Hereafter is the debug output for an access request (freeradius 1.0.5). My external script "authorize_prepaid_account" writes this to the output Post-auth-Type := new_prepaid_account Password == test However these config attributes are not taken into account for processing by other modules. The chap authentication module does not see any password. Which is actually true, my second dump script just dump the config attributes ... there's no Post-Auth-Type or Password attribute. I guess my output format is not correct, and not parsed by freeradius. What should be the output format for config attributes ? Thanks for your help ==================================================== Starting - reading configuration files ... .... Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) ...... exec: wait = yes exec: program = "/etc/raddb/scripts/authorize %{User-Name}" exec: input_pairs = "request" exec: output_pairs = "config" exec: packet_type = "Access-Request" Module: Instantiated exec (authorize_prepaid_account) ..... exec: wait = yes exec: program = "/etc/raddb/scripts/dump %{User-Name}" exec: input_pairs = "config" exec: output_pairs = "reply" exec: packet_type = "Access-Request" Module: Instantiated exec (dump) ..... Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. rad_recv: Access-Request packet from host 172.16.0.2:2121, id=0, length=240 User-Name = "prepaid1" CHAP-Challenge = 0x4f8d8594b5f54d2ed0b4d5e2677cf6f7 CHAP-Password = 0x00427a8e6d6f41280fd0974fbbab1f4fcc NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.13 Calling-Station-Id = "00-04-23-6C-89-87" Called-Station-Id = "00-0F-66-A3-24-71" NAS-Identifier = "deltroo_1" Acct-Session-Id = "43a926ed00000000" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xf7d949b9e72693fe8c1f85e47afe3131 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/172.16.0.2/auth-detail-20051221' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to .... modcall[authorize]: module "auth_log" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 radius_xlat: '/etc/raddb/scripts/authorize prepaid1' Exec-Program: /etc/raddb/scripts/authorize prepaid1 Exec-Program output: Post-Auth-Type := new_prepaid_account Password == test Exec-Program-Wait: plaintext: Post-Auth-Type := new_prepaid_account Password == test Exec-Program: returned: 0 modcall[authorize]: module "authorize_prepaid_account" returns ok for request 0 users: Matched entry DEFAULT at line 148 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'prepaid1' rlm_sql (sql): sql_set_user escaped user --> 'prepaid1' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'prepaid1' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User prepaid1 not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM ..... radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM ..... rlm_sql (sql): User prepaid1 not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 0 radius_xlat: '/etc/raddb/scripts/dump prepaid1' Exec-Program: /etc/raddb/scripts/dump prepaid1 Exec-Program output: Reply-Message += " Dump script executed " Exec-Program-Wait: value-pairs: Reply-Message += " Dump script executed " Exec-Program: returned: 0 modcall[authorize]: module "dump" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by "prepaid1" with CHAP password rlm_chap: Could not find clear text password for user prepaid1 modcall[authenticate]: module "chap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user. Login incorrect (rlm_chap: Clear text password not available): [prepaid1/<CHAP-Password>] (from client WRT54G port 0 cli 00-04-23-6C-89-87) rad_lowerpair: User-Name now 'prepaid1' rad_rmspace_pair: User-Name now 'prepaid1' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/var/log/radius/radacct/172.16.0.2/auth-detail-20051221' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to .... modcall[authorize]: module "auth_log" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 radius_xlat: '/etc/raddb/scripts/authorize prepaid1' Exec-Program: /etc/raddb/scripts/authorize prepaid1 Exec-Program output: Post-Auth-Type := new_prepaid_account Password == test Exec-Program-Wait: plaintext: Post-Auth-Type := new_prepaid_account Password == test Exec-Program: returned: 0 modcall[authorize]: module "authorize_prepaid_account" returns ok for request 0 users: Matched entry DEFAULT at line 148 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'prepaid1' rlm_sql (sql): sql_set_user escaped user --> 'prepaid1' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'prepaid1' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): User prepaid1 not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM ... radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM ... rlm_sql (sql): User prepaid1 not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 0 radius_xlat: '/etc/raddb/scripts/dump prepaid1' Exec-Program: /etc/raddb/scripts/dump prepaid1 Exec-Program output: Reply-Message += " Dump script executed " Exec-Program-Wait: value-pairs: Reply-Message += " Dump script executed " Exec-Program: returned: 0 modcall[authorize]: module "dump" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_chap: login attempt by "prepaid1" with CHAP password rlm_chap: Could not find clear text password for user prepaid1 modcall[authenticate]: module "chap" returns invalid for request 0 modcall: group Auth-Type returns invalid for request 0 auth: Failed to validate the user. Login incorrect (rlm_chap: Clear text password not available): [prepaid1/<CHAP-Password>] (from client WRT54G port 0 cli 00-04-23-6C-89-87) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.16.0.2:2121, id=0, length=240 Sending Access-Reject of id 0 to 172.16.0.2:2121 Reply-Message += " Dump script executed " --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 43a92a36 Nothing to do. Sleeping until we see a request. ==================================================== On 12/21/05, Alan DeKok <aland@ox.org> wrote:
Ignacio DelTroo <deltroo@gmail.com> wrote:
It seems that my authorization script cannot write anything beyond Password. IT works fine when it justs output PAssword="XXXX". For instance, if it writes Post-Auth-Type= create_prepaid_account and Password = "XXX" to config attributes, the chap authentication modules does not get anything (log says clear text password not available)
It would help to show *precisely* what is going on. i.e. debug mode.
Alan Dekok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html