Problem with external authentication script
Stefan Kuegler
freeradius at kuegler.org
Wed Jun 10 21:22:50 CEST 2009
Hi Alan.
> Stefan Kuegler wrote:
>> OK - that's what I forgot to say. The first two arguments (user and
>> password) come directly from the user. The next three arguments (secret,
>> pin and offset) are per-user-values. So I wanted to configure these
>> values in the 'users'-file (/etc/freeradius/users)
>>
>> For example:
>> [...]
>> user1
>> Secret = 143a5c6fa125ac1f,
>> PIN = 1234,
>> Offset = 0
>
> So... they are REPLY attributes. See "man unlang" for how to refer to
> attributes in the reply list. %{Secret} isn't it.
>
OK. I think, I have to use the word "reply" to use these attributes. I
changed my config-files accordingly.
/etc/freeradius/radiusd.conf (modules-section):
exec motp {
wait = yes
program = "/usr/local/bin/otpverify.sh %{User-Name}
%{User-Password} %{reply:Secret} %{reply:PIN} %{reply:Offset}"
input_pairs = request
output_pairs = config
}
/etc/freeradius/users:
DEFAULT Auth-Type = Accept
Exec-Program-Wait = "/usr/local/bin/otpverify.sh '%{User-Name}'
'%{User-Password}' '%{reply:Secret}' '%{reply:PIN}' '%{reply:Offset}'",
Fall-Through = Yes
user1 Secret:=143a5c6fa125ac1f, PIN:=1234, Offset:=0
I hope that these changes are correct ??
But this is the part of the debug-log after a new test. When the script
has been called by freeradius, you can see, that the needed arguments
Secret, PIN, Offset) are still missing.
[...]
expand: /usr/local/bin/otpverify.sh '%{User-Name}' '%{User-Password}'
'%{reply:Secret}' '%{reply:PIN}' '%{reply:Offset}' ->
/usr/local/bin/otpverify.sh 'user1' 'secret' '' '' ''
[...]
Any ideas ??
Best regards,
Stefan
More information about the Freeradius-Users
mailing list