SV: Outpairs not working on external script when user is located in MYSQL

Phil Mayers p.mayers at imperial.ac.uk
Tue Oct 9 16:50:27 CEST 2012


On 09/10/12 14:47, Thomas Raabo - Zitcom A/S wrote:
>> Here is my External module
>>
>>          exec MOTP {
>>          wait = yes
>>          program = "/etc/raddb/otpverify.sh %{User-Name} %{User-Password} %{reply:Secret} %{reply:Pin} %{reply:Offset}"
>
>    What do you think that does?  What is "reply:Secret" and "reply:Pin" ?
>
> -Well a select is done on radcheck for the user name. I would think that output_pairs would be filled with attributes from radcheck?

No. This is not how it works.

radcheck pairs are *compared* against the request. Certain special pairs 
assume that "comparison" means "add me to the control list". But 
radcheck pairs are NEVER added to the reply.

radreply pairs are added to the reply. Hence the name.

> ATTRIBUTE       Secret                  3001     string
> ATTRIBUTE       Pin                        3002    string
> ATTRIBUTE       Offset                  3003     string

That is better. But you still need to actually populate them, which will 
entail moving the pairs from radcheck to radreply.


More information about the Freeradius-Users mailing list