using external script in virtual server config

Matthew Newton mcn4 at leicester.ac.uk
Tue Jan 27 12:07:38 CET 2015


On Tue, Jan 27, 2015 at 09:56:23AM +0100, the2nd at otpme.org wrote:
> btw. rlm_python examples do not show how to handle mschap requests.
> it would be of much help to have an example.


I've not done this before, but I would start with the following
and work from there -

in radiusd.conf instantiate{} section, add mschap (so the xlats
are available).

In authorize{}, add this to expand the xlats and get them into
temporary attributes:

> >>you said i should add something like this to my config:
> >>
> >>                       update request {
> >>                               Tmp-Octets-0 := "%{mschap:Challenge}"
> >>                               Tmp-Octets-1 := "%{mschap:NT-Response}"
> >>                       }


In authenticate, call your python code as normal.


Then read the debug output and make sure it's doing what you
expect. So for an incoming request, you should see the update
section (above) when the packet comes in, and then make sure the
Auth-Type is set right, and see what auth-type section gets
called. It should be simple - just the server outputs a *lot* of
debug. For a reason.

> and as soon as i get it working i'd like to extend the example
> module (if needed) and write down how to handle mschap requests
> using rlm_python. maybe i should add this to the freeradius wiki?

When you get it working then putting something on the wiki would
be useful for others, yes.

Cheers,

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list