external auth script
Janis Heller
janis.heller at outlook.de
Thu Jul 21 23:25:44 CEST 2016
I’ve cleared my default file a bit. I think these are the needed lines:
authorize {
exec
}
# Authentication.
authenticate {
exec
}
Now here’s my PHP script:
<?php
if ($argv[1] == 'testing' && $argv[2] == 'password')
{
echo "Accept";
return (0);
}
else
echo "REJECT";
exit(2);
?>
When I try to make a request this is the debug output:
(0) authorize {
(0) exec: Executing: /usr/bin/php -f /usr/local/auth.php %{User-Name} %{User-Password}:
(0) exec: EXPAND %{User-Name}
(0) exec: --> testing
(0) exec: EXPAND %{User-Password}
(0) exec: --> password
(0) exec: Program returned code (0) and output 'Accept'
(0) exec: Program executed successfully
(0) [exec] = ok
(0) } # authorize = ok
(0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(0) Failed to authenticate the user
It seems like the returned value of my PHP script is incorrect?
> Am 21.07.2016 um 23:16 schrieb Matthew Newton <mcn4 at leicester.ac.uk>:
>
> On Thu, Jul 21, 2016 at 09:01:57PM +0000, Janis Heller wrote:
>> Since RADIUS don’t support bcrypt() hashed passwords this isn’t
>> possible. That’s why I choose this way.
>
> If you're using a BSD system then you can use FreeRADIUS.
> Otherwise just watch the system doesn't get too slow doing
> authentications.
>
>> Any idea what’s my fault. It seems like PAP is active, I already
>> put a # before the line of PAP.
>
> Did you try anything I suggested?
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list