm >> guessing that I'm not reinventing anything, so I'll crack on. Thanks >> everyone. *************************************************************************************** The CBI's (Confederation of British Industry's) registered address is: Centre Point, 103 New Oxford Street, London WC1A 1DU Company number: RC000139
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html