The documents i mentioned above was about pptp installation not freeradius itself. Sure i read docs about freeradius also. Even your main README file.!!
If you did read it, why did you do this:
There were some other virtual servers running on that freeradius server, Just removed them for my test purposes. So nothing special about removing default server.
Removing default server = destroying default configuration! If you want to replace default server with another one you need to alter listen section. See README in raddb/sites-available.
I already set the listen section according to my new config. Thats ok..
Here is how my perl script works.. When it gets a username/pass it checks it via an xml page and if it is correct it adds the username to mysql table with auth-type == local parameter.
Which is wrong. Don't add Auth-Type, add the Cleartext-Password.
It was for my perl module. Which seems unnecessary for mschaps as i see. So i already removed it.
Yes, you don't want perl in authenticate, but you do want it in authorize still to get the password from xml.
I will give it a try.
Thats why in my previous system (which still works for hotspot authentications) I was using a perl module to connect to an xml service and check if the username/password is correct (I was just sending usrname/password couple and the answer is returning as ok or not.), and if it is ok, add the username/ name/email address and other informational knowledges of the user to a mysql table which is not relative to our subject now. And everytime user logs on, that perl script checks for the password again via xml page. So i got no passwords in mysql at all.
Fine, just have perl copy the password from xml into $RAD_CHECK{'Cleartext-Password'}.
Tht seems not possible, Because as i say, I only send username/password information to a web server as http://xxx.xxx.xxx.xxx?=username&password and it returns me something like <true> <Name><xxx xxx> <email><a@b.com> or just <false> So the only password available is the one i send to web. But maybe if answer returns true, i can return parameter radcheck from perl script as $RAD_CHECK{'Cleartext-Password'} That seem to work. Thanks.
So as i understand, the only way that mschap works is to keep username/passwords on mysql (or file) right?
No, if you can get password using perl it doesn't have to be in mysql. You need cleartext of nt hashed password for mschap - freeradius doesn't care where is it stored (sql, ldap, file, whatever) and how is it made available. As long as the password is available for authentication.
Ivan Kalik
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html