How do I get every userid passed to an rlm_python module
Alan DeKok
aland at deployingradius.com
Wed Feb 10 02:55:53 CET 2016
On Feb 9, 2016, at 8:35 PM, Jim Whitescarver <jimscarver at gmail.com> wrote:
> for jim the password is arbitrary as I am not checking it at this point in
> the python. The authentication will be done out-of-band by the plugin.
> Before trying my script I want to get the example script to just always
> authenticate. Then I will add the code for out-of-band authentication.
>
> I see ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type =
> Reject
Because you didn't tell the server how to authenticate the user.
You'll need to do one of two things. Either do all the work in "authorize", and set "Auth-Type = Accept" for successful authentication, or (preferred) do the authentication in the "authenticate" section.
But there, you'll also need to force "Auth-Type = my-python-script", and put the relevant configuration into "authenticate".
It's best to use the sections the way they are intended.
> I included python in the authorize section per the instructions but it is
> not in the authenticate section of sites-enabled/default, I suspect that
> may be an issue but I do not know where/how to put it.
Simple:
authenticate {
...
Auth-Type my-python-script {
python
}
...
}
And it will call the authenticate method of your python script.
The downside here is that this works *only* for PAP authentication. For CHAP, MS-CHAP, EAP, etc., you really want to let FreeRADIUS authenticate the user.
Alan DeKok.
More information about the Freeradius-Users
mailing list