On 28/01/11 15:54, McCann, Brian wrote:
Hi all. I hate to be a pest…but I cannot find anything really on what
I’m trying to do.
My setup is a wireless AP (running OpenWRT) using WPA2 – 802.1x
authentication, to Freeradius.
I’m trying to use a Python program as an “external authenticator”, so I
can check various things with the username and password in my already
existing authentication schemes. I thought this would be easy…I was
wrong. Through some trial and error, I’ve determined that the Python app
needs to return “Cleartext-Password” with “some value”…that value is
unclear to me since I’ve returned anything and it takes it.
Cleartext-Password needs to be added to the "config" items of the
request. I haven't used rlm_python but I think that looks like this:
reply_items = tuple()
config_items = tuple(
('Cleartext-Password', 'password'),
('Auth-Type', 'python'),
)
return (radiusd.RLM_MODULE_OK, reply_items, config_items)
Your current code is returning it in the reply items I think.
It's not clear to me that setting Auth-Type is what you want; it'll mean
the Python module is then called for the authentication phase, which if
you're doing EAP is probably not what you want? It should just be
sufficient to return the cleartext-password in the config items, and let
FreeRadius handle the auth.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
