Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Professional Edition
-
PHP 7.2.14
$config['auth_mechanism'] = "radius";
$config['auth_radius_method'] = "MSCHAPv2";
Description
After updating our PHP-version to 7.2, the RADIUS authentication stopped working. After investigating the PHP error logs, it seems that this is due to the removed mcrypt extension:
[Mon Jan 14 11:49:20.239428 2019] [php7:error] [pid 16059] [client 10.100.50.20:10916] PHP Fatal error: Uncaught Error: Call to undefined function mcrypt_module_open() in /opt/observium/libs/pear/Crypt/CHAP.php:262\nStack trace:\n#0 /opt/observium/libs/pear/Crypt/CHAP.php(458): Crypt_CHAP_MSv1->_challengeResponse()\n#1 /opt/observium/html/includes/authentication/radius.inc.php(108): Crypt_CHAP_MSv2->challengeResponse()\n#2 /opt/observium/html/includes/authenticate-functions.inc.php(24): radius_authenticate('mmenzo', NULL)\n#3 /opt/observium/html/includes/authenticate.inc.php(240): authenticate('mmenzo', NULL)\n#4 /opt/observium/html/index.php(80): include('/opt/observium/...')\n#5 \{main}\n thrown in /opt/observium/libs/pear/Crypt/CHAP.php on line 262
|
It seems like the Crypt_CHAP pear libary is still using the mcrypt extension when using any of the encrypted authentication methods (CHAP, CHAP-MD5, MS-CHAPv1 or MS-CHAPv2).
Unfortunately it doesn't seem like the Crypt_CHAP pear libary is maintained anymore. There are however ways to patch the libary to use openssl instead of mcrypt. For example, see this libary.