external auth script

Matthew Newton mcn4 at leicester.ac.uk
Fri Jul 22 12:27:25 CEST 2016

On Fri, Jul 22, 2016 at 10:18:10AM +0000, Janis Heller wrote:
> I’m a newbie to RADIUS.

I suggest you read through doc/concepts/aaa.rst.

Otherwise you're just guessing where you should put things.

> I’ve taken a look into my modules folder, there’s no rest module. How can I built this fast? Many of you told me to use rest instead of exec to perform a simple web request to some script.

If you've got a "modules" folder then you're using version 2,
which is end of life and not supported any more. You need version

We would have known this if you'd sent the full output of radiusd

> authorize {
> }
> authenticate {
> 	Auth-Type exec {
>       exec
> 	}
> }
> I get this error all the time (provided username & password are correct)
> (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
> I’m a bit confused about this. I think I only need to use
> authorize to validate username & password. My accounts won’t
> have custom permissions etc.

That's not the right place for what you are trying to do, and not
what I put in the previous e-mails.

  Put exec in authorize, nothing in authenticate.

  Make your script output "Auth-Type := Accept" on stdout. This
  skips the authenticate section and directly accepts the request.

  Use "output_pairs = config" as well as your existing exec config.

It works. I tested it here. No other config changes than those.

You still shouldn't use exec like this in production.

I suggest you play around with concepts like this first (even if
you shouldn't use it) before trying to use something like rest, so
that you learn how FreeRADIUS works.

And read all the debug output. It shows how packets flow through
the server, and which modules are hit when. Debug output in
version 3.0.11 is clearer than in version 2.


Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list