Hello,
I've been testing Exec-Program(-Wait) but I don't get it to work. My
goal is to authenticate via external perl script (I want to test this
method first, and then I'll try the rlm_perl module).
* My "users" file:
pepe Auth-Type:= Local, User-Password == "manolo"
DEFAULT Exec-Program-Wait =
"/usr/local/freeradius/bin/freeradius_test.pl %{User-Name} %{User-Password}"
So I have a local user called "pepe", which always works without
problem, and the rest of users should be processed by the external
script. If I try some of that other users, I get the following:
rad_recv: Access-Request packet from host 127.0.0.1:52572, id=187, length=56
User-Name = "juan"
User-Password = "perico"
NAS-IP-Address = 10.64.131.22
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat: '/usr/local/freeradius/var/log/radius/radius.log'
rlm_detail: /usr/local/freeradius/var/log/radius/radius.log expands to
/usr/local/freeradius/var/log/radius/radius.log
modcall[authorize]: module "auth_log" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "juan", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 2
modcall[authorize]: module "files" returns notfound for request 2
modcall: group authorize returns ok for request 2
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
Packet-Type = Access-Request
Thu Apr 14 11:24:40 2005
User-Name = "juan"
User-Password = "perico"
NAS-IP-Address = 10.64.131.22
NAS-Port = 1
Client-IP-Address = 127.0.0.1
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 187 to 127.0.0.1:52572
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 187 with timestamp 425e36d8
Nothing to do. Sleeping until we see a request.
I understand Auth-Type is the problem but I don't know how to configure
this. In xt-radius it's configured as "Auth-Type External", but this is
not allowed in freeradius. How should I configure freeradius to
authenticate against the script? If I ommit the Auth-Type, why is
freeradius not detecting the auth-type (doc recommends not to specify
the auth-type and let freeradius to guess it). I've reviewed and
reviewed the documentation but I couldn't find a clear explanation on
how to get this kind of external authentication to work :( What am I
missing?
Thanks in advance.
Regards,
-RomÃn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
