PHP Classes

File: radius_install.cmd

Recommend this page to a friend!
  Classes of André Liechti  >  multiOTP PHP class  >  radius_install.cmd  >  Download  
File: radius_install.cmd
Role: Auxiliary data
Content type: text/plain
Description: Release
Class: multiOTP PHP class
Authenticate and manage OTP strong user tokens
Author: By
Last change: New release
ENH: Better docker support (also for Synology)
ENH: Add Raspberry Pi Bullseye 11.0 support
New release
FIX: Token "Without2FA" where not working all time with LDAP users
ENH: Embedded Windows nginx edition updated to version 1.21.6
ENH: Embedded Windows PHP edition updated to version 7.4.29
ENH: New MariaDB/MySQL indexes handling during schema creation and schema updates
ENH: Enhanced internal tests
ENH: Telnyx SMS provider support
ENH: PHP 7.4 deprecated code cleaned
ENH: Email token is now supported for Credential Provider
ENH: In CLI check, if username doesn't exist, it try automatically a shorter domain name step by step
ENH: Enhanced multiOTP Credential Provider support
ENH: VM version 011 support
(Debian Bullseye 11.0, PHP 7.4, FreeRADIUS 3.0.21, Nginx 1.18.0)
ENH: Removed multicast support on the network card Added compatibility with new multiOTP Credential Provider
New release
FIX: Dockerfile updated (php-bcmath added)
New release
ENH: eDirectory LDAP server support (set the LDAP server type value to 4)
ENH: Raspberry content also in source file
New release
FIX: Cookie privacy (httponly and secure) backported to previous virtual appliances
ENH: Weak SSL ciphers disabled
ENH: Better Docker support
ENH: Better log handling
New release
FIX: In some cases, the HOTP/TOTP was not well computed
New release
FIX: Too many ReadConfigData loop during initialization
FIX: Better unicode handling, multibyte fonctions also for mb_substr()
FIX: A device file was searched with the name of the FreeRADIUS Client-Shortname
ENH: Enhanced Web GUI accounts list (green=AD/LDAP synced, orange = delayed, red=locked)
ENH: -sync-delete-retention-days= option is set by default to 30 days
ENH: VM version 010 support (Debian Buster 10.5, PHP 7.3, FreeRADIUS 3.0.17)
ENH: MySQL optimization
ENH: Enhanced windows command line scripts (automatic administrator level)
ENH: New -sync-delete-retention-days= option in order to purge inexistent AD/LDAP users (SetSyncDeleteRetentionDays and GetSyncDeleteRetentionDays method)
ENH: Raspberry Pi 4B support
ENH: New unified distribution
ENH: Debian Buster 10.5 support
ENH: Enhanced PHP 7.3 support
ENH: Better mysqli support for alternate connection port
New release
FIX: Separated configuration/statistics storage handling
FIX: IsTemporaryBadServer function (thanks to brownowski on GitHub)
ENH: Better PHP 7.3 support
ENH: Base32 encoder/decoder new implementation
ENH: During WriteConfigData, loop on the current values, and check with the old values
ENH: Enhanced internal tests
ENH: Give an info if time based token is probably out of sync (in a window 10 time bigger)
(for example for hardware tokens not used for a long time)
ENH: Modifications for Debian 10.x (buster) binary images support (64 bits)
ENH: Enhanced error messages, more log information
ENH: In debug mode, display an error if logfile cannot be written
ENH: Global Access-Challenge support
ENH: New QRcode library used (without external files dependency)
ENH: New Raspberry images support for Raspberry Pi 1B/1B+/2B/3B/3B+
Date: 4 months ago
Size: 8,709 bytes


