Problem with external authentication script

Stefan Kuegler freeradius at
Wed Jun 10 21:22:50 CEST 2009

Hi Alan.
> Stefan Kuegler wrote:
>> OK - that's what I forgot to say. The first two arguments (user and
>> password) come directly from the user. The next three arguments (secret,
>> pin and offset) are per-user-values. So I wanted to configure these
>> values in the 'users'-file (/etc/freeradius/users)
>> For example:
>> [...]
>>   user1
>>      Secret = 143a5c6fa125ac1f,
>>      PIN = 1234,
>>      Offset = 0
>   So... they are REPLY attributes.  See "man unlang" for how to refer to
> attributes in the reply list.  %{Secret} isn't it.
OK. I think, I have to use the word "reply" to use these attributes. I 
changed my config-files accordingly.

/etc/freeradius/radiusd.conf (modules-section):

exec motp {
      wait = yes
      program = "/usr/local/bin/ %{User-Name} 
%{User-Password} %{reply:Secret} %{reply:PIN} %{reply:Offset}"
      input_pairs = request
      output_pairs = config

DEFAULT Auth-Type = Accept
         Exec-Program-Wait = "/usr/local/bin/ '%{User-Name}' 
'%{User-Password}' '%{reply:Secret}' '%{reply:PIN}' '%{reply:Offset}'",
         Fall-Through = Yes

user1   Secret:=143a5c6fa125ac1f, PIN:=1234, Offset:=0

I hope that these changes are correct ??

But this is the part of the debug-log after a new test. When the script 
has been called by freeradius, you can see, that the needed arguments 
Secret, PIN, Offset) are still missing.

expand: /usr/local/bin/ '%{User-Name}' '%{User-Password}' 
'%{reply:Secret}' '%{reply:PIN}' '%{reply:Offset}' -> 
/usr/local/bin/ 'user1' 'secret' '' '' ''

Any ideas ??

Best regards,

More information about the Freeradius-Users mailing list