Authentication against an executable and mysql
Kenneth Penza
kennethpenza at yahoo.com
Sun Mar 18 20:56:37 CET 2007
--- Kenneth Penza <kennethpenza at yahoo.com> wrote:
> People,
>
> How can I make the RADIUS server check that two
> conditions, the result of the authentication against
> MySQL (already working) and on the exit status of an
> executable (the executable that sets the exit status
> depending on the outcomes of the check). I want the
> authentication to success if both tests are
> successful
> otherwise I want it to fail.
>
>
> Regards
> Kenneth
>
>
>
>
>
____________________________________________________________________________________
> Bored stiff? Loosen up...
> Download and play hundreds of games for free on
> Yahoo! Games.
> http://games.yahoo.com/games/front
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
I am trying to get user authenticated against a
shell script. I have added the following configuration
to freeradius:
under the modules section i have added
exec myauth {
wait = yes
program =
"/etc/raddb/myscripts/auth.sh %{User-Name}"
input_pairs = request
output_pairs = reply
packet_type = Access-Request
}
and under the authorize section I have added
myauth
The contents of the script:
[root at fedora5 raddb]# cat /etc/raddb/myscripts/auth.sh
#!/bin/bash
echo $1 >> /tmp/myauth.out
exit 0
[root at fedora5 raddb]#
On restarting the server,and attempting to connect to
the radius server I get
[root at fedora5 ~]# echo
"User-Name=user1,User-Password=pass1" |radclient -x
localhost:1812 auth testing123
Sending Access-Request of id 244 to 127.0.0.1:1812
User-Name = "user1"
User-Password = "pass1"
rad_recv: Access-Reject packet from host
127.0.0.1:1812, id=244, length=20
[root at fedora5 ~]#
and in the session from I have started he radius
server using /usr/sbin/radiusd -X -A
I get:
Ready to process requests.
rad_recv: Access-Request packet from host
127.0.0.1:32772, id=244, length=45
User-Name = "user1"
User-Password = "pass1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok
for request 0
modcall[authorize]: module "chap" returns noop for
request 0
modcall[authorize]: module "mschap" returns noop for
request 0
rlm_realm: No '@' in User-Name = "user1", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for
request 0
radius_xlat: '/etc/raddb/myscripts/auth.sh user1'
Exec-Program: /etc/raddb/myscripts/auth.sh user1
Exec-Program output:
Exec-Program: returned: 0
modcall[authorize]: module "myauth" returns ok for
request 0
modcall: group authorize returns ok for request 0
auth: No authenticate method (Auth-Type) configuration
found for the request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [user1/pass1] (from client localhost
port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 244 to 127.0.0.1:32772
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 244 with timestamp 45fd3d21
Nothing to do. Sleeping until we see a request.
I am missing some configuration?
Thanks in advance for you help
Kenneth
____________________________________________________________________________________
8:00? 8:25? 8:40? Find a flick in no time
with the Yahoo! Search movie showtime shortcut.
http://tools.search.yahoo.com/shortcuts/#news
More information about the Freeradius-Users
mailing list