Hi, If you're to use rest - have a look in mods-available - should be there, a sample config can look like this: rest check_access_rest { connect_uri = "http://127.0.0.1:8080" connect_timeout = 4.0 authorize { uri = "${..connect_uri}/auth/%{User-Name}" method = 'get' } authenticate { } accounting { } post-auth { } pool { start = ${thread[pool].start_servers} min = ${thread[pool].min_spare_servers} max = ${thread[pool].max_servers} spare = ${thread[pool].max_spare_servers} uses = 0 lifetime = 0 idle_timeout = 60 } } and then the authorize section: authorize { check_access_rest } Since you want to return 'Auth-Type := Accept' make sure response is of the correct type (application/json) and you return code is 200. The response should look something like this: { "Auth-Type": { "op": ":=", "value": "Accept" } More info here: https://github.com/FreeRADIUS/freeradius-server/blob/v3.0.x/raddb/mods-avail... kind regards Pshem On Fri, 22 Jul 2016 at 23:12 Janis Heller <janis.heller@outlook.de> wrote:
I’m using Freeradius v 3.0.11. Sorry, there is no „rest“ file in mods-enabled folder (etc/freeradius/mods-enabled).
I’ve reread your post, here’s my current config:
authorize { Auth-Type exec { exec } }
authenticate {
}
Now when I try to start radius these lines are printed in red color.
/etc/freeradius/sites-enabled/default[18]: Failed to find "Auth-Type" as a module or policy. /etc/freeradius/sites-enabled/default[18]: Please verify that the configuration exists in /etc/freeradius/mods-enabled/Auth-Type. /etc/freeradius/sites-enabled/default[17]: Errors parsing authorize section.
All the best;
janis
Am 22.07.2016 um 12:27 schrieb Matthew Newton <mcn4@leicester.ac.uk>:
On Fri, Jul 22, 2016 at 10:18:10AM +0000, Janis Heller wrote:
I’m a newbie to RADIUS.
I suggest you read through doc/concepts/aaa.rst.
Otherwise you're just guessing where you should put things.
I’ve taken a look into my modules folder, there’s no rest module. How can I built this fast? Many of you told me to use rest instead of exec to perform a simple web request to some script.
If you've got a "modules" folder then you're using version 2, which is end of life and not supported any more. You need version 3.
We would have known this if you'd sent the full output of radiusd -X...
authorize {
}
authenticate { Auth-Type exec { exec } }
I get this error all the time (provided username & password are correct)
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
I’m a bit confused about this. I think I only need to use authorize to validate username & password. My accounts won’t have custom permissions etc.
That's not the right place for what you are trying to do, and not what I put in the previous e-mails.
Put exec in authorize, nothing in authenticate.
Make your script output "Auth-Type := Accept" on stdout. This skips the authenticate section and directly accepts the request.
Use "output_pairs = config" as well as your existing exec config.
It works. I tested it here. No other config changes than those.
You still shouldn't use exec like this in production.
I suggest you play around with concepts like this first (even if you shouldn't use it) before trying to use something like rest, so that you learn how FreeRADIUS works.
And read all the debug output. It shows how packets flow through the server, and which modules are hit when. Debug output in version 3.0.11 is clearer than in version 2.
Matthew
-- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html