sfRADIUSAuthPlugin - 0.2.3

provides means to authenticate against a RADIUS server

You are currently browsing
the website for symfony 1

Visit the Symfony2 website

« Back to the Plugins Home


Forgot your password?
Create an account



advanced search
Information Readme Releases Changelog Contribute
Show source


The sfRADIUSAuthPlugin allows you to use a RADIUS server to authenticate sfGuard users in symfony projects. This package uses bundeled versions of the PEAR Auth_RADIUS and Crypt_CHAP libraries. PEAR is required nevertheless!


  • installed and working RADIUS extension from PECL
  • optionally: PEAR, Auth_RADIUS and Crypt_CHAP

    The second step is not mandatory, as a version of these libs is bundled with the plugin. However the plugin should use the PEAR versions in the future, if PEAR is available


  • install either sfGuardPlugin or sfDoctrineGuardPlugin. One of them is required, but both are supported, therefor they can not be defined as required in the package.xml or symfony would try to install both.

  • install the plugin (use the --stability=beta option, since the plugin is not yet mature, but works for me in production):

    symfony plugin:install sfRADIUSAuthPlugin --stability=beta
  • copy the plugins app.yml and fill in your values (or use per-app or per-environment settings...)

        #wether to enable the plugin or not.
        enabled: true
        # the password authtype the server uses: one of
        # MSCHAPv2
        # MSCHAPv1
        # PAP (not encrypted!!!)
        # CHAP_MD5
        auth_type: MSCHAPv2
        #use a server qeue or pick a random server on each request
        server_qeue: true
          #name of the server, does not matter, just for readability
            # ip or dns-name of the server to use
            # ports to use for authentication (accounting is not available atm!)
              auth:  1234
              acc:   1235
            # shared secret to use when communicating with the radius server
            secret: SomeSharedSecretYourRadiusAdminGaveYou
          #Secondary server:
              #auth: 1812
            #secret: changeme


  • if you've done all the steps above, you're ready to go.
  • configure your users through sfGuard. Password-checking will be done automatically via RADIUS.
  • make sure, your users use valid RADIUS logins in your app, otherwise the RADIUS auth will fail. Either tell them to use whatever corporate logins you use, or pre-create them by hand.
  • You can use different RADIUS settings per App (different servers for ex.), or enable the plugin only in your backend app. Or you could place the app.yml in your SF_ROOT/config dir and use one setting for all your apps.
  • Multiple servers should work, but could not be testet: if you encounter problems, please report them.