Using return-output from external script as reply-message
S y s C o / developer
developer at sysco.ch
Sat May 18 22:43:48 CEST 2013
Hello Stephan, hello Alan,
Have a look at the last beta version
(http://www.1-2-3-4-5-6.net/multiotp/beta/), you can now set a prefix for
the debug mode. for example to be able to handle response by the radius
server ;-)
To set this option : multiotp -config debug-prefix="Reply-Message := "
Any feedback welcome
Best regards,
Andre Liechti
Stefan Kuegler wrote:
> exec multiotp {
> wait = yes
> input_pairs = request
> output_pairs = reply
>
> That says the script output is a series of "Attribute = Value" lines.
>
> ...and activated this module in the authentication-section of the
> default-configuration (and also in the inner-tunnel-configuration):
>
> authenticate {
> [...]
> Auth-Type MultiOTP {
> update reply {
> Reply-Message = "Hello, %{User-Name}"
> }
> multiotp
> }
Alan DeKok wrote:
> Update sections should generally be in post-auth, but... whatever.
>
>> The external script gives me additional informations (like "OK: Token
>> accepted", "INFO: Authentication failed" etc.) after authentication.
>
> Which isn't in "Attribute = Value" form, and is therefore ignored.
>
> Yes. Fix the script to send:
>
> Reply-Message := "... text ... "
More information about the Freeradius-Users
mailing list