How do I get every userid passed to an rlm_python module

Matthew Newton mcn4 at
Wed Feb 10 02:53:40 CET 2016

On Tue, Feb 09, 2016 at 08:35:33PM -0500, Jim Whitescarver wrote:
> bob is the test user given a password in radiusd.conf


OK, so that's why they succeed and jim doesn't.

> for jim the password is arbitrary as I am not checking it at this point in
> the python.  The authentication will be done out-of-band by the plugin.
> Before trying my script I want to get the example script to just always
> authenticate.  Then I will add the code for out-of-band authentication.

To do that you'll have to set Auth-Type to Accept in the python

In which case you may as well just set Cleartext-Password to
something and then let pap do the authentication for you.

> I see ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
> Reject

Yes, nothing's setting Auth-Type as no modules matched the user.

> I included python in the authorize section per the instructions but it is
> not in the authenticate section of sites-enabled/default,  I suspect that
> may be an issue but I do not know where/how to put it.

I wouldn't put python in authorize unless you really know what
you're doing.

As for how to actually change attributes in python, I've never
done it I'm afraid. From one of the example files it looks like
you might want something like

 return (radiusd.RLM_MODULE_UPDATED, (), (('Auth-Type', 'Accept'),))

at the end of your authorize function. To return the correct
password you could try

 return (radiusd.RLM_MODULE_UPDATED, (), (('Cleartext-Password', 'thingy'),))


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list