How to distinguish good or bad user using unlang and passwd module?

bastardinho69 bastardinho69 at gmail.com
Sun Mar 8 15:35:39 CET 2009


Hi,

I am using a passwd module to authorize users. First passwd module 
checks cisco_users file (format = "*User-Name:Cleartext-Password") and 
then passwd module must check cisco_groups file (format = 
"~Cisco-Group:*,User-Name"). However when passwd module checks the 
cisco_user file, it returns status "ok" even when user password (in 
request packet) doesnt match with cisco_user file. So i am able to 
distinguish users only by their User-Name, but i need to check their 
passwords as well. I cannot figure out how to write that in my authorize 
section. Later, if username and password matches an entry in my 
cisco_user file i will call cisco_group file and find to which group 
that user belongs to assign the right services.

currently my code looks like this:

passwd cisco_user_module {
        #filename = /etc/group
        filename = /usr/local/etc/raddb/cisco_users
        #format = "=Etc-Group-Name:::*,User-Name"
        format = "*User-Name:Cleartext-Password"
        hashsize = 100
        ignorenislike = yes
        allowmultiplekeys = yes
        delimiter = ":"
}

authorize {    
        cisco_user_module
                if(notfound){
                        update control{
                                Auth-Type := Reject
                                }
                        update reply{
                                Reply-Message := "Access denied, sorry!"
                                }
                }
                elseif(ok){
                        cisco_group_module
                }
}

I hope u guys can help me, i will appreciate ;)
Thanks.





More information about the Freeradius-Users mailing list