How do I get every userid passed to an rlm_python module
Jim Whitescarver
jimscarver at gmail.com
Wed Feb 10 21:58:36 CET 2016
I got it to work further without even disabling pap. But then I get
somehow I got this wrong
authenticat {
Auth-Type example{
python
}
}
But now I get
Dropping packet without response because of error: Received packet from
127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.)
Investigating how to fix that....
Thanks!
Jim
On Wed, Feb 10, 2016 at 10:20 AM, Herwin Weststrate <
herwin at quarantainenet.nl> wrote:
> On 10-02-16 16:04, Jim Whitescarver wrote:
> > ...
> > But I always get
> > pap: WARNING: No "known good" password found for the user. Not setting
> > Auth-Type
> > (2) pap: WARNING: Authentication will fail unless a "known good" password
> > is available
> >
> > How can I get past that? There is never a "known good" password.
> > Passwords are not used. Somehow four years ago we got it to work.
>
> That error is caused by the pap module, not by Python. You can remove it
> from your config.
>
> > (1) [python] = ok
> > (1) update control {
> > (1) Auth-Type := saferadius
> > (1) } # update control = noop
>
> Here Python updated control:Auth-Type, which is good.
>
> > ...
> > (1) pap: WARNING: No "known good" password found for the user. Not
> setting
> > Auth-Type
> > (1) pap: WARNING: Authentication will fail unless a "known good" password
> > is available
> > (1) [pap] = noop
>
> Here pap warns you that it can't handle the authentication. It's ugly,
> but it doesn't break anything. Like I said: try to remove the pap from
> the virtual server.
>
> > (1) } # authorize = ok
> > (1) Found Auth-Type = saferadius
> > (1) # Executing group from file
> /usr/local/etc/raddb/sites-enabled/default
> > (1) Auth-Type saferadius {
> > (1) [python] = noop
> > (1) } # Auth-Type saferadius = noop
> > (1) Failed to authenticate the user
>
> Here it should call the authenticate method of your python module, which
> should return radiusd.RLM_MODULE_OK to accept the user. I've got no idea
> if it really does that or not, all that information is truncated from
> the logging snippets you've posted.
>
> --
> Herwin Weststrate
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list