CHAP, Cleartext-Password and External Script

Prash K getpkme at
Wed Nov 13 17:22:23 CET 2013


I have searched high and low but I could not find answer to my problem. It
may be a very simple problem for the expert users out here. Basically I'm
using radius server to perform 802.1x authentication.

In my set up, I use an external authentication script (written in python)
which accepts user and password. I have successfully proven this set up on
eapol_test with EAP-TTLS (PEAP). I perform exec in post-auth section of
default. Something like this in users:

Auth-Type = Accept
        Exec-Program-Wait = "/path/to/  %{User-Name}

This works fine with EAP-TTLS (PEAP).  But as you know Windows built in
supplicant defaults to CHAP. So I'm keen to get that working. I understand
that freeradius needs to know the password (Cleartext-Password) but I can't
set that in users file. I don't use ldap or sql modules.

I can amend my script to print the password once it has authenticated
against the external source. But how do I call my script and set the
Cleartext-Password (using the script output) so that CHAP could be

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list