Re: [rad] Re: Problem with external authentication script

Thu, 18 Jun 2009 14:22:56 -0700 

Hello to all.
Try moving the user1 line before the DEFAULT (and reverse the 'fall through' specifications).... 

Thank you Charles for your advice.
But the problem in this case is: If I move the user-lines before
DEFAULT, freeradius tries to authenticate with any other Auth-Method,
exept MOTP.

[...]
rad_recv: Access-Request packet from host 192,168.82.41 port 33260,
id=216, length=58
        User-Name = "user1"
        User-Password = "aa8809"
        NAS-IP-Address = 192,168.82.41
        NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "user1", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
    users: Matched entry user1 at line 2
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
auth: type Crypt
auth: Failed to validate the user.
Login incorrect: [user1/aa8809] (from client 192,168.82.41 port 0)
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> user1
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
[...]

So, it seems that I have to use the DEFAULT-line at first to use MOTP as
the default Auth-Type.

But now some new good news: After changing the module configuration in
radiusd.conf to

exec motp {
  wait = yes
  program = "/usr/local/bin/otpverify.sh %{User-Name} %{User-Password}
%{control:Secret} %{control:PIN} %{control:Offset}"
  input_pairs = request
  output_pairs = config
}

...tested with radtest, everything works fine (thank you, Ivan) :-)

auth: type "MOTP"
+- entering group MOTP
        expand: %{User-Name} -> user1
        expand: %{User-Password} -> eaec5f
        expand: %{control:Secret} -> 143a5c6fa125ac1f
        expand: %{control:PIN} -> 1234
        expand: %{control:Offset} -> 0
Exec-Program output: ACCEPT
Exec-Program-Wait: plaintext: ACCEPT
Exec-Program: returned: 0
++[motp] returns ok



What a nice adventure...


Now, I have another problem with mod_auth_radius. But this is another 
story.


Best regards,
Stefan

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
























					Reply via email to