using external script in virtual server config
the2nd at otpme.org
the2nd at otpme.org
Sun Jan 25 19:15:33 CET 2015
hi,
today i've written an python module for use with rlm_python and it works
great for clear-text requests. but i dont know how to handle ntlm/mschap
requests.
my current config looks like this:
authenticate {
Auth-Type EAP {
eap
}
Auth-Type MS-CHAP {
otpme_ntlm
}
Auth-Type OTPme {
otpme
}
}
authorize {
eap
if (!control:Auth-Type) {
update control {
Auth-Type := OTPme
}
}
}
mschap otpme_ntlm {
ntlm_auth = "/usr/local/bin/otpme-auth -l verify_ntlm
'%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}'
'%{%{otpme_ntlm:Challenge}:-00}' '%{%{otpme_ntlm:NT-Response}:-00}'
'%{NAS-Identifier}' '%{Client-IP-Address}'"
}
python otpme {
module = freeradius
mod_instantiate = ${.module}
func_instantiate = instantiate
mod_detach = ${.module}
func_detach = instantiate
mod_authenticate = ${.module}
func_authenticate = authenticate
}
any help is appreciated....
the2nd
On 2015-01-18 15:55, Alan DeKok wrote:
> On Jan 18, 2015, at 6:18 AM, the2nd at otpme.org wrote:
>> ok. my script returns "Accept" and "Reject" and it works without any
>> problems. but is it okay to use it this way to authenticate users with
>> an external script? are there any drawbacks using it this way and not
>> using the script/exec module?
>
> You’re putting passwords on the command-line, where everyone can see
> them. That’s not always a good idea. And it’s slow.
>
>> i also found some hints about rlm_python and as my script is written
>> in python it may be a good idea using rlm_python. are there any
>> benefits, beneath better performance, using rlm_python?
>
> rlm_python will likely be faster than executing a separate script.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list