--- Kenneth Penza <[EMAIL PROTECTED]> wrote: > People, > > How can I make the RADIUS server check that two > conditions, the result of the authentication against > MySQL (already working) and on the exit status of an > executable (the executable that sets the exit status > depending on the outcomes of the check). I want the > authentication to success if both tests are > successful > otherwise I want it to fail. > > > Regards > Kenneth > > > > > ____________________________________________________________________________________ > Bored stiff? Loosen up... > Download and play hundreds of games for free on > Yahoo! Games. > http://games.yahoo.com/games/front > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
I am trying to get user authenticated against a shell script. I have added the following configuration to freeradius: under the modules section i have added exec myauth { wait = yes program = "/etc/raddb/myscripts/auth.sh %{User-Name}" input_pairs = request output_pairs = reply packet_type = Access-Request } and under the authorize section I have added myauth The contents of the script: [EMAIL PROTECTED] raddb]# cat /etc/raddb/myscripts/auth.sh #!/bin/bash echo $1 >> /tmp/myauth.out exit 0 [EMAIL PROTECTED] raddb]# On restarting the server,and attempting to connect to the radius server I get [EMAIL PROTECTED] ~]# echo "User-Name=user1,User-Password=pass1" |radclient -x localhost:1812 auth testing123 Sending Access-Request of id 244 to 127.0.0.1:1812 User-Name = "user1" User-Password = "pass1" rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=244, length=20 [EMAIL PROTECTED] ~]# and in the session from I have started he radius server using /usr/sbin/radiusd -X -A I get: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32772, id=244, length=45 User-Name = "user1" User-Password = "pass1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 radius_xlat: '/etc/raddb/myscripts/auth.sh user1' Exec-Program: /etc/raddb/myscripts/auth.sh user1 Exec-Program output: Exec-Program: returned: 0 modcall[authorize]: module "myauth" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [user1/pass1] (from client localhost port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 244 to 127.0.0.1:32772 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 244 with timestamp 45fd3d21 Nothing to do. Sleeping until we see a request. I am missing some configuration? Thanks in advance for you help Kenneth ____________________________________________________________________________________ It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html