rlm_exec question
T Kid82
tkid2000 at gmail.com
Mon Apr 14 06:05:09 CEST 2008
Hi Ivan,
I tried two variations.
First I added a files sub-section the modules section within radiusd.conf
files {
Auth-Type := Exec
}
and in the authorize section I put in
authorize {
preprocess
files
}
This is what I saw in the radius logs
User-Name = "tkid"
User-Password = "hlsearch"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1645
+- entering group authorize
++[preprocess] returns ok
++[files] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Login incorrect: [tkid/hlsearch] (from client localhost port 1645)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> tkid
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Waking up in 4.9 seconds.
Cleaning up request 0 ID 79 with timestamp +20
Ready to process requests.
I also tried adding the DEFAULT as you asked
so i made an addition to the files module
files {
DEFAULT Auth-Type := Exec
}
I got a radiusd.conf syntax error
"Expecting section start brace '{' after "DEFAULT Auth-Type"
Let me know what else I need to get going here. It would be great if
you can let me know specifically where I have to add config settings
since I am not very familiar with freeradius yet.
I would really prefer to run a perl script rather than doing a .pm
since I tried that before and just kept getting too many errors. I'll
consider that once all the options of a perl script have been
exhausted.
Thanks everyone for your help.
-- Tauseef
2008/4/13 Ivan Kalik <tnt at kalik.net>:
> Add files to authorize and put DEFAULT Auth-Type := Exec in it.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 13/4/2008, "T Kid82" <tkid2000 at gmail.com> piše:
>
>
>
> >Hi everyone,
> >
> >I am trying to accomplish a very simple task using RADIUS as an
> >authentication proxy.
> >All I need it to do is use the username/password combo sent in, run a
> >perl script to validate those credentials and return a pass or fail.
> >I have my perl script setup to return all the right codes as the
> >radiusd.conf specifies. ( < 0 : fail, 0 : ok , etc...)
> >
> >I have added the following changes to the radiusd.conf file,
> >everything else is as it is out of the box.
> >
> > authorize {
> > preprocess
> > exec
> > }
> >
> > authenticate {
> > Auth-Type Exec {
> > exec
> > }
> > }
> >
> >In the modules section I added my program name / perl script (the
> >location is just a temp thing to get this going):
> >
> >exec {
> > program = "/usr/bin/authenticate.pl"
> > wait = yes
> > input_pairs = request
> > output_pairs = reply
> >
> > }
> >
> >When i run radtest, this is what I see in the logs
> >
> >User-Name = "tkid"
> > User-Password = "hlsearch"
> > NAS-IP-Address = 127.0.0.1
> > NAS-Port = 1645
> >+- entering group authorize
> >++[preprocess] returns ok
> >Exec-Program output: Error: Password check passed
> >Exec-Program: returned: 0
> >++[exec] returns ok
> >auth: No authenticate method (Auth-Type) configuration found for the
> >request: Rejecting the user
> >auth: Failed to validate the user.
> >Login incorrect: [tkid/hlsearch] (from client localhost port 1645)
> > Found Post-Auth-Type Reject
> >+- entering group REJECT
> > expand: %{User-Name} -> tkid
> >attr_filter: Matched entry DEFAULT at line 11
> >++[attr_filter.access_reject] returns updated
> >Finished request 0.
> >Going to the next request
> >Waking up in 4.9 seconds.
> >Cleaning up request 0 ID 149 with timestamp +10
> >Ready to process requests.
> >
> >
> >
> >In essence, all I want is authentication and not authorization. How do
> >I accomplish that here?
> >
> >Thanks for your help in advance.
> >Thanks,
> >-- Tauseef
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list