Radius Authentication with radius

srlem

Hi!
I have a radius auth. related problem. Beleive me before posting here i looked everywhere and still couldn't find any information about it (except on www.mavetju.org there is a script but the functions it uses are not valid for my version of php 4.3 on freebsd)

So it's like this i'm using it to authenticate users I attached a file containing the script i use..It is a modyfied script from mavetju.org so i'm just using it to connect and send the information to radius. My main problem is that when i check the logs on the server i get the following error:

WARNING: Malformed RADIUS packet from host 127.0.0.1: Invalid attribute

--- Walking the entire request list ---
Nothing to do. Sleeping until we see a request.
WARNING: Malformed RADIUS packet from host 127.0.0.1: Invalid attribute

--- Walking the entire request list ---
Nothing to do. Sleeping until we see a request.

It means that i'm not sending the packet properly otherwise radius would be able to interpret it.. Does anyone have any experience on this subject?? i've been working 3 days on it and no success..so any pointers would be appreciated

Here's the script

$username = "testuser";
$password = "testpass";
$sharedsecret = "secret";

//$ip= "localhost";
//$radiushost="127.0.0.1";
$SERVER_ADDR = $radiushost;

$radiushost="aaa.bbb.ccc.ddd";
$SERVER_ADDR = $radiushost;
$nasIP=explode(".",$SERVER_ADDR); //is being used in the encrypt function
$ip=gethostbyname($radiushost);

$radiusport = 1812;

$sock = socket_create (AF_INET, SOCK_DGRAM, getprotobyname("UDP"));

//$sock=socket_create(AF_INET,SOCK_DGRAM,17);
echo "socket created<br>";
$retval=socket_connect($sock,$ip,$radiusport);
echo "<br>...connected to socket<br>";

//function to encrypt data
function Encrypt($password,$key,$RA) {
//global $debug;

$keyRA=$key.$RA;

if ($debug)
    echo "<br>key: $key<br>password: $password<hr>\n";

$md5checksum=md5($keyRA);
$output="";

for ($i=0;$i<=15;$i++) {
    if (2*$i>strlen($md5checksum)) $m=0; else $m=hexdec(substr($md5checksum,2*$i,2));
    if ($i>strlen($keyRA)) $k=0; else $k=ord(substr($keyRA,$i,1));
    if ($i>strlen($password)) $p=0; else $p=ord(substr($password,$i,1));
    $c=$m^$p;
    $output.=chr($c);
}
return $output;

}//end of encrypt function

//prepare data to send
$RA=pack("CCCCCCCCCCCCCCCC", // auth code
1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255,
1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255,
1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255,
1+rand()%255, 1+rand()%255, 1+rand()%255, 1+rand()%255);

$encryptedpassword=Encrypt($password,$sharedsecret,$RA);

$length=4+				// header
	16+				// auth code
	6+				// service type
	2+strlen($username)+		// username
	2+strlen($encryptedpassword)+	// userpassword
	6+				// nasIP
	6;				// nasPort

$thisidentifier=rand()%256;
//          v   v v     v   v   v     v     v
$data=pack("CCCCa*CCCCCCCCa*CCa*CCCCCCCCCCCC",
    1,$thisidentifier,$length/256,$length%256,		// header
    $RA,						// authcode
    6,6,0,0,0,1,					// service type
    1,2+strlen($username),$username,			// username
    2,2+strlen($encryptedpassword),$encryptedpassword,	// userpassword
    4,6,$nasIP[0],$nasIP[1],$nasIP[2],$nasIP[3],	// nasIP
    5,3,0,0,0,0						// nasPort
    );

//$data = "data i'm sending is not too short";
//$length = 66;

//socket_write($sock,$data,$length);
socket_write($sock,$data);

echo "<strong>SOCK: </strong>".$sock."<br>";
echo "<strong>DATA being SENT: </strong>".$data."<br>";
echo "<strong>Length of packet: </strong>".$length."<br>";

srlem

okey..so with the script above with slight modifications I managed to get this data from radius..it cannot parse my data correcly any way around this???

The answer from radius:

02.12.2003 16.04.30-231 RADIUS[22122] DBG ----- [Worker:handle_request() id=1,
length=86, src_ip=aaa.bbb.ccc.ddd, src_port=25xx, datalen=66]
02.12.2003 16.04.30-231 RADIUS[22122] DBG ----- [RawPacket]
0000 01120042 8A8345ED 4CDBE74D B9FB4FC2 ...B..E.L..M..O.
0010 DB70572F 06060000 0001010A 666F746F .pW/........foto
0020 74657374 021278F9 61845EE0 34652971 test..x.a.^.4e)q
0030 F6EB44A1 24390406 D9484071 05030000 ..D.$9...H@q....
0040 0000 ..

02.12.2003 16.04.30-232 RADIUS[22122] DBG ----- [Packet could not be parsed
...]
02.12.2003 16.04.30-232 RADIUS[22122] DBG ----- [analyze_radius_packet() =
[6]]
02.12.2003 16.04.30-232 RADIUS[22122] DBG ----- [Request handled]
02.12.2003 16.04.30-232 RADIUS[22122] DBG ----- [Deleting Session object]
02.12.2003 16.04.30-232 RADIUS[22122] DBG ----- [Deleted successfully]

regards,

srle

not_skeletor

I realise this thread is pretty old, but I am trying some very similar things and wonder if any progress has been made on this topic. I used the modified script, and get an invalid packet request.
I don't so much want to authenticate, but I want to create a script that will either say a particular UN/PW combination is okay, or show a meaningful message (wrong username OR password) if it cannot authenticate.
Basically, if someone can give me the short-course on writing a packet in PHP I'd be grateful. I have the RFC-guide for RADIUS, but I'm too green to figure this out on my own.