Hi,
We did try your suggestion before posting back and you can enter any pasword and it will accept it. We tried it again and here is the output:
rad_recv: Access-Request packet from host 192.168.1.1:1224, id=1, length=84 User-Name = "user@adslgateway.co.uk" User-Password = "kjhtlhrfrdjkshgfdhkgj" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: Looking up realm "adslgateway.co.uk" for User-Name = "user@adslgateway.co.uk" rlm_realm: No such realm "adslgateway.co.uk" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 users: Matched DEFAULT at 4 radius_xlat: '/etc/raddb/checkpassword.pl user@adslgateway.co.uk kjhtlhrfrdjkshgfdhkgj' modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user radius_xlat: '/etc/raddb/checkpassword.pl user@adslgateway.co.uk kjhtlhrfrdjkshgfdhkgj' Exec-Program: /etc/raddb/checkpassword.pl user@adslgateway.co.uk kjhtlhrfrdjkshgfdhkgj Sending Access-Accept of id 1 to 192.168.1.1:1224 Finished request 1
You will note that from our original post our password was "test".
Any ideas?
Well, according to the README you should be using Exec-Program-Wait, not Exec-Program. Then your script must simply return with a non-zero return code if his password is wrong and the user will be denied access. For your convenience, here's the relevant section of the README file that accompanies FreeRADIUS: The output from Exec-Program-Wait is parsed by the radius server. If it looks like Attribute/Value pairs, they are decoded and added to the reply sent to the NAS. This way, you can for example set Session-Timeout. If Exec-Program-Wait returns a non-zero exit status, access will be denied to the user. With a zero-exit status, access is granted. Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche - Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg