At 10:33 AM 10/3/2001 -0400, you wrote: >VISP Systems Administration <[EMAIL PROTECTED]> wrote: > > This is something I would love to see in freeradius also. Can we run > > external scripts for authentication? > > Yes, sort of. Do: > >DEFAULT Auth-Type := Accept, Exec-Program := "/path/to/program %args"
OK.. I've done this. But by adding the line you mention above it authenticated _everyone_ regardless if the external program exits 1 or 0. > As the last DEFAULT, instead of 'Auth-Type := System'. If the >program returns 0, then the user is allowed in. If the program >returns 1, the user is denied. Modifying the line to remove the Accept, section in any permuitation, starting radiusd drops the error: radiusd: /etc/raddb/users[150]: Parse error (check) for entry DEFAULT: Expected end of line or comma Also, fixing the syntax then gives error: radiusd: /etc/raddb/users[150]: Parse error (check) for entry DEFAULT: Unknown value Exec-Program for attribute Auth-Type Ideas? > Hmm... the 'Auth-Type' should really be 'Auth-Type = Exec-Program'. >Right now, there's no way of using Exec-Program and STILL >authenticating the user, if the program returns 1. > > Alan DeKok. > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------- Nathan Miller Visp Systems Administration Voice: 541-476-5352 ext. 4 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html