rlm_exec question

T Kid82 tkid2000 at gmail.com
Mon Apr 14 06:05:09 CEST 2008


Hi Ivan,
I tried two variations.

First I added a files sub-section the modules section within radiusd.conf

files {
     Auth-Type := Exec
}

and in the authorize section I put in

authorize {
    preprocess
    files
}

This is what I saw in the radius logs


User-Name = "tkid"
        User-Password = "hlsearch"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 1645
+- entering group authorize
++[preprocess] returns ok
++[files] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [tkid/hlsearch] (from client localhost port 1645)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> tkid
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Waking up in 4.9 seconds.
Cleaning up request 0 ID 79 with timestamp +20
Ready to process requests.

I also tried adding the DEFAULT as you asked

so i made an addition to the files module

files {
     DEFAULT Auth-Type := Exec
}

I got a radiusd.conf syntax error

"Expecting section start brace '{' after "DEFAULT Auth-Type"

Let me know what else I need to get going here. It would be great if
you can let me know specifically where I have to add config settings
since I am not very familiar with freeradius yet.

I would really prefer to run a perl script rather than doing a .pm
since I tried that before and just kept getting too many errors. I'll
consider that once all the options of a perl script have been
exhausted.

Thanks everyone for your help.

-- Tauseef


2008/4/13 Ivan Kalik <tnt at kalik.net>:
> Add files to authorize and put DEFAULT   Auth-Type := Exec in it.
>
>  Ivan Kalik
>  Kalik Informatika ISP
>
>
>  Dana 13/4/2008, "T Kid82" <tkid2000 at gmail.com> piše:
>
>
>
>  >Hi everyone,
>  >
>  >I am trying to accomplish a very simple task using RADIUS as an
>  >authentication proxy.
>  >All I need it to do is use the username/password combo sent in, run a
>  >perl script to validate those credentials and return a pass or fail.
>  >I have my perl script setup to return all the right codes as the
>  >radiusd.conf specifies. ( < 0 : fail, 0 : ok , etc...)
>  >
>  >I have added the following changes to the radiusd.conf file,
>  >everything else is as it is out of the box.
>  >
>  >  authorize {
>  >      preprocess
>  >      exec
>  >  }
>  >
>  >  authenticate {
>  >      Auth-Type Exec {
>  >          exec
>  >      }
>  >  }
>  >
>  >In the modules section I added my program name / perl script (the
>  >location is just a temp thing to get this going):
>  >
>  >exec {
>  >              program = "/usr/bin/authenticate.pl"
>  >              wait = yes
>  >              input_pairs = request
>  >              output_pairs = reply
>  >
>  >          }
>  >
>  >When i run radtest, this is what I see in the logs
>  >
>  >User-Name = "tkid"
>  >        User-Password = "hlsearch"
>  >        NAS-IP-Address = 127.0.0.1
>  >        NAS-Port = 1645
>  >+- entering group authorize
>  >++[preprocess] returns ok
>  >Exec-Program output: Error: Password check passed
>  >Exec-Program: returned: 0
>  >++[exec] returns ok
>  >auth: No authenticate method (Auth-Type) configuration found for the
>  >request: Rejecting the user
>  >auth: Failed to validate the user.
>  >Login incorrect: [tkid/hlsearch] (from client localhost port 1645)
>  >  Found Post-Auth-Type Reject
>  >+- entering group REJECT
>  >        expand: %{User-Name} -> tkid
>  >attr_filter: Matched entry DEFAULT at line 11
>  >++[attr_filter.access_reject] returns updated
>  >Finished request 0.
>  >Going to the next request
>  >Waking up in 4.9 seconds.
>  >Cleaning up request 0 ID 149 with timestamp +10
>  >Ready to process requests.
>  >
>  >
>  >
>  >In essence, all I want is authentication and not authorization. How do
>  >I accomplish that here?
>  >
>  >Thanks for your help in advance.
>  >Thanks,
>  >-- Tauseef
>  >-
>  >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>  >
>  >
>
>  -
>  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list