pptp + perl + freeradius???
Oguzhan Kayhan
oguzhank at bilkent.edu.tr
Thu Nov 19 20:15:59 CET 2009
>> The documents i mentioned above was about pptp installation not
>> freeradius
>> itself. Sure i read docs about freeradius also. Even your main README
>> file.!!
>
> If you did read it, why did you do this:
>
>> There were some other virtual servers running on that freeradius server,
>> Just removed them for my test purposes. So nothing special about
>> removing
>> default server.
>
> Removing default server = destroying default configuration! If you want to
> replace default server with another one you need to alter listen section.
> See README in raddb/sites-available.
>
I already set the listen section according to my new config. Thats ok..
>>>> Here is how my perl script works.. When it gets a username/pass it
>>>> checks
>>>> it via an xml page and if it is correct it adds the username to mysql
>>>> table with auth-type == local parameter.
>>>
>>> Which is wrong. Don't add Auth-Type, add the Cleartext-Password.
>>>
>>
>> It was for my perl module. Which seems unnecessary for mschaps as i see.
>> So i already removed it.
>
> Yes, you don't want perl in authenticate, but you do want it in authorize
> still to get the password from xml.
I will give it a try.
>
>> Thats why in my previous system (which still works for hotspot
>> authentications) I was using a perl module to connect to an xml service
>> and
>> check if the username/password is correct (I was just sending
>> usrname/password couple and the answer is returning as ok or not.), and
>> if
>> it is ok, add the username/ name/email address and other informational
>> knowledges of the user to a mysql table which is not relative to our
>> subject now.
>> And everytime user logs on, that perl script checks for the password
>> again
>> via xml page. So i got no passwords in mysql at all.
>
> Fine, just have perl copy the password from xml into
> $RAD_CHECK{'Cleartext-Password'}.
Tht seems not possible, Because as i say, I only send username/password
information to a web server as http://xxx.xxx.xxx.xxx?=username&password
and it returns me something like
<true>
<Name><xxx xxx>
<email><a at b.com> or just <false>
So the only password available is the one i send to web.
But maybe if answer returns true, i can return parameter radcheck from
perl script as $RAD_CHECK{'Cleartext-Password'}
That seem to work.
Thanks.
>
>> So as i understand, the only way that mschap works is to keep
>> username/passwords on mysql (or file) right?
>
> No, if you can get password using perl it doesn't have to be in mysql. You
> need cleartext of nt hashed password for mschap - freeradius doesn't care
> where is it stored (sql, ldap, file, whatever) and how is it made
> available. As long as the password is available for authentication.
>
> Ivan Kalik
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list