Res: Res: EAP-TTLS + Post-auth clear password
Hi, as suggested, I'm working with exec module. radiusd.conf: ... exec { post-auth:User-Password = `%{exec:/usr/local/etc/raddb/jradius.forward}` wait = yes input_pairs = request } ... the content of /usr/local/etc/raddb/jradius.forward script is just: #!/bin/bash echo 123456 so, the user's password that I'm using is 123456(inserted at secureW2 Windows XP popup), but I'm yet receiving ciphered User-Password at destination custom app... I have changing the content of jradius.forward script to #!/bin/bash echo 123456789 just to see if the password sended is the one returned by jradius.forward script, but all entries at radiusd -X shows: ... Processing the post-auth section of radiusd.conf ... rlm_jradius: packing attribute User-Password (type: 2; len: 6) ... Conclusion: the User-Password attribute is not been changed by the external script, once the length should be 9 ... some idea about what is wrong? one more point: I'm setting user's password at etc/raddb/users file (it mey be a problem, i mean ... does it fixing the password?). thanks a lot, Erico. ----- Mensagem original ---- De: Alan DeKok <aland@deployingradius.com> Para: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Enviadas: Quinta-feira, 22 de Março de 2007 5:29:24 Assunto: Re: Res: EAP-TTLS + Post-auth clear password Erico Augusto wrote:
I'm trying to forward username and password to my own app, using post-auth section, to perform user authentication, as described below ... is that possible?
Yes. See the "exec" module. Why do you think the pap module has anything to do with it? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __________________________________________________ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/
Erico Augusto wrote:
as suggested, I'm working with exec module. radiusd.conf: ... exec { post-auth:User-Password = `%{exec:/usr/local/etc/raddb/jradius.forward}` wait = yes input_pairs = request } ... the content of /usr/local/etc/raddb/jradius.forward script is just: #!/bin/bash echo 123456
so, the user's password that I'm using is 123456(inserted at secureW2 Windows XP popup), but I'm yet receiving ciphered User-Password at destination custom app...
All I can say is "huh"? You want to use a custom app, and you solution is to write a shell script that does... nothing? Perhaps you could explain how the custom app *currently* interacts with FreeRADIUS. From the examples you've posted, it doesn't. My suggestion was to write a program that would send the username && password to the custom app. See the documentation for how to see the username && password in a shell script run by rlm_exec.
I have changing the content of jradius.forward script to #!/bin/bash echo 123456789
just to see if the password sended is the one returned by jradius.forward script,
What makes you think that the shell script changes the password? Nothing in the documentation or examples would lead you to believe that simple echoing a number would have the magic side-effect of changing the password.
some idea about what is wrong?
The configurations you've shown don't match the documentation. i.e. You think they do one thing, but the documentation says they do something else. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Erico Augusto