external auth script

Janis Heller janis.heller at outlook.de
Thu Jul 21 23:01:57 CEST 2016


Since RADIUS don’t support bcrypt() hashed passwords this isn’t possible. That’s why I choose this way.
Any idea what’s my fault. It seems like PAP is active, I already put a # before the line of PAP.


> Am 21.07.2016 um 22:59 schrieb Matthew Newton <mcn4 at leicester.ac.uk>:
> 
> On Thu, Jul 21, 2016 at 08:21:53PM +0000, Janis Heller wrote:
>> I would like to use RADIUS to process the authentification of
>> users to my VPN servers using a PHP script which is called by
>> RADIUS processing the auth process.
> 
> That's generally a bad idea, and won't scale well. Forking a new
> process for each auth is really slow.
> 
> You are probably better to just get FreeRADIUS to look directly at
> whatever authentication database your PHP script is looking at.
> 
>> For this reason I added the following part into my exec file:
>> 
>> 	exec { wait = yes program = "/usr/bin/php -f /usr/local/auth.php %{User-Name} %{User-Password}" input_pairs = request shell_escape = yes timeout = 10 }
>> 
>> When I test the script by executing:
>> 
>> radtest testing password localhost -4 testing123
>> 
>> I get this error:
>> 
>> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
> 
> Your script didn't set Auth-Type, so FreeRADIUS doesn't know how
> to authenticate the request.
> 
> You could try a couple of things.
> 
> Use output_pairs = config, then get your script to print
> "Auth-Type := Accept" or "Auth-Type := Reject" on success/failure.
> 
> Or follow the usual PAP/ntlm_auth examples at
> http://wiki.freeradius.org/guide/NTLM%20Auth%20with%20PAP%20HOWTO
> and do it properly with its own Auth-Type.
> 
>> I attached my 
> 
> Not useful. The output of radiusd -X would be. But try the above
> first.
> 
> But really, I'd forget the PHP script if possible.
> 
> Matthew
> 
> 
> 
> -- 
> Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
> 
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
> 
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list