Class file image Download
REM ************************************************************
REM @file  radius_install.cmd
REM @brief Script to install the radius service.
REM multiOTP - Strong two-factor authentication PHP class package
REM https://www\
REM Windows batch file for Windows 2K/XP/2003/7/2008/8/2012/10
REM @author    Andre Liechti, SysCo systemes de communication sa, <>
REM @version
REM @date      2022-05-08
REM @since     2013-08-20
REM @copyright (c) 2013-2022 SysCo systemes de communication sa
REM @copyright GNU Lesser General Public License
REM Description
REM   radius_install is a small script that will install the
REM   radius server of multiOTP under Windows using freeradius.
REM   (
REM Usage
REM   The script must be launched in the top folder of multiOTP.
REM   Default ports are 1812 and 1813
REM Licence
REM   Copyright (c) 2013-2022 SysCo systemes de communication sa
REM   SysCo (tm) is a trademark of SysCo systemes de communication sa
REM   (
REM   All rights reserved.
REM   This file is part of the multiOTP project.
REM Users feedbacks and comments
REM  2013-08-21 Henk van der Helm (again ;-)
REM    Thanks Henk for his first valuable feedback with some bugs reports
REM Change Log
REM   2020-12-11 SysCo/al Do an automatic "Run as administrator" if needed
REM                               Don't delete the _radius_multiotp_folder_alternate environment variable
REM   2018-09-14 SysCo/al Compatibility mode to Windows 7 automatically added for radiusd.exe
REM   2017-05-29 SysCo/al Unified script with some bug fixes
REM                               Alternate authentication executable support
REM   2016-11-04 SysCo/al Unified file header
REM   2016-10-16 SysCo/al Version synchronisation
REM   2015-07-15 SysCo/al Replace the localhost configuration by
REM   2014-03-27 4.2.4   SysCo/al More generic usage
REM   2013-08-25 4.0.6   SysCo/al Service can also be set in the command line
REM                               (radius_install [auth_port [account_port [service_tag [service_name]]]])
REM   2013-08-21 4.0.5   SysCo/al Fix the mix between _port and _auth_port in the script
REM                               The service is now *really* using the defined ports
REM                               Ports can be set in the command line
REM   2013-08-20 4.0.4   SysCo/al Initial release
REM ************************************************************

    ECHO WARNING! Please run this script as an administrator, otherwise it will fail.
    ECHO Elevating privileges...
    REM PING > NUL 2>&1
    CD /d %~dp0
    MSHTA "javascript: var shell = new ActiveXObject('shell.application'); shell.ShellExecute('%~nx0', '', '', 'runas', 1);close();"
    REM EXIT /B 1

SET _radius_secret=multiotpsecret

REM Ports variables are not overwritten if already defined
IF "%_auth_port%"=="" SET _auth_port=1812
IF "%_account_port%"=="" SET _account_port=1813

REM Define the service tag and the service name
SET _service_tag=multiOTPradius
SET _service_name=multiOTP Radius server

REM Define the executable
SET _radius_multiotp=../../multiotp.exe
IF NOT "%_radius_multiotp_alternate%"=="" SET _radius_multiotp=%_radius_multiotp_alternate%

REM Ports and service information can be overwritten if passing parameters
IF NOT "%1"=="" SET _auth_port=%1
IF NOT "%2"=="" SET _account_port=%2
IF NOT "%3"=="" SET _service_tag=%3
IF NOT "%4"=="" SET _service_name=%4
IF NOT "%5"=="" SET _service_name=%_service_name% %5
IF NOT "%6"=="" SET _service_name=%_service_name% %6
IF NOT "%7"=="" SET _service_name=%_service_name% %7
IF NOT "%8"=="" SET _service_name=%_service_name% %8
IF NOT "%9"=="" SET _service_name=%_service_name% %9

REM Define the current folder
SET _radius_multiotp_folder=%~d0%~p0
IF NOT "%_radius_multiotp_folder_alternate%"=="" SET _radius_multiotp_folder=%_radius_multiotp_folder_alternate%
SET _radius_folder=%~d0%~p0
SET _tools_folder=%~d0%~p0tools\
IF NOT EXIST %_radius_folder%radius SET _radius_folder=%~d0%~p0..\
IF NOT EXIST %_tools_folder%FART.exe SET _tools_folder=%~d0%~p0..\tools\

REM Stop and delete the service (if already existing)
SC stop %_service_tag% >NUL
SC delete %_service_tag% >NUL

