Authentication against an executable and mysql
People, How can I make the RADIUS server check that two conditions, the result of the authentication against MySQL (already working) and on the exit status of an executable (the executable that sets the exit status depending on the outcomes of the check). I want the authentication to success if both tests are successful otherwise I want it to fail. Regards Kenneth ____________________________________________________________________________________ Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front
--- Kenneth Penza <kennethpenza@yahoo.com> wrote:
People,
How can I make the RADIUS server check that two conditions, the result of the authentication against MySQL (already working) and on the exit status of an executable (the executable that sets the exit status depending on the outcomes of the check). I want the authentication to success if both tests are successful otherwise I want it to fail.
Regards Kenneth
____________________________________________________________________________________
Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am trying to get user authenticated against a shell script. I have added the following configuration to freeradius: under the modules section i have added exec myauth { wait = yes program = "/etc/raddb/myscripts/auth.sh %{User-Name}" input_pairs = request output_pairs = reply packet_type = Access-Request } and under the authorize section I have added myauth The contents of the script: [root@fedora5 raddb]# cat /etc/raddb/myscripts/auth.sh #!/bin/bash echo $1 >> /tmp/myauth.out exit 0 [root@fedora5 raddb]# On restarting the server,and attempting to connect to the radius server I get [root@fedora5 ~]# echo "User-Name=user1,User-Password=pass1" |radclient -x localhost:1812 auth testing123 Sending Access-Request of id 244 to 127.0.0.1:1812 User-Name = "user1" User-Password = "pass1" rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=244, length=20 [root@fedora5 ~]# and in the session from I have started he radius server using /usr/sbin/radiusd -X -A I get: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32772, id=244, length=45 User-Name = "user1" User-Password = "pass1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 radius_xlat: '/etc/raddb/myscripts/auth.sh user1' Exec-Program: /etc/raddb/myscripts/auth.sh user1 Exec-Program output: Exec-Program: returned: 0 modcall[authorize]: module "myauth" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [user1/pass1] (from client localhost port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 244 to 127.0.0.1:32772 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 244 with timestamp 45fd3d21 Nothing to do. Sleeping until we see a request. I am missing some configuration? Thanks in advance for you help Kenneth ____________________________________________________________________________________ It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/
Kenneth Penza wrote:
I am trying to get user authenticated against a shell script. I have added the following configuration to freeradius:
under the modules section i have added exec myauth { wait = yes program = "/etc/raddb/myscripts/auth.sh %{User-Name}" input_pairs = request output_pairs = reply packet_type = Access-Request } and under the authorize section I have added myauth
And what's in the "authenticate" section? You say you want to authenticate, but you haven't touched any of the "authenticate" configuration. If you're just executing a shell script, see "Exec-Program-Wait", it's in the documentation. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
--- Kenneth Penza <kennethpenza@yahoo.com> wrote:
People,
How can I make the RADIUS server check that two conditions, the result of the authentication against MySQL (already working) and on the exit status of an executable (the executable that sets the exit status depending on the outcomes of the check). I want the authentication to success if both tests are successful otherwise I want it to fail.
Regards Kenneth
____________________________________________________________________________________
Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am trying to get user authenticated against a shell script. I have added the following configuration to freeradius: under the modules section i have added exec myauth { wait = yes program = "/etc/raddb/myscripts/auth.sh %{User-Name}" input_pairs = request output_pairs = reply packet_type = Access-Request } and under the authorize section I have added myauth The contents of the script: [root@fedora5 raddb]# cat /etc/raddb/myscripts/auth.sh #!/bin/bash echo $1 >> /tmp/myauth.out exit 0 [root@fedora5 raddb]# On restarting the server,and attempting to connect to the radius server I get [root@fedora5 ~]# echo "User-Name=user1,User-Password=pass1" |radclient -x localhost:1812 auth testing123 Sending Access-Request of id 244 to 127.0.0.1:1812 User-Name = "user1" User-Password = "pass1" rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=244, length=20 [root@fedora5 ~]# and in the session from I have started he radius server using /usr/sbin/radiusd -X -A I get: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32772, id=244, length=45 User-Name = "user1" User-Password = "pass1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 radius_xlat: '/etc/raddb/myscripts/auth.sh user1' Exec-Program: /etc/raddb/myscripts/auth.sh user1 Exec-Program output: Exec-Program: returned: 0 modcall[authorize]: module "myauth" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [user1/pass1] (from client localhost port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 244 to 127.0.0.1:32772 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 244 with timestamp 45fd3d21 Nothing to do. Sleeping until we see a request. I am missing some configuration? Thanks in advance for you help Kenneth ____________________________________________________________________________________ 8:00? 8:25? 8:40? Find a flick in no time with the Yahoo! Search movie showtime shortcut. http://tools.search.yahoo.com/shortcuts/#news
participants (2)
-
Alan DeKok -
Kenneth Penza