using external script in virtual server config

the2nd at the2nd at
Sun Jan 25 19:15:33 CET 2015


today i've written an python module for use with rlm_python and it works 
great for clear-text requests. but i dont know how to handle ntlm/mschap 

my current config looks like this:

         authenticate {
                 Auth-Type EAP {

                 Auth-Type MS-CHAP {

                 Auth-Type OTPme {

         authorize {

                 if (!control:Auth-Type) {
                         update control {
                             Auth-Type := OTPme

mschap otpme_ntlm {
         ntlm_auth = "/usr/local/bin/otpme-auth -l verify_ntlm 
'%{%{otpme_ntlm:Challenge}:-00}' '%{%{otpme_ntlm:NT-Response}:-00}' 
'%{NAS-Identifier}' '%{Client-IP-Address}'"

python otpme {
         module = freeradius

         mod_instantiate = ${.module}
         func_instantiate = instantiate

         mod_detach = ${.module}
         func_detach = instantiate

         mod_authenticate = ${.module}
         func_authenticate = authenticate

any help is appreciated....


On 2015-01-18 15:55, Alan DeKok wrote:
> On Jan 18, 2015, at 6:18 AM, the2nd at wrote:
>> ok. my script returns "Accept" and "Reject" and it works without any 
>> problems. but is it okay to use it this way to authenticate users with 
>> an external script? are there any drawbacks using it this way and not 
>> using the script/exec module?
>   You’re putting passwords on the command-line, where everyone can see
> them.  That’s not always a good idea.  And it’s slow.
>> i also found some hints about rlm_python and as my script is written 
>> in python it may be a good idea using rlm_python. are there any 
>> benefits, beneath better performance, using rlm_python?
>   rlm_python will likely be faster than executing a separate script.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See 

More information about the Freeradius-Users mailing list