external auth script

Janis Heller janis.heller at outlook.de
Fri Jul 22 21:34:45 CEST 2016


I’ve tried to set:

authenticate {
Auth-Type = Accept
}

doesn’t work too.
Saying:

/etc/freeradius/sites-enabled/default[61]: Entry is not a reference to a module
/etc/freeradius/sites-enabled/default[60]: Errors parsing authenticate section

 Isn’t there a way to turn off this authenticate check? I’m sure my process of checking the login details is failing because of this check.

Regards;

janis

> Am 22.07.2016 um 18:36 schrieb Janis Heller <janis.heller at outlook.de>:
> 
> It seems like this will run soon, I can feel it.
> I use this rest module code right now:
> 
> rest check_access_rest {
>   connect_timeout = 4.0
> 
>   connect_uri = "http://IP"
> 
>   authorize {
>       uri = "${..connect_uri}/demo?username=%{User-Name}"
> 
>       method = 'get'
>   }
>   authenticate {
>   }
> 
>   accounting {
>   }
>   post-auth {
>   }
> 
>   pool {
>       start = ${thread[pool].start_servers}
>       min = ${thread[pool].min_spare_servers}
>       max = ${thread[pool].max_servers}
> 
>       spare = ${thread[pool].max_spare_servers}
> 
>       uses = 0
>       lifetime = 0
>       idle_timeout = 60
>   }
> }
> 
> Debug shows this output:
> 
> (0) check_access_rest: EXPAND http://IP
> (0) check_access_rest:    --> http://IP
> (0) check_access_rest: EXPAND /demo?username=%{User-Name}
> (0) check_access_rest:    --> /demo?username=testing
> (0) check_access_rest: Sending HTTP GET to "http://IP/demo?username=testing"
> (0) check_access_rest: Processing response header
> (0) check_access_rest:   Status : 200 (OK)
> (0) check_access_rest:   Type   : json (application/json)
> (0) check_access_rest: Parsing attribute "Auth-Type"
> (0) check_access_rest: EXPAND Accept
> (0) check_access_rest:    --> Accept
> (0) check_access_rest: Auth-Type := Accept
> rlm_rest (check_access_rest): Released connection (0)
> rlm_rest (check_access_rest): Need 5 more connections to reach 10 spares
> rlm_rest (check_access_rest): Opening additional connection (5), 1 of 27 pending slots used
> rlm_rest (check_access_rest): Connecting to "http://IP"
> (0)     [check_access_rest] = updated
> (0)   } # authorize = updated
> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
> (0) Failed to authenticate the user
> 
> I only would like to use the authorize function, as far as I understand debug this process is done correctly.
> But it seems like the authenticate process fails. In my default config I’ve placed this
> 
> authorize {
> check_access_rest
> }
> 
> authenticate {
> }
> 
> How to disable authenticate module so it will not try to start the rest module? It seems to start the module (you can see this in the debug ouput, it only used the IP address, not the „full path“).
> 
> Regards;
> 
> janis
> 
>> Am 22.07.2016 um 16:00 schrieb Matthew Newton <mcn4 at leicester.ac.uk>:
>> 
>> On Fri, Jul 22, 2016 at 03:27:18PM +0200, Herwin Weststrate wrote:
>>> On 22-07-16 15:16, Matthew Newton wrote:
>>>> Or install the freeradius-rest package if installed from packages.
>>> 
>>> If that is the case, I would consider it a bug that some package other
>>> than freeradius-rest installs mods-available/rest.
>> 
>> Possibly. You can probably argue it two ways.
>> 
>> All the config is in freeradius-config. And that is optional IIRC.
>> So you can install all the binary packages, and run with your own
>> config, without installing the default config.
>> 
>> If module-specific config was in module packages then you could
>> install everything except the -config package, and end up with
>> just little bits of config on your system, which is rather messy.
>> Especially if you've put your own config in the standard location,
>> and installing a module package would then modify your live
>> config.
>> 
>> Not sure which is the best way - both seem to have arguments for
>> and against. I think personally I slightly lean towards the
>> current way, but not entirely sure.
>> 
>> Matthew
>> 
>> 
>> -- 
>> Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
>> 
>> Systems Specialist, Infrastructure Services,
>> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>> 
>> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list