rlm_exec use

Alan DeKok aland at deployingradius.com
Wed Mar 19 09:17:13 CET 2008


T Kid82 wrote:
> I have been trying to get RADIUS to run a perl script which would
> authenticate users (and yes I have tried rlm_perl but I decided
> against it).

  Why?  It is *much* more efficient than exec'ing a program.
...
> Exec-Program output:
> Exec-Program: returned: 3
> ++[exec] returns ok
> auth: No authenticate method (Auth-Type) configuration found for the
> request: Rejecting the user

  That would seem to be clear.

> This is what I have in my radiusd.conf
> 
> authorize {
>     exec
> }
> 
> authentication {
>     Auth-Type Exec {
>         exec
>     }

  You have put significant effort into butchering the default
configuration.  Why?

> I would think this should let all users pass through but it doesnt
> seem to be doing that. What am I missing here?

  Why would this let all users through?  The debug output is clear: you
didn't set Auth-Type.  So authentication fails.

  The default configuration Just Does the Right Thing.  If you're going
to drastically edit the configuration, then you need to understand how
the server works.  In this case, fix the problem printed out by the
debug log: set Auth-Type.  If you think this isn't necessary, then you
need to spend more time understanding how the server works.

  Alan DeKok.



More information about the Freeradius-Users mailing list