REM Create the multiotp module for the radius server
ECHO # Exec module instance for multiOTP (https://www\>%_radius_folder%radius\etc\raddb\modules\multiotp
ECHO exec multiotp {>>%_radius_folder%radius\etc\raddb\modules\multiotp
ECHO         wait = yes>>%_radius_folder%radius\etc\raddb\modules\multiotp
ECHO         input_pairs = request>>%_radius_folder%radius\etc\raddb\modules\multiotp
ECHO         output_pairs = reply>>%_radius_folder%radius\etc\raddb\modules\multiotp
ECHO         program = "%_radius_multiotp% -base-dir=%_radius_multiotp_folder% -keep-local -log -debug **"%%{User-Name}**" **"%%{User-Password}**" -src=%%{Packet-Src-IP-Address} -chap-challenge=%%{CHAP-Challenge} -chap-password=%%{CHAP-Password} -ms-chap-challenge=%%{MS-CHAP-Challenge} -ms-chap-response=%%{MS-CHAP-Response} -ms-chap2-response=%%{MS-CHAP2-Response}">>%_radius_folder%radius\etc\raddb\modules\multiotp
ECHO         shell_escape = yes>>%_radius_folder%radius\etc\raddb\modules\multiotp
ECHO }>>%_radius_folder%radius\etc\raddb\modules\multiotp

REM Sorry, this is an *ugly* trick to change "\" to "/" with the FART tool
%_tools_folder%FART "%_radius_folder%radius\etc\raddb\modules\multiotp" "\\" "!!!/!!!" >NUL
%_tools_folder%FART --remove "%_radius_folder%radius\etc\raddb\modules\multiotp" "!!!" >NUL
%_tools_folder%FART "%_radius_folder%radius\etc\raddb\modules\multiotp" "**" "\\" >NUL

REM Customize the etc/raddb/radiusd.conf configuration file
COPY "%_radius_folder%radius\etc\raddb\radiusd.template.conf" "%_radius_folder%radius\etc\raddb\radiusd.conf" /Y >NUL
%_tools_folder%FART "%_radius_folder%radius\etc\raddb\radiusd.conf" "_auth_port" "%_auth_port%" >NUL
%_tools_folder%FART "%_radius_folder%radius\etc\raddb\radiusd.conf" "_account_port" "%_account_port%" >NUL

REM Customize the etc/raddb/clients.conf configuration file
COPY "%_radius_folder%radius\etc\raddb\clients.template.conf" "%_radius_folder%radius\etc\raddb\clients.conf" /Y >NUL

%_tools_folder%FART "%_radius_folder%radius\etc\raddb\clients.conf" "_radius_secret" "%_radius_secret%" >NUL
%_tools_folder%FART "%_radius_folder%radius\etc\raddb\clients.conf" "ipaddr =" "ipaddr =" >NUL
%_tools_folder%FART "%_radius_folder%radius\etc\raddb\clients.conf" "client localhost" "client" >NUL

REM Create the service
SC create %_service_tag% binPath= "%_radius_folder%radius\SRVANY.EXE" start= auto displayname= "%_service_name%" >NUL
SC description %_service_tag% "Runs the %_service_name% on ports %_auth_port%/%_account_port%." >NUL

REM Define the parameters of the service (launched by SRVANY)
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\%_service_tag%\Parameters" /f /v Application /t REG_SZ /d "%_radius_folder%radius\sbin\radiusd.exe" >NUL
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\%_service_tag%\Parameters" /f /v AppParameters /t REG_SZ /d "-X -d %_radius_folder%radius\etc\raddb" >NUL
REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\%_service_tag%\Parameters" /f /v AppDirectory /t REG_SZ /d "%_radius_folder%radius\sbin" >NUL

REM Define the compatibility mode to Windows 7 for radiusd
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers" /f /v "%_radius_folder%radius\sbin\radiusd.exe" /t REG_SZ /d "WIN7RTM" >NUL

REM Basic firewall rules for the service
netsh firewall delete allowedprogram "%_radius_folder%radius\sbin\radiusd.exe" >NUL
netsh firewall add allowedprogram "%_radius_folder%radius\sbin\radiusd.exe" "%_service_name%" ENABLE >NUL

REM Enhanced firewall rules for the service
netsh advfirewall firewall delete rule name="%_service_name%" >NUL
netsh advfirewall firewall add rule name="%_service_name%" dir=in action=allow program="%_radius_folder%radius\sbin\radiusd.exe" enable=yes >NUL

REM Start the service
SC start %_service_tag% >NUL

REM Clean the environment variables
SET _account_port=
SET _auth_port=
SET _radius_multiotp_folder=
SET _radius_multiotp=
SET _radius_folder=
SET _radius_secret=
SET _service_name=
SET _service_tag=
SET _tools_folder=
For more information send a message to info at phpclasses dot org.