Dear Dmitry Koval, You messed up 2 things: 'authorize' and 'authenticate'. In terms of FreeRADIUS you want to 'authorize' with external program. That is you wanna call external program to add Password attribute to configure list. Please read doc/aaa.txt
--Saturday, August 30, 2003, 9:51:01 PM, you wrote to [EMAIL PROTECTED]: DK> Hi everyone. DK> My problem is following: DK> I'm using freeradius 0.9.0. DK> I need to authenticate users by mschap v2. DK> The database is a quite sophisticated one in an Oracle. DK> So I want to authenticate by external script using Exec-Program-Wait. DK> With pap and chap it goes well, but with mschap it fails with an error: DK> auth: type "MS-CHAP" DK> modcall: entering group Auth-Type DK> rlm_mschap: No User-Password configured. Cannot create LM-Password. DK> rlm_mschap: No User-Password configured. Cannot create NT-Password. DK> rlm_mschap: No LM-Password or NT-Password attribute found. Cannot DK> perform MS-CHAP authentication. DK> modcall[authenticate]: module "mschap" returns fail DK> modcall: group Auth-Type returns fail DK> auth: Failed to validate the user. DK> Piece of config in users file: DK> DEFAULT Auth-Type = Accept DK> Service-Type = Framed-User, DK> Exec-Program-Wait = "/usr/local/bin/billing/login", DK> Framed-Protocol = PPP, DK> Idle-Timeout = 900, DK> Framed-Routing = None DK> If I put here plaintext user and password it passes ok. DK> In general I understand that some data (password) used by mschap core DK> module can't be received by it, but I have no clue how to bypass this. DK> Or how to fed it manually from my script. DK> Is it possible at all to use mschap and Exec-Program-Wait together? DK> I would kindly appreciate any help. DK> Thanks. -- ~/ZARAZA Жало мне не понадобится (С. Лем) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
