SQL query as fallback to auth script?

Wladyslaw Jankowski wladekj at interia.pl
Fri May 3 16:40:08 CEST 2019

> *(2)       ERROR: Program returned code (1) and output 'Reject'*This is the idea: script should always reject - doing its thing behind the scenes - and allow for SQL fallback. I can't "Accept" RADIUS auth with this script as it can't calculate MSCHAP challanges and no cleartext password will be provided to it (can't use PAP). I have changed the exit code script is returning but "sql" under "if(fail)" (desired fallback) still doesn't seem to be used: (0) pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
(0) pap: WARNING: Authentication will fail unless a "known good" password is available
(0)     [pap] = noop
(0)     update control {
(0)      Executing: /bin/python /scripts/radiusauth.py '%{User-Name}' 'rejectme':
(0)       EXPAND %{User-Name}
(0)          --> provided-username 
(0)       Program returned code (0) and output 'Reject'
(0)       Auth-Type := Reject
(0)     } # update control = noop
(0)     if (fail) {
(0)     if (fail)  -> FALSE
(0)   } # authorize = ok
(0) Found Auth-Type = Reject
(0) Auth-Type = Reject, rejecting user
(0) Failed to authenticate the user


More information about the Freeradius-Users mailing list