external script problem
Fajar A. Nugraha
list at fajar.net
Thu Sep 20 23:03:35 CEST 2012
On Fri, Sep 21, 2012 at 3:24 AM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> The ONLY thing you can do is *if* you are using EAP-TTLS/PAP on the clients
> and *then* you can use a script, as follows:
>
> sites-enabled/inner-tunnel:
>
> authorize {
> ...
> if (User-Password) {
> # this is a PAP request, pass to our script
> update control {
> Auth-Type := myscript
Since the OP's script (the one he posted last anyway) checks something
like "if ($password == 'bar')", I assume he has passwords in clear
text, so it might be possibe to use something like
authorize {
...
update control {
Cleartext-Password := "%{exec:/path/to/the/script args}"
}
...
}
... and then let the default pap/chap module handle the authorization.
Of course it depends on whether or not the passwords are available as
cleartext/nt-hash, and the script needs to be modified to print the
password instead of "Access-Accept" like it does currently.
--
Fajar
More information about the Freeradius-Users
mailing list