Performing an additional check on the credentials

Romeo Mihalcea romeo.mihalcea at
Thu Apr 11 23:29:37 CEST 2013

I successfully managed to deploy a freeradius server and created a python
script which does an additional check on the user (incoming request). I
checked the internet (resources for freeradius are pretty horrible) and
only found a thread which explains some basics about adding a python script
to the process.

Right now I have it inside /etc/freeradius/sites-enabled/default under the
authorize section:

update control {
       Auth-Type := `/usr/bin/python /etc/ '%{User-Name}'
My file spits Reject or Accept. I also have sql authentication
setup with freeradius and the problem is that, if my script returns Accept
any other authorization request under is ignored; response will still be an
Accept even if sql check rejects the user.

>From what I understand I should pass a noop instead of Accept to allow
freeradius to continue and only pass Reject if I need to reject the user
but If I respond with noop the server complains (probably because it
expects a reply for Auth-Type as I coded it).

Someone on serverfault suggested I shouldnt use unlang to call a python
script and I should use rlm_python but I really have no idea how to even
start calling my script.

Any ideas? Maybe I need to add my code to the Authentication. section? How?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list