How do I get every userid passed to an rlm_python module
John Teasley
ollieteasley at gmail.com
Wed Feb 10 03:03:39 CET 2016
Sorry, ignore that last post.
Ollie Teasley
Linux Administrator
ISMELL.SHOES, LLC
On Tue, Feb 9, 2016 at 8:01 PM, John Teasley <ollieteasley at gmail.com> wrote:
> Just trying to help. Even though this post is old, would this be relevant
> for you?
>
> http://chasemp.github.io/2013/09/16/freeradius-external-authentication/
>
>
>
> Ollie Teasley
> Linux Administrator
> ISMELL.SHOES, LLC
>
>
> On Tue, Feb 9, 2016 at 7:53 PM, Matthew Newton <mcn4 at leicester.ac.uk>
> wrote:
>
>> On Tue, Feb 09, 2016 at 08:35:33PM -0500, Jim Whitescarver wrote:
>> > bob is the test user given a password in radiusd.conf
>>
>> users
>>
>> OK, so that's why they succeed and jim doesn't.
>>
>> > for jim the password is arbitrary as I am not checking it at this point
>> in
>> > the python. The authentication will be done out-of-band by the plugin.
>> > Before trying my script I want to get the example script to just always
>> > authenticate. Then I will add the code for out-of-band authentication.
>>
>> To do that you'll have to set Auth-Type to Accept in the python
>> module.
>>
>> In which case you may as well just set Cleartext-Password to
>> something and then let pap do the authentication for you.
>>
>> > I see ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
>> > Reject
>>
>> Yes, nothing's setting Auth-Type as no modules matched the user.
>>
>> > I included python in the authorize section per the instructions but it
>> is
>> > not in the authenticate section of sites-enabled/default, I suspect
>> that
>> > may be an issue but I do not know where/how to put it.
>>
>> I wouldn't put python in authorize unless you really know what
>> you're doing.
>>
>> As for how to actually change attributes in python, I've never
>> done it I'm afraid. From one of the example files it looks like
>> you might want something like
>>
>> return (radiusd.RLM_MODULE_UPDATED, (), (('Auth-Type', 'Accept'),))
>>
>> at the end of your authorize function. To return the correct
>> password you could try
>>
>> return (radiusd.RLM_MODULE_UPDATED, (), (('Cleartext-Password',
>> 'thingy'),))
>>
>> Matthew
>>
>>
>> --
>> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>>
>> Systems Specialist, Infrastructure Services,
>> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>>
>> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
More information about the Freeradius-Users
mailing list