Hi everyone, I am trying to accomplish a very simple task using RADIUS as an authentication proxy. All I need it to do is use the username/password combo sent in, run a perl script to validate those credentials and return a pass or fail. I have my perl script setup to return all the right codes as the radiusd.conf specifies. ( < 0 : fail, 0 : ok , etc...)
I have added the following changes to the radiusd.conf file, everything else is as it is out of the box. authorize { preprocess exec } authenticate { Auth-Type Exec { exec } } In the modules section I added my program name / perl script (the location is just a temp thing to get this going): exec { program = "/usr/bin/authenticate.pl" wait = yes input_pairs = request output_pairs = reply } When i run radtest, this is what I see in the logs User-Name = "tkid" User-Password = "hlsearch" NAS-IP-Address = 127.0.0.1 NAS-Port = 1645 +- entering group authorize ++[preprocess] returns ok Exec-Program output: Error: Password check passed Exec-Program: returned: 0 ++[exec] returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [tkid/hlsearch] (from client localhost port 1645) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> tkid attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 149 with timestamp +10 Ready to process requests. In essence, all I want is authentication and not authorization. How do I accomplish that here? Thanks for your help in advance. Thanks, -- Tauseef - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html