EAP-TTLS + PAP with external script

Dario Maccari d_maccari at hotmail.com
Wed May 14 17:23:09 CEST 2008


> As you can see there is the message:
> "rlm_pap: WARNING! No "known good" password found for the user.  Authentication may fail because of this.
>   modcall[authorize]: module "pap" returns noop for request 9"
> So the php script for pap authorization is not even executed.
> Maybe there is something i missed in configuration?
> 
> Thanx
> Maccari Dario

That's what I did to make it works

I added a new script for authorization which set the auth-type for final step and added that script in the authorize section

********** radiusd.conf *************
modules {
        pap {
                auto_header = yes
        }
       exec test {
                wait = yes
                program = "/usr/local/bin/php -f /etc/raddb/radiusaccess.php"
                input_pairs = request
                output_pairs = reply
        }
        exec papauth {
                wait = yes
                program = "/usr/local/bin/php -n -f /etc/raddb/radiusauth.php"
                input_pairs = request
                output_pairs = config
        }

}
 
authorize {
        preprocess
        suffix
        eap
        pap
        papauth
}
 
authenticate {
        Auth-Type PAP {
                test
        }
        eap
}
 
************* END radiusd.conf **********This is the relevant script part

************* radiusauth.php **********
<?php
    $username = getenv("USER_NAME");
    $userpass = getenv ("USER_PASSWORD");
    if ($username!= "" && $userpass !="")
    {
        echo "Auth-Type = PAP\n";
    }
 ?>
************* END radiusauth.php **********

Does what i did have any sense?
Is it robust enough?

Bye and thanx 

Dario Maccari


_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080514/0163b81f/attachment.html>


More information about the Freeradius-Users mailing list