Help for PHP based authentication
Hello i am trying to setup a basic authentication for users against the php script with the config bellow(removed functional things and showed reply only as example) i am getting the error Exec-Program output: user_name Cleartext-Password := "pass" Exec-Program-Wait: plaintext: user_name Cleartext-Password := "pass" Exec-Program: returned: 0 ++[php_check] returns ok [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject PLEASE SUGGEST ME THE CHANGES NEEDED the module php looks like this exec php_check{ wait = yes program = "/usr/bin/php -f /var/rad_check.php %{Called-Station-Id} %{User-Name} %{User-Password}" input_pairs = request output_pairs = config shell_escape = yes } php script is like this <?php echo 'user_name Cleartext-Password := "pass"'; ?> radiusd.conf is like this authorize { php_check } authenticate { Auth-Type PAP { pap } }
On 3 Jun 2014, at 11:32, Javed Akhtar <javed@gowifi.in> wrote:
Hello i am trying to setup a basic authentication for users against the php script with the config bellow(removed functional things and showed reply only as example)
i am getting the error
Exec-Program output: user_name Cleartext-Password := "pass" Exec-Program-Wait: plaintext: user_name Cleartext-Password := "pass" Exec-Program: returned: 0 ++[php_check] returns ok [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject
PLEASE SUGGEST ME THE CHANGES NEEDED
the module php looks like this exec php_check{ wait = yes program = "/usr/bin/php -f /var/rad_check.php %{Called-Station-Id} %{User-Name} %{User-Password}" input_pairs = request output_pairs = config shell_escape = yes }
php script is like this <?php echo 'user_name Cleartext-Password := "pass"'; ?>
radiusd.conf is like this authorize { php_check } authenticate { Auth-Type PAP { pap } }
Um, what's the 'user_name ' part for? and I know you're doing it for convenience, but learn a real programming language. PHP should have no role to play in anything security related, we've rejected native rlm_php modules before on those grounds. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Actually the user_name is a string and the script i gave you is just example we are doing a lot of encoding and decoding in it so can't use the rlm_php actually you can suggest me the changes needed
it was not working without the user_name so i thought to give it a try previously i t was Cleartext-Password := "pass" Please suggest what changes i can do in this so that it will work
Javed Akhtar wrote:
it was not working without the user_name so i thought to give it a try previously i t was Cleartext-Password := "pass" Please suggest what changes i can do in this so that it will work
See raddb/modules/echo and scripts/exec-program-wait. If they're not in the package for your distribution, look at the scripts on https://github.com/FreeRADIUS/freeradius-server/ Alan DeKok.
i checked this module i am getting error bellow BTW: CAN any one share site-enabled/default with me so that it will be able to authenticate all users if i reply "Accept" in the authorize section with some php/shell script no matter what password and user name is provided Exec-Program output: Auth-Type := Accept Exec-Program-Wait: plaintext: Auth-Type := Accept Exec-Program: returned: 0 ++[control] returns notfound Found Auth-Type = Local WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. No "known good" password was configured for the user. As a result, we cannot authenticate the user. Failed to authenticate the user. Using Post-Auth-Type Reject the sites-enabled/default is authorize { update control { Auth-Type := `/usr/bin/php -f /var/rad_check.php %{Called-Station-Id} %{User-Name} %{User-Password}` } } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } }
Thanks for the hint i got it working On Tue, Jun 3, 2014 at 6:42 PM, Alan DeKok <aland@deployingradius.com> wrote:
Javed Akhtar wrote:
it was not working without the user_name so i thought to give it a try previously i t was Cleartext-Password := "pass" Please suggest what changes i can do in this so that it will work
See raddb/modules/echo and scripts/exec-program-wait.
If they're not in the package for your distribution, look at the scripts on https://github.com/FreeRADIUS/freeradius-server/
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- Md Javed Akhtar Managing Director Go WiFi Networking Solutions Pvt. Ltd. 217, Purusottampur Jajpur Town-755001, Odisha 08270060400
it was not working without the user_name so i thought to give it a try previously i t was Cleartext-Password := "pass" Please suggest what changes i can do in this so that it will work also can you delete my duplicate posts http://lists.freeradius.org/pipermail/freeradius-devel/2014-June/thread.html i am not familiar with this type of user lists On Tue, Jun 3, 2014 at 4:14 PM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On 3 Jun 2014, at 11:41, Javed Akhtar <javed@gowifi.in> wrote:
Actually the user_name is a string
What is it doing in the string you are echoing back?
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- Md Javed Akhtar Managing Director Go WiFi Networking Solutions Pvt. Ltd. 217, Purusottampur Jajpur Town-755001, Odisha 08270060400
it was not working without the user_name so i thought to give it a try previously i t was Cleartext-Password := "pass" Please suggest what changes i can do in this so that it will work
it was not working without the user_name so i thought to give it a try previously i t was Cleartext-Password := "pass" Please suggest what changes i can do in this so that it will work i don't know why my message is not getting posted as a reply http://lists.freeradius.org/pipermail/freeradius-devel/2014-June/thread.html On Tue, Jun 3, 2014 at 4:05 PM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On 3 Jun 2014, at 11:32, Javed Akhtar <javed@gowifi.in> wrote:
Hello i am trying to setup a basic authentication for users against the php script with the config bellow(removed functional things and showed reply only as example)
i am getting the error
Exec-Program output: user_name Cleartext-Password := "pass" Exec-Program-Wait: plaintext: user_name Cleartext-Password := "pass" Exec-Program: returned: 0 ++[php_check] returns ok [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject
PLEASE SUGGEST ME THE CHANGES NEEDED
the module php looks like this exec php_check{ wait = yes program = "/usr/bin/php -f /var/rad_check.php %{Called-Station-Id} %{User-Name} %{User-Password}" input_pairs = request output_pairs = config shell_escape = yes }
php script is like this <?php echo 'user_name Cleartext-Password := "pass"'; ?>
radiusd.conf is like this authorize { php_check } authenticate { Auth-Type PAP { pap } }
Um, what's the 'user_name ' part for? and I know you're doing it for convenience, but learn a real programming language. PHP should have no role to play in anything security related, we've rejected native rlm_php modules before on those grounds.
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- Md Javed Akhtar Managing Director Go WiFi Networking Solutions Pvt. Ltd. 217, Purusottampur Jajpur Town-755001, Odisha 08270060400
hi, just ensure your script echoes "Accept" or "Reject" (without the quotations!!) a quick google will give you more info alan
yes the script is echoing Accept only but i am getting the error Found Auth-Type = Local WARNING: Please update your configuration, and remove 'Auth-Type = Local' WARNING: Use the PAP or CHAP modules instead. No "known good" password was configured for the user. As a result, we cannot authenticate the user. Failed to authenticate the user. Using Post-Auth-Type Reject On Tue, Jun 3, 2014 at 4:30 PM, <A.L.M.Buxey@lboro.ac.uk> wrote:
hi,
just ensure your script echoes "Accept" or "Reject" (without the quotations!!)
a quick google will give you more info
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- Md Javed Akhtar Managing Director Go WiFi Networking Solutions Pvt. Ltd. 217, Purusottampur Jajpur Town-755001, Odisha 08270060400
participants (4)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Arran Cudbard-Bell -
Javed Akhtar