Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-2882

RADIUS authentication not working in PHP7.2+

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • None
    • Professional Edition
    • Authentication
    • PHP 7.2.14
      $config['auth_mechanism'] = "radius";
      $config['auth_radius_method'] = "MSCHAPv2";

    Description

      After updating our PHP-version to 7.2, the RADIUS authentication stopped working. After investigating the PHP error logs, it seems that this is due to the removed mcrypt extension:

      [Mon Jan 14 11:49:20.239428 2019] [php7:error] [pid 16059] [client 10.100.50.20:10916] PHP Fatal error: Uncaught Error: Call to undefined function mcrypt_module_open() in /opt/observium/libs/pear/Crypt/CHAP.php:262\nStack trace:\n#0 /opt/observium/libs/pear/Crypt/CHAP.php(458): Crypt_CHAP_MSv1->_challengeResponse()\n#1 /opt/observium/html/includes/authentication/radius.inc.php(108): Crypt_CHAP_MSv2->challengeResponse()\n#2 /opt/observium/html/includes/authenticate-functions.inc.php(24): radius_authenticate('mmenzo', NULL)\n#3 /opt/observium/html/includes/authenticate.inc.php(240): authenticate('mmenzo', NULL)\n#4 /opt/observium/html/index.php(80): include('/opt/observium/...')\n#5 \{main}\n thrown in /opt/observium/libs/pear/Crypt/CHAP.php on line 262
      

      It seems like the Crypt_CHAP pear libary is still using the mcrypt extension when using any of the encrypted authentication methods (CHAP, CHAP-MD5, MS-CHAPv1 or MS-CHAPv2).

      Unfortunately it doesn't seem like the Crypt_CHAP pear libary is maintained anymore. There are however ways to patch the libary to use openssl instead of mcrypt. For example, see this libary.

      Attachments

        Activity

          People

            sid3windr Tom Laermans
            Sollie Sollie
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: