rlm_exec use

T Kid82 tkid2000 at gmail.com
Wed Mar 19 19:34:04 CET 2008 

> You have put significant effort into butchering the default
configuration.  Why?

I got this from the comments in exec-program-wait (which has been
deprecated) where it explains how to use rlm_exec. It says,

"An entry for the module 'rlm_exec' must be added to the file
'radiusd.conf' with the path of the script."

authorize {
	...
	exec
	...
}

I also added

exec {
            program = "/usr/local/etc/raddb/authenticate"
		wait = yes
	        input_pairs = request
		output_pairs = reply
        }

to my radiusd.conf which is also from the comments in exec-program-wait


> Why would this let all users through?
I thought that since I am always returning 3 to the server, that this
would let all users pass through.

> you didn't set Auth-Type
Where do I set the Auth-Type. Can you provide a sample code snippet on
how to do this? Or perhaps a link to the doc.

> If you think this isn't necessary, then you need to spend more time understanding how the server works.
I dont know either way. Thats why I decided to mail the list. I have
looked through quite a bit of documentation but I didnt find much on
this particular module

On Wed, Mar 19, 2008 at 1:17 AM, Alan DeKok <aland at deployingradius.com> wrote:
> T Kid82 wrote:
>  > I have been trying to get RADIUS to run a perl script which would
>  > authenticate users (and yes I have tried rlm_perl but I decided
>  > against it).
>
>   Why?  It is *much* more efficient than exec'ing a program.
>  ...
>
> > Exec-Program output:
>  > Exec-Program: returned: 3
>  > ++[exec] returns ok
>  > auth: No authenticate method (Auth-Type) configuration found for the
>  > request: Rejecting the user
>
>   That would seem to be clear.
>
>
>  > This is what I have in my radiusd.conf
>  >
>  > authorize {
>  >     exec
>  > }
>  >
>  > authentication {
>  >     Auth-Type Exec {
>  >         exec
>  >     }
>
>   You have put significant effort into butchering the default
>  configuration.  Why?
>
>
>  > I would think this should let all users pass through but it doesnt
>  > seem to be doing that. What am I missing here?
>
>   Why would this let all users through?  The debug output is clear: you
>  didn't set Auth-Type.  So authentication fails.
>
>   The default configuration Just Does the Right Thing.  If you're going
>  to drastically edit the configuration, then you need to understand how
>  the server works.  In this case, fix the problem printed out by the
>  debug log: set Auth-Type.  If you think this isn't necessary, then you
>  need to spend more time understanding how the server works.
>
>   Alan DeKok.
>  -
>  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list