SV: Outpairs not working on external script when user is located in MYSQL
Phil Mayers
p.mayers at imperial.ac.uk
Tue Oct 9 16:50:27 CEST 2012
On 09/10/12 14:47, Thomas Raabo - Zitcom A/S wrote:
>> Here is my External module
>>
>> exec MOTP {
>> wait = yes
>> program = "/etc/raddb/otpverify.sh %{User-Name} %{User-Password} %{reply:Secret} %{reply:Pin} %{reply:Offset}"
>
> What do you think that does? What is "reply:Secret" and "reply:Pin" ?
>
> -Well a select is done on radcheck for the user name. I would think that output_pairs would be filled with attributes from radcheck?
No. This is not how it works.
radcheck pairs are *compared* against the request. Certain special pairs
assume that "comparison" means "add me to the control list". But
radcheck pairs are NEVER added to the reply.
radreply pairs are added to the reply. Hence the name.
> ATTRIBUTE Secret 3001 string
> ATTRIBUTE Pin 3002 string
> ATTRIBUTE Offset 3003 string
That is better. But you still need to actually populate them, which will
entail moving the pairs from radcheck to radreply.
More information about the Freeradius-Users
mailing list