external script problem
Phil Mayers
p.mayers at imperial.ac.uk
Thu Sep 20 22:24:10 CEST 2012
On 09/20/2012 08:56 PM, Tarık Kabak wrote:
> Hi Arran,
>
> Can you tell me please what is wrong with this php script below. Or is there any working example script?
What's "wrong" with the script is that what you want to do is impossible.
EAP is a challenge-response authentication method. You can't just run a
PHP script and get a username/password.
As per my previous email, see here:
http://deployingradius.com/documents/protocols/oracles.html
...and also here:
http://deployingradius.com/documents/protocols/compatibility.html
Read those pages until you understand them.
> Note that this script is just for simplifying at all.
To repeat: what you want to do is impossible.
The ONLY thing you can do is *if* you are using EAP-TTLS/PAP on the
clients and *then* you can use a script, as follows:
sites-enabled/inner-tunnel:
authorize {
...
if (User-Password) {
# this is a PAP request, pass to our script
update control {
Auth-Type := myscript
}
}
}
authenticate {
...
Auth-Type myscript {
my_php_exec
}
}
However, note that EAP-TTLS/PAP is not supported in Windows until Windows 8.
More information about the Freeradius-Users
mailing list