external auth script
Janis Heller
janis.heller at outlook.de
Fri Jul 22 15:38:40 CEST 2016
After installing the package and saving all configs my default config looks like:
authorize {
check_access_rest
}
authenticate {
}
I’ve created a rest file in the mods-enabled folder and placed the following content into:
rest check_access_rest {
connect_uri = "http://pastebin.com/raw/WuVWAEZQ"
connect_timeout = 4.0
authorize {
uri = "${..connect_uri}/auth/%{User-Name}"
method = 'get'
}
authenticate {
}
accounting {
}
post-auth {
}
pool {
start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}
uses = 0
lifetime = 0
idle_timeout = 60
}
}
The rest script itself looks like:
rest check_access_rest {
connect_timeout = 4.0
authorize {
uri = "http://192.99.59.135/demo"
method = 'get'
}
authenticate {
}
accounting {
}
post-auth {
}
pool {
start = ${thread[pool].start_servers}
min = ${thread[pool].min_spare_servers}
max = ${thread[pool].max_servers}
spare = ${thread[pool].max_spare_servers}
uses = 0
lifetime = 0
idle_timeout = 60
}
}
This results in the following ouput, when making a demo request:
rlm_rest (check_access_rest): Reserved connection (1)
(1) check_access_rest: Expanding URI components
(1) check_access_rest: EXPAND http://192.99.59.135
(1) check_access_rest: --> http://192.99.59.135
(1) check_access_rest: EXPAND /demo
(1) check_access_rest: --> /demo
(1) check_access_rest: Sending HTTP GET to "http://192.99.59.135/demo"
(1) check_access_rest: Processing response header
(1) check_access_rest: Status : 200 (OK)
(1) check_access_rest: Type : json (application/json)
(1) check_access_rest: Parsing attribute "Auth-Type"
(1) check_access_rest: EXPAND Accept
(1) check_access_rest: --> Accept
(1) check_access_rest: Auth-Type := Accept
rlm_rest (check_access_rest): Released connection (1)
rlm_rest (check_access_rest): Need 4 more connections to reach 10 spares
rlm_rest (check_access_rest): Opening additional connection (6), 1 of 26 pending slots used
rlm_rest (check_access_rest): Connecting to "http://pastebin.com/raw/WuVWAEZQ"
(1) [check_access_rest] = updated
(1) } # authorize = updated
(1) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
(1) Failed to authenticate the user
(1) Using Post-Auth-Type Reject
(1) # Executing group from file /etc/freeradius/sites-enabled/default
(1) Post-Auth-Type REJECT {
(1) attr_filter.access_reject: EXPAND %{User-Name}
(1) attr_filter.access_reject: --> testing
>From my point of view server should allow each connection at the moment, since my PHP script will return the JSON to accept all the time.
reagrds;
janis
> Am 22.07.2016 um 15:16 schrieb Matthew Newton <mcn4 at leicester.ac.uk>:
>
> On Fri, Jul 22, 2016 at 01:05:49PM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
>>> I’ve found the rest module in the mods-available folder. I placed the sample config into this file and copied it to mods-enabled.
>>> Now when I try to start radius (in debug mode) it shows:
>>>
>>> /etc/freeradius/mods-enabled/rest[1]: Failed to link to module 'rlm_rest': /usr/lib/freeradius/rlm_rest.so: cannot open shared object file: No such file or directory
>>
>> the config file is there...but your server was built without
>> rest support. recompile with required libraries/headers
>> present
>
> Or install the freeradius-rest package if installed from packages.
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list