Dear Dmitry Koval,
You messed up 2 things: 'authorize' and 'authenticate'. In terms of
FreeRADIUS you want to 'authorize' with external program. That is you
wanna call external program to add Password attribute to configure list.
Please read doc/aaa.txt
--Saturday, August 30, 2003, 9:51:01 PM, you wrote to [EMAIL PROTECTED]:
DK> Hi everyone.
DK> My problem is following:
DK> I'm using freeradius 0.9.0.
DK> I need to authenticate users by mschap v2.
DK> The database is a quite sophisticated one in an Oracle.
DK> So I want to authenticate by external script using Exec-Program-Wait.
DK> With pap and chap it goes well, but with mschap it fails with an error:
DK> auth: type "MS-CHAP"
DK> modcall: entering group Auth-Type
DK> rlm_mschap: No User-Password configured. Cannot create LM-Password.
DK> rlm_mschap: No User-Password configured. Cannot create NT-Password.
DK> rlm_mschap: No LM-Password or NT-Password attribute found. Cannot
DK> perform MS-CHAP authentication.
DK> modcall[authenticate]: module "mschap" returns fail
DK> modcall: group Auth-Type returns fail
DK> auth: Failed to validate the user.
DK> Piece of config in users file:
DK> DEFAULT Auth-Type = Accept
DK> Service-Type = Framed-User,
DK> Exec-Program-Wait = "/usr/local/bin/billing/login",
DK> Framed-Protocol = PPP,
DK> Idle-Timeout = 900,
DK> Framed-Routing = None
DK> If I put here plaintext user and password it passes ok.
DK> In general I understand that some data (password) used by mschap core
DK> module can't be received by it, but I have no clue how to bypass this.
DK> Or how to fed it manually from my script.
DK> Is it possible at all to use mschap and Exec-Program-Wait together?
DK> I would kindly appreciate any help.
DK> Thanks.
--
~/ZARAZA
Жало мне не понадобится (С. Лем)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
