On Tue, Jan 27, 2015 at 09:56:23AM +0100, the2nd@otpme.org wrote:
btw. rlm_python examples do not show how to handle mschap requests. it would be of much help to have an example.
I've not done this before, but I would start with the following and work from there - in radiusd.conf instantiate{} section, add mschap (so the xlats are available). In authorize{}, add this to expand the xlats and get them into temporary attributes:
you said i should add something like this to my config:
update request { Tmp-Octets-0 := "%{mschap:Challenge}" Tmp-Octets-1 := "%{mschap:NT-Response}" }
In authenticate, call your python code as normal. Then read the debug output and make sure it's doing what you expect. So for an incoming request, you should see the update section (above) when the packet comes in, and then make sure the Auth-Type is set right, and see what auth-type section gets called. It should be simple - just the server outputs a *lot* of debug. For a reason.
and as soon as i get it working i'd like to extend the example module (if needed) and write down how to handle mschap requests using rlm_python. maybe i should add this to the freeradius wiki?
When you get it working then putting something on the wiki would be useful for others, yes. Cheers, Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>