rlm_exec question

Ivan Kalik tnt at kalik.net
Sun Apr 13 22:50:20 CEST 2008 

Add files to authorize and put DEFAULT   Auth-Type := Exec in it.

Ivan Kalik
Kalik Informatika ISP


Dana 13/4/2008, "T Kid82" <tkid2000 at gmail.com> piše:

>Hi everyone,
>
>I am trying to accomplish a very simple task using RADIUS as an
>authentication proxy.
>All I need it to do is use the username/password combo sent in, run a
>perl script to validate those credentials and return a pass or fail.
>I have my perl script setup to return all the right codes as the
>radiusd.conf specifies. ( < 0 : fail, 0 : ok , etc...)
>
>I have added the following changes to the radiusd.conf file,
>everything else is as it is out of the box.
>
>  authorize {
>      preprocess
>      exec
>  }
>
>  authenticate {
>      Auth-Type Exec {
>          exec
>      }
>  }
>
>In the modules section I added my program name / perl script (the
>location is just a temp thing to get this going):
>
>exec {
>              program = "/usr/bin/authenticate.pl"
>              wait = yes
>              input_pairs = request
>              output_pairs = reply
>
>          }
>
>When i run radtest, this is what I see in the logs
>
>User-Name = "tkid"
>        User-Password = "hlsearch"
>        NAS-IP-Address = 127.0.0.1
>        NAS-Port = 1645
>+- entering group authorize
>++[preprocess] returns ok
>Exec-Program output: Error: Password check passed
>Exec-Program: returned: 0
>++[exec] returns ok
>auth: No authenticate method (Auth-Type) configuration found for the
>request: Rejecting the user
>auth: Failed to validate the user.
>Login incorrect: [tkid/hlsearch] (from client localhost port 1645)
>  Found Post-Auth-Type Reject
>+- entering group REJECT
>        expand: %{User-Name} -> tkid
>attr_filter: Matched entry DEFAULT at line 11
>++[attr_filter.access_reject] returns updated
>Finished request 0.
>Going to the next request
>Waking up in 4.9 seconds.
>Cleaning up request 0 ID 149 with timestamp +10
>Ready to process requests.
>
>
>
>In essence, all I want is authentication and not authorization. How do
>I accomplish that here?
>
>Thanks for your help in advance.
>Thanks,
>-- Tauseef
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list