Hi, as suggested, I'm working with exec module. radiusd.conf: ... exec { post-auth:User-Password = `%{exec:/usr/local/etc/raddb/jradius.forward}` wait = yes input_pairs = request } ... the content of /usr/local/etc/raddb/jradius.forward script is just: #!/bin/bash echo 123456 so, the user's password that I'm using is 123456(inserted at secureW2 Windows XP popup), but I'm yet receiving ciphered User-Password at destination custom app... I have changing the content of jradius.forward script to #!/bin/bash echo 123456789 just to see if the password sended is the one returned by jradius.forward script, but all entries at radiusd -X shows: ... Processing the post-auth section of radiusd.conf ... rlm_jradius: packing attribute User-Password (type: 2; len: 6) ... Conclusion: the User-Password attribute is not been changed by the external script, once the length should be 9 ... some idea about what is wrong? one more point: I'm setting user's password at etc/raddb/users file (it mey be a problem, i mean ... does it fixing the password?). thanks a lot, Erico. ----- Mensagem original ---- De: Alan DeKok <aland@deployingradius.com> Para: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Enviadas: Quinta-feira, 22 de Março de 2007 5:29:24 Assunto: Re: Res: EAP-TTLS + Post-auth clear password Erico Augusto wrote:
I'm trying to forward username and password to my own app, using post-auth section, to perform user authentication, as described below ... is that possible?
Yes. See the "exec" module. Why do you think the pap module has anything to do with it? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/