external script problem

Phil Mayers p.mayers at imperial.ac.uk
Thu Sep 20 22:24:10 CEST 2012

On 09/20/2012 08:56 PM, Tarık Kabak wrote:
> Hi Arran,
> Can you tell me please what is wrong with this php script below. Or is there any working example script?

What's "wrong" with the script is that what you want to do is impossible.

EAP is a challenge-response authentication method. You can't just run a 
PHP script and get a username/password.

As per my previous email, see here:


...and also here:


Read those pages until you understand them.

> Note that this script is just for simplifying at all.

To repeat: what you want to do is impossible.

The ONLY thing you can do is *if* you are using EAP-TTLS/PAP on the 
clients and *then* you can use a script, as follows:


authorize {
   if (User-Password) {
     # this is a PAP request, pass to our script
     update control {
       Auth-Type := myscript
authenticate {
   Auth-Type myscript {

However, note that EAP-TTLS/PAP is not supported in Windows until Windows 8.

More information about the Freeradius-Users mailing list