Authentication with Vendor-Specific Attribute
Daniel Kastner
daniel.kastner at karakun.com
Tue Apr 20 11:57:41 CEST 2021
I'm totally new to this (free)Radius stuff and trying to achieve authentication based on a vendor-specific attribute send by the client.
I've add the custom attribute in a new dictionary file /opt/share/freeradius/dictionary.myvendor:
VENDOR MyVendor 16132
BEGIN-VENDOR MyVendor
ATTRIBUTE MyVendor -OneTimePassword 1 string
END-VENDOR MyVendor
Included it in the /opt/share/freeradius/dictionary:
$INCLUDE dictionary.myvendor
And now trying the following in file /opt/etc/raddb/mods-config/files/authorize:
bob Cleartext-Password := "hello"
if( &MyVendor-OneTimePassword == "123456" ) {
Auth-Type := Accept
Reply-Message := "Hello %{User-Name}, great to have you here!"
} else {
Auth-Type := Reject
Reply-Message := "Sorry %{User-Name}, wrong OTP"
}
But when I start the server it quits with the following message:
reading pairlist file /opt/etc/raddb/mods-config/files/authorize
/opt/etc/raddb/mods-config/files/authorize[2]: Parse error (reply) for entry bob: Expecting operator
Failed reading /opt/etc/raddb/mods-config/files/authorize
/opt/etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"
Any advice?
More information about the Freeradius-Users
mailing list