FreeRADIUS/pam_radius

Custom PHP using nas_port

Closed this issue · 1 comments

Evening good folk

I have some PHP code that I have inherited that is used to authenticate users with radius, I have now setup openVPN and pam_radius to add 2FA to our VPN.

But couldn't get it to work, on further investigation it seems we use the NAS_PORT to identify the type of authentication request. In our very bad code I have had to add the current running PID of openVPN as that is the NSA_PORT that pam_radius sends.

Could the NAS_PORT be added to a config file somewhere please?

it seems we use the NAS_PORT to identify the type of authentication request.

Why? You can look at Service-Type, or other attributes to determine what kind of service the user is requesting.

NAS-Port doesn't really mean much, and you shouldn't be using it for anything. It should just be logged as part of the set of attributes which might help in identifying a users session.

TBH, I'd fix your code so that it follows the standards. Using NAS-Port as you say is just weird and broken.