external auth script
Janis Heller
janis.heller at outlook.de
Thu Jul 21 23:01:57 CEST 2016
Since RADIUS don’t support bcrypt() hashed passwords this isn’t possible. That’s why I choose this way.
Any idea what’s my fault. It seems like PAP is active, I already put a # before the line of PAP.
> Am 21.07.2016 um 22:59 schrieb Matthew Newton <mcn4 at leicester.ac.uk>:
>
> On Thu, Jul 21, 2016 at 08:21:53PM +0000, Janis Heller wrote:
>> I would like to use RADIUS to process the authentification of
>> users to my VPN servers using a PHP script which is called by
>> RADIUS processing the auth process.
>
> That's generally a bad idea, and won't scale well. Forking a new
> process for each auth is really slow.
>
> You are probably better to just get FreeRADIUS to look directly at
> whatever authentication database your PHP script is looking at.
>
>> For this reason I added the following part into my exec file:
>>
>> exec { wait = yes program = "/usr/bin/php -f /usr/local/auth.php %{User-Name} %{User-Password}" input_pairs = request shell_escape = yes timeout = 10 }
>>
>> When I test the script by executing:
>>
>> radtest testing password localhost -4 testing123
>>
>> I get this error:
>>
>> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
>
> Your script didn't set Auth-Type, so FreeRADIUS doesn't know how
> to authenticate the request.
>
> You could try a couple of things.
>
> Use output_pairs = config, then get your script to print
> "Auth-Type := Accept" or "Auth-Type := Reject" on success/failure.
>
> Or follow the usual PAP/ntlm_auth examples at
> http://wiki.freeradius.org/guide/NTLM%20Auth%20with%20PAP%20HOWTO
> and do it properly with its own Auth-Type.
>
>> I attached my
>
> Not useful. The output of radiusd -X would be. But try the above
> first.
>
> But really, I'd forget the PHP script if possible.
>
> Matthew
>
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list