Prash K wrote:
I have searched high and low but I could not find answer to my problem. It may be a very simple problem for the expert users out here. Basically I'm using radius server to perform 802.1x authentication.
Which should be easy.
In my set up, I use an external authentication script (written in python) which accepts user and password.
Which won't work
I have successfully proven this set up on eapol_test with EAP-TTLS (PEAP).
I think you mean TTLS / PAP. PEAP is very different.
I perform exec in post-auth section of default. Something like this in users:
Auth-Type = Accept Exec-Program-Wait = "/path/to/myscript.py %{User-Name} %{User-Password}
This works fine with EAP-TTLS (PEAP). But as you know Windows built in supplicant defaults to CHAP.
No. It defaults to PEAP / MSCHAP. PLEASE use the right terminology. It matters a LOT.
So I'm keen to get that working. I understand that freeradius needs to know the password (Cleartext-Password) but I can't set that in users file. I don't use ldap or sql modules.
You will need to use LDAP or SQL. Sorry.
I can amend my script to print the password once it has authenticated against the external source. But how do I call my script and set the Cleartext-Password (using the script output) so that CHAP could be performed?
You can't. It's impossible. Alan DeKok.