CHAP, Cleartext-Password and External Script
Prash K
getpkme at gmail.com
Wed Nov 13 17:22:23 CET 2013
Hi,
I have searched high and low but I could not find answer to my problem. It
may be a very simple problem for the expert users out here. Basically I'm
using radius server to perform 802.1x authentication.
In my set up, I use an external authentication script (written in python)
which accepts user and password. I have successfully proven this set up on
eapol_test with EAP-TTLS (PEAP). I perform exec in post-auth section of
default. Something like this in users:
Auth-Type = Accept
Exec-Program-Wait = "/path/to/myscript.py %{User-Name}
%{User-Password}
This works fine with EAP-TTLS (PEAP). But as you know Windows built in
supplicant defaults to CHAP. So I'm keen to get that working. I understand
that freeradius needs to know the password (Cleartext-Password) but I can't
set that in users file. I don't use ldap or sql modules.
I can amend my script to print the password once it has authenticated
against the external source. But how do I call my script and set the
Cleartext-Password (using the script output) so that CHAP could be
performed?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131113/e379d4d4/attachment.html>
More information about the Freeradius-Users
mailing list