Hi, If you really have to use PHP for auth I suggest you run it through a web server in a FPM mode and then use rlm_rest to actually query your script. Might require slightly more work but will definitely scale much better then exec. kind regards Pshem On Fri, 22 Jul 2016 at 10:15 Matthew Newton <mcn4@leicester.ac.uk> wrote:
On Thu, Jul 21, 2016 at 09:25:44PM +0000, Janis Heller wrote:
authorize { exec }
Yes
# Authentication. authenticate { exec }
No
<?php if ($argv[1] == 'testing' && $argv[2] == 'password') { echo "Accept";
That's not what I wrote.
"Auth-Type := Accept"
return (0); } else echo "REJECT";
Similarly,
"Auth-Type := Reject"
It seems like the returned value of my PHP script is incorrect?
Yes.
You need "output_pairs = config" in your exec config as well, as I previously wrote.
The script output is taken as an attribute list, in the same way as you'd put in the users file, or feed to radclient, or is output from the detail writer. It tells FreeRADUS what attributes to create, with which values.
On Thu, Jul 21, 2016 at 09:40:06PM +0000, Janis Heller wrote:
Please I would like to use exec.
Arran is right. Please don't complain here if you get it working, and then find that it stops after a short while because it can't cope with the workload.
exec for auth is a really bad idea.
But he was probably being a bit too kind about PHP.
Matthew
-- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html