Using EXEC authentication sources
Alan DeKok
aland at deployingradius.com
Mon Sep 30 17:18:29 CEST 2019
On Sep 30, 2019, at 11:06 AM, Nate . <nate2077developer at gmail.com> wrote:
>
> Hello, I'm trying to test something different in my environment. I read
> that you can use external authenticators using EXEC. I have tried a basic
> setup and am running into a problem. I'm not super clear on what the logs
> are trying to tell me. I feel like the documents I'm reading must be
> outdated or wrong like many of the website out there.
> I am simply trying to use a PHP script to return Accept; no matter what is
> called. Just to test this out.
> *auth.php contents:*
You can't just return "accept' when the client is using EAP. You MUST allow the full EAP conversation to run to completion.
> I feel like I must have the Executing script in the wrong location maybe? I
> am running using TTLS-PAP on the client(ignoring the certificate on the
> clients end) and it gives me an authentication failure.
Put the accept into the inner-tunnel virtual server. It will work for TTLS + PAP, but not for TTLS + MS-CHAP, or PEAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list