I am new to using freeRADIUS.
I tried to post a similar message on the 26th
of October but got no responses – thought maybe I messed it up as my
first posting.
I can create a flat-file and have get successful access
using radtest.
I have a CentOS 5.2 system running freeRADIUS version
1.1.3.
Soon to be upgraded to 5.3.
I need to setup an account on the freeRADIUS server that can
be accessed by another system as a radius server – not the problem.
I then need to have freeRADIUS call a bash shell (or Perl) script
that checks additional credentials before allowing or rejecting the user’s
access.
This check can take a multiple seconds to complete so I don’t
want the original radius request to timeout (not sure if it will though).
Think of it as taking the time to have someone lookup and
enter a PIN+TOKEN string but after the fact.
A very simple example would be:
I need to have freeradius verify the passed login/password.
(In this case, the password may not be
needed to verify access as the script would do the actual validation. Not
sure if this is even possible.)
Then have freeradius call the script either on the same or
another server.
Depending upon the outcome determined by the script - either
allow or deny the user access.
So even if the login/password were correct, the account
could be denied from another source.
An easy script for testing could be as simple as:
If the minute is EVEN = allow in and say an appropriate message
If the minute is ODD = do not allow access and say an appropriate
message
I have read most of the .conf files but am still confused
about proxy, etc.
Is there a HOW-TO that shows a simple script example?
Thanks,
Tom Schmitt
Senior IT Staff -
R&D