<div dir="ltr"><div style="font-family:arial,sans-serif;font-size:13px">I successfully managed to deploy a freeradius server and created a python script which does an additional check on the user (incoming request). I checked the internet (resources for freeradius are pretty horrible) and only found a thread which explains some basics about adding a python script to the process.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Right now I have it inside /etc/freeradius/sites-enabled/default under the authorize section:</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">update control {</div><div style="font-family:arial,sans-serif;font-size:13px"> Auth-Type := `/usr/bin/python /etc/test.py '%{User-Name}' '%{User-Password}'`</div>
<div style="font-family:arial,sans-serif;font-size:13px">}</div><div style="font-family:arial,sans-serif;font-size:13px">My test.py file spits Reject or Accept. I also have sql authentication setup with freeradius and the problem is that, if my script returns Accept any other authorization request under is ignored; response will still be an Accept even if sql check rejects the user.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">From what I understand I should pass a noop instead of Accept to allow freeradius to continue and only pass Reject if I need to reject the user but If I respond with noop the server complains (probably because it expects a reply for Auth-Type as I coded it).</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Someone on serverfault suggested I shouldnt use unlang to call a python script and I should use rlm_python but I really have no idea how to even start calling my script.</div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">Any ideas? Maybe I need to add my code to the Authentication. section? How?</div></div>