EAP-TTLS + PAP with external script
Dario Maccari
d_maccari at hotmail.com
Wed May 14 17:23:09 CEST 2008
> As you can see there is the message:
> "rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
> modcall[authorize]: module "pap" returns noop for request 9"
> So the php script for pap authorization is not even executed.
> Maybe there is something i missed in configuration?
>
> Thanx
> Maccari Dario
That's what I did to make it works
I added a new script for authorization which set the auth-type for final step and added that script in the authorize section
********** radiusd.conf *************
modules {
pap {
auto_header = yes
}
exec test {
wait = yes
program = "/usr/local/bin/php -f /etc/raddb/radiusaccess.php"
input_pairs = request
output_pairs = reply
}
exec papauth {
wait = yes
program = "/usr/local/bin/php -n -f /etc/raddb/radiusauth.php"
input_pairs = request
output_pairs = config
}
}
authorize {
preprocess
suffix
eap
pap
papauth
}
authenticate {
Auth-Type PAP {
test
}
eap
}
************* END radiusd.conf **********This is the relevant script part
************* radiusauth.php **********
<?php
$username = getenv("USER_NAME");
$userpass = getenv ("USER_PASSWORD");
if ($username!= "" && $userpass !="")
{
echo "Auth-Type = PAP\n";
}
?>
************* END radiusauth.php **********
Does what i did have any sense?
Is it robust enough?
Bye and thanx
Dario Maccari
_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080514/0163b81f/attachment.html>
More information about the Freeradius-Users
mailing list