using external script in virtual server config

[Alan DeKok]

On Jan 16, 2015, at 10:28 AM, the2nd at otpme.org wrote:
> i have two questions regarding this setup.
> 
> 1. for clear-text requests i always get "Auth: Invalid user: [heiko.baumann" on authentication failure. for ntlm request an "Auth: Login incorrect" is logged.
>    i was using the script (exec) module before which logged "Auth: Login incorrect" on failure but i liked the idea of having the complete config in the virtual host file.

  The log messages are different because we haven’t double-checked all of them.  It shouldn’t be much of a problem, though.

>    i also tried to call my script from the authenticate section of my vhost but this was not working.

  See the FAQ for “it doesn’t work”.

> 2. is it possible to call the script for ntlm/mschap authentication from the vhost config? currently its called from the mschap module.

  The MS-CHAP module calls ntlm_auth.  You *cannot* put that configuration into the virtual server.

> both are just cosmetic issues but it would be great to have everything in on file. :)

  Each piece of the configuration exists for a reason.  They exist as independent pieces for a reason.  Jamming them together in one file means you won’t be able to tell them apart.. and they won’t work.

> also it would be great if someone with good freeradius skills could have a look at the example config because i'm not sure if its the best way to do external authentication with freeradius.

  If authentication works, then you have a working configuration.

  Alan DeKok.