Res: Res: EAP-TTLS + Post-auth clear password

Alan DeKok aland at deployingradius.com
Fri Mar 23 07:54:41 CET 2007


Erico Augusto wrote:
> as suggested, I'm working with exec module.
> radiusd.conf:
> ...
>         exec {
>                 post-auth:User-Password =
> `%{exec:/usr/local/etc/raddb/jradius.forward}`
>                 wait = yes
>                 input_pairs = request
>         }
> ...
> the content of /usr/local/etc/raddb/jradius.forward script is just:
> #!/bin/bash
> echo 123456
> 
> so, the user's password that I'm using is 123456(inserted at secureW2
> Windows XP popup), but I'm yet receiving ciphered User-Password at
> destination custom app...

  All I can say is "huh"?  You want to use a custom app, and you
solution is to write a shell script that does... nothing?

  Perhaps you could explain how the custom app *currently* interacts
with FreeRADIUS.  From the examples you've posted, it doesn't.

  My suggestion was to write a program that would send the username &&
password to the custom app.  See the documentation for how to see the
username && password in a shell script run by rlm_exec.

> I have changing the content of jradius.forward script to
> #!/bin/bash
> echo 123456789
> 
> just to see if the password sended is the one returned by
> jradius.forward script,

  What makes you think that the shell script changes the password?
Nothing in the documentation or examples would lead you to believe that
simple echoing a number would have the magic side-effect of changing the
password.

> some idea about what is wrong?

  The configurations you've shown don't match the documentation.  i.e.
You think they do one thing, but the documentation says they do
something else.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list