If I set up an exec module in the radiusd.conf file, with the intent of using an external script to authenticate, as follows:
exec special_auth {
wait = yes
program = "/usr/local/freeradius/etc/scripts/rad-auth.sh %{User-Name}"
input_pairs = request
output_pairs = reply
}
........................
in the "instantiate" section I include the following
special_auth
........................
Then in the "authenticate" section
Auth-Type NEWAUTH {
special_auth
}
Question 1:
This script is intended to be an Authentication method. How do I teach freeradius (during the authorize process?) to set Auth-Type to use this method when appropriate?
This would mean that freeradius would have to set the Auth-Type to NEWAUTH, right? The NEWAUTH block would in turn kick of the special_auth module and execute my auth script?
Question 2:
A related, but separate question regarding external scripts. Having specified the "output_pairs = reply" parameter, how does a script set or return the pairs for use by freeradius.
I know I'm off base a little because this does not seem to work as yet, any guidance here would be appreciated.
Regards,
Lin Richardson
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html