using external script in virtual server config

the2nd at the2nd at
Mon Jan 26 23:13:26 CET 2015

On 2015-01-26 23:00, Alan DeKok wrote:
> On Jan 26, 2015, at 4:54 PM, the2nd at wrote:
>> i tried it with the config below but the attribute Tmp-Octets-0 is 
>> always "0x". it think thats because the mschap module is disabled.
>   Well…. then fix that.
>> but if i enable it i get no auth request from rlm_python. i guess 
>> thats because the mschap module always tries to do authentication, via 
>> ntlm_auth or via users file!?
>   The MSCHAP module does MSCHAP authentication.  That’s why it exists.

but i guess it does something more than just authentication because i 
can pass the mschap challenge and the nt-response to my script when 
configuring the mschap module like this:

ntlm_auth = "/usr/local/bin/otpme-auth -l verify_ntlm 
'%{%{mschap:Challenge}:-00}' '%{%{mschap:NT-Response}:-00}' 
'%{NAS-Identifier}' '%{Client-IP-Address}'"

but from inside the rlm_python module i cannot access this two 

it would be great to have access to them from within rlm_python....

>   If you *don’t* want it to set “Auth-Type = MSCHAP”, then don’t list
> “mschap” in the “authorize” section.
>> i also noticed that authData includes a challange/response pair but 
>> they are different (longer) from what i get from mschap module when 
>> running otpme as ntlm_auth replacement.
>   No idea...
>> the request EAP-Type is set to MS-CHAP-V2. is this an encapsulated 
>> mschap request?
>   Yes.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See 

More information about the Freeradius-Users mailing list