Hi Ivan, I tried two variations. First I added a files sub-section the modules section within radiusd.conf files { Auth-Type := Exec } and in the authorize section I put in authorize { preprocess files } This is what I saw in the radius logs User-Name = "tkid" User-Password = "hlsearch" NAS-IP-Address = 127.0.0.1 NAS-Port = 1645 +- entering group authorize ++[preprocess] returns ok ++[files] returns noop auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [tkid/hlsearch] (from client localhost port 1645) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> tkid attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Waking up in 4.9 seconds. Cleaning up request 0 ID 79 with timestamp +20 Ready to process requests. I also tried adding the DEFAULT as you asked so i made an addition to the files module files { DEFAULT Auth-Type := Exec } I got a radiusd.conf syntax error "Expecting section start brace '{' after "DEFAULT Auth-Type" Let me know what else I need to get going here. It would be great if you can let me know specifically where I have to add config settings since I am not very familiar with freeradius yet. I would really prefer to run a perl script rather than doing a .pm since I tried that before and just kept getting too many errors. I'll consider that once all the options of a perl script have been exhausted. Thanks everyone for your help. -- Tauseef 2008/4/13 Ivan Kalik <tnt@kalik.net>:
Add files to authorize and put DEFAULT Auth-Type := Exec in it.
Ivan Kalik Kalik Informatika ISP
Dana 13/4/2008, "T Kid82" <tkid2000@gmail.com> piše:
Hi everyone,
I am trying to accomplish a very simple task using RADIUS as an authentication proxy. All I need it to do is use the username/password combo sent in, run a perl script to validate those credentials and return a pass or fail. I have my perl script setup to return all the right codes as the radiusd.conf specifies. ( < 0 : fail, 0 : ok , etc...)
I have added the following changes to the radiusd.conf file, everything else is as it is out of the box.
authorize { preprocess exec }
authenticate { Auth-Type Exec { exec } }
In the modules section I added my program name / perl script (the location is just a temp thing to get this going):
exec { program = "/usr/bin/authenticate.pl" wait = yes input_pairs = request output_pairs = reply
}
When i run radtest, this is what I see in the logs
User-Name = "tkid" User-Password = "hlsearch" NAS-IP-Address = 127.0.0.1 NAS-Port = 1645 +- entering group authorize ++[preprocess] returns ok Exec-Program output: Error: Password check passed Exec-Program: returned: 0 ++[exec] returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [tkid/hlsearch] (from client localhost port 1645) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> tkid attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 149 with timestamp +10 Ready to process requests.
In essence, all I want is authentication and not authorization. How do I accomplish that here?
Thanks for your help in advance. Thanks, -- Tauseef - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html