Best way of adding custom authentication procedure to Freeradius that works in Windows/Linux platforms?
joshua__lim at hotmail.com
Thu Dec 11 09:54:56 CET 2008
I'm a newbie, with some delphi/pascal programming skills, but no knowledge of C.
I've been watching Freeradius developments for the last 4 years, and am very impressed by how much the community has grown and software has developed since then. Henceforth, i am exploring into the possibility of using freeradius for my authentication project.
For the last few days, i've been experimenting with the cygwin version of Freeradius (Freeradius.net), and trying to figure out an easy way for me to add custom authentication procedure to Freeradius that works on both Windows/Linux platforms.
3 methods come into mind, rlm_perl, rlm_exec and custom module. Custom module will be the last resort since it requires greater effort, and hence cost.
Firstly, I've got file and rlm_mysql working on freeradius.net.
Then comes rlm_perl, which was a problem as it wasn't available in the freeradius.net installation (not found inside lib folder), so i can't use it.
Next, i tried rlm_exec, and got a no such file error - i tried setting different paths in radiusd.conf, but to no avail.
Exec-Program output: Exec-Program: FAILED to execute c:/freeradius.net/bin/test.pl:
No such file or directory
Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute c:/freeradius.net/
bin/test.pl: No such file or directory
Exec-Program: returned: 1
rlm_exec (exec): External script failed
For radiusd.conf, i tried "c:/freeradius.net/bin/test.pl", "c:\freeradius.net\bin\test.pl", "test.pl", "/freeradius.net/bin/test.pl", "\freeradius.net\bin/test.pl", and also tried placing test.pl on C drive root.
program = "c:/freeradius.net/bin/test.pl"
wait = yes
input_pairs = request
output_pairs = reply
Some questions which i hope someone here experienced can provide me with some insights. :)
1). Is there a way to get the cygwin version of rlm_perl.
2). Why am i facing the path/file not found problem? Does this mean the cygwin version of rlm_exec doesn't work?
3). Are there any other options for me besides rlm_exec and rlm_perl?
4). If i were to implement a custom module, must it be compiled into radiusd.exe? I will want to avoid messing with the cygwin compiled radiusd.exe. And if that is not the case, can i use a crossplatform programming language like freepascal to implement the module, instead of C?
A little info on the custom authentication procedure:
1. I need to provide a double-factor authentication to my users.
2. The first level will be a simple challenge and password (i reckon that this can be done using File or MySQL).
3. Upon successful first authentication, the user is not given access-accept, instead, he needs to enter a second password (this is the OTP). The OTP must be generated by the custom script/module by accessing some external database - this is done immediately after the first authentication has been successfully completed.
Thanks in advance.
Easily edit your photos like a pro with Photo Gallery.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users