external auth script

Matthew Newton mcn4 at leicester.ac.uk
Fri Jul 22 00:13:10 CEST 2016


On Thu, Jul 21, 2016 at 09:25:44PM +0000, Janis Heller wrote:
> authorize {
> 	exec
> }

Yes

> #  Authentication.
> authenticate {
> 	exec
> }

No


> <?php
> if ($argv[1] == 'testing' && $argv[2] == 'password') 
> {
> 	echo "Accept";

That's not what I wrote.

"Auth-Type := Accept"

> 	return (0);
> }
> else
> 	echo "REJECT";

Similarly,

"Auth-Type := Reject"

> It seems like the returned value of my PHP script is incorrect?

Yes.

You need "output_pairs = config" in your exec config as well, as I
previously wrote.

The script output is taken as an attribute list, in the same way
as you'd put in the users file, or feed to radclient, or is output
from the detail writer. It tells FreeRADUS what attributes to
create, with which values.


On Thu, Jul 21, 2016 at 09:40:06PM +0000, Janis Heller wrote:
> Please I would like to use exec.

Arran is right. Please don't complain here if you get it working,
and then find that it stops after a short while because it can't
cope with the workload.

exec for auth is a really bad idea.

But he was probably being a bit too kind about PHP.

Matthew


-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list