SQL query as fallback to auth script?
Wladyslaw Jankowski
wladekj at interia.pl
Fri May 3 16:40:08 CEST 2019
> *(2) ERROR: Program returned code (1) and output 'Reject'*This is the idea: script should always reject - doing its thing behind the scenes - and allow for SQL fallback. I can't "Accept" RADIUS auth with this script as it can't calculate MSCHAP challanges and no cleartext password will be provided to it (can't use PAP). I have changed the exit code script is returning but "sql" under "if(fail)" (desired fallback) still doesn't seem to be used: (0) pap: WARNING: No "known good" password found for the user. Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available
(0) [pap] = noop
(0) update control {
(0) Executing: /bin/python /scripts/radiusauth.py '%{User-Name}' 'rejectme':
(0) EXPAND %{User-Name}
(0) --> provided-username
(0) Program returned code (0) and output 'Reject'
(0) Auth-Type := Reject
(0) } # update control = noop
(0) if (fail) {
(0) if (fail) -> FALSE
(0) } # authorize = ok
(0) Found Auth-Type = Reject
(0) Auth-Type = Reject, rejecting user
(0) Failed to authenticate the user
ThanksWJ
More information about the Freeradius-Users
mailing list