How do I get every userid passed to an rlm_python module

[Herwin Weststrate]

On 10-02-16 16:04, Jim Whitescarver wrote:
> ...
> But I always get
>  pap: WARNING: No "known good" password found for the user.  Not setting
> Auth-Type
> (2) pap: WARNING: Authentication will fail unless a "known good" password
> is available
> 
> How can I get past that?  There is never a "known good" password.
> Passwords are not used.  Somehow four years ago we got it to work.

That error is caused by the pap module, not by Python. You can remove it
from your config.

> (1)     [python] = ok
> (1)     update control {
> (1)       Auth-Type := saferadius
> (1)     } # update control = noop

Here Python updated control:Auth-Type, which is good.

> ...
> (1) pap: WARNING: No "known good" password found for the user.  Not setting
> Auth-Type
> (1) pap: WARNING: Authentication will fail unless a "known good" password
> is available
> (1)     [pap] = noop

Here pap warns you that it can't handle the authentication. It's ugly,
but it doesn't break anything. Like I said: try to remove the pap from
the virtual server.

> (1)   } # authorize = ok
> (1) Found Auth-Type = saferadius
> (1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
> (1)   Auth-Type saferadius {
> (1)     [python] = noop
> (1)   } # Auth-Type saferadius = noop
> (1) Failed to authenticate the user

Here it should call the authenticate method of your python module, which
should return radiusd.RLM_MODULE_OK to accept the user. I've got no idea
if it really does that or not, all that information is truncated from
the logging snippets you've posted.

-- 
Herwin Weststrate