Hi, > We did try your suggestion before posting back and you can enter any > pasword and it will accept it. We tried it again and here is the output: > > rad_recv: Access-Request packet from host 192.168.1.1:1224, id=1, length=84 > User-Name = "[EMAIL PROTECTED]" > User-Password = "kjhtlhrfrdjkshgfdhkgj" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 1 > modcall[authorize]: module "preprocess" returns ok for request 1 > modcall[authorize]: module "chap" returns noop for request 1 > modcall[authorize]: module "mschap" returns noop for request 1 > rlm_realm: Looking up realm "adslgateway.co.uk" for User-Name = > "[EMAIL PROTECTED]" > rlm_realm: No such realm "adslgateway.co.uk" > modcall[authorize]: module "suffix" returns noop for request 1 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 1 > users: Matched DEFAULT at 4 > radius_xlat: '/etc/raddb/checkpassword.pl [EMAIL PROTECTED] > kjhtlhrfrdjkshgfdhkgj' > modcall[authorize]: module "files" returns ok for request 1 > modcall: group authorize returns ok for request 1 > rad_check_password: Found Auth-Type Accept > rad_check_password: Auth-Type = Accept, accepting the user > radius_xlat: '/etc/raddb/checkpassword.pl [EMAIL PROTECTED] > kjhtlhrfrdjkshgfdhkgj' > Exec-Program: /etc/raddb/checkpassword.pl [EMAIL PROTECTED] > kjhtlhrfrdjkshgfdhkgj > Sending Access-Accept of id 1 to 192.168.1.1:1224 > Finished request 1 > > > You will note that from our original post our password was "test". > > Any ideas?
Well, according to the README you should be using Exec-Program-Wait, not Exec-Program. Then your script must simply return with a non-zero return code if his password is wrong and the user will be denied access. For your convenience, here's the relevant section of the README file that accompanies FreeRADIUS: The output from Exec-Program-Wait is parsed by the radius server. If it looks like Attribute/Value pairs, they are decoded and added to the reply sent to the NAS. This way, you can for example set Session-Timeout. If Exec-Program-Wait returns a non-zero exit status, access will be denied to the user. With a zero-exit status, access is granted. Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche - Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html