On Tue, Feb 09, 2016 at 08:35:33PM -0500, Jim Whitescarver wrote:
bob is the test user given a password in radiusd.conf
users OK, so that's why they succeed and jim doesn't.
for jim the password is arbitrary as I am not checking it at this point in the python. The authentication will be done out-of-band by the plugin. Before trying my script I want to get the example script to just always authenticate. Then I will add the code for out-of-band authentication.
To do that you'll have to set Auth-Type to Accept in the python module. In which case you may as well just set Cleartext-Password to something and then let pap do the authentication for you.
I see ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
Yes, nothing's setting Auth-Type as no modules matched the user.
I included python in the authorize section per the instructions but it is not in the authenticate section of sites-enabled/default, I suspect that may be an issue but I do not know where/how to put it.
I wouldn't put python in authorize unless you really know what you're doing. As for how to actually change attributes in python, I've never done it I'm afraid. From one of the example files it looks like you might want something like return (radiusd.RLM_MODULE_UPDATED, (), (('Auth-Type', 'Accept'),)) at the end of your authorize function. To return the correct password you could try return (radiusd.RLM_MODULE_UPDATED, (), (('Cleartext-Password', 'thingy'),)) Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>