Re: User authorize with Perl-Script
On Tue, Oct 30, 2012 at 02:40:35PM +0100, Oliver Werner wrote:
> I would configure my Switch-Ports Mac-Based. When a Computer
> wired a Perl-Script should check the Username and gives VLAN
> back.
You can probably do this without a perl script, however -
> exec {
> wait = yes
> program = "/usr/bin/perl /usr/local/test.pl %{User-Name}"
> input_pairs = request
> output = reply
output = config
Currently you're trying to send the cleartext password back to the
NAS...
Matthew
--
Matthew Newton, Ph.D.
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User authorize with Perl-Script
We use more then two VLANs. The PCs authorize with the MAC-Address. So i would check the Database for this MAC and read the defined VLAN. Am 30.10.2012 um 14:55 schrieb Michael Schwartzkopff : >> Hello, >> >> I'm useing FreeRADIUS in Version 2.1.10. >> >> I would configure my Switch-Ports Mac-Based. When a Computer wired a >> Perl-Script should check the Username and gives VLAN back. > > Why so complicated? > > FreeRADIUS can do this out of the box, provided the NAS (switch) can do this. > > -- > Dr. Michael Schwartzkopff > Guardinistr. 63 > 81375 München > > Tel: (0163) 172 50 98 > Fax: (089) 620 304 13 > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User authorize with Perl-Script
> Hello, > > I'm useing FreeRADIUS in Version 2.1.10. > > I would configure my Switch-Ports Mac-Based. When a Computer wired a > Perl-Script should check the Username and gives VLAN back. Why so complicated? FreeRADIUS can do this out of the box, provided the NAS (switch) can do this. -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 Fax: (089) 620 304 13 signature.asc Description: This is a digitally signed message part. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User authorize with Perl-Script
Hello,
I'm useing FreeRADIUS in Version 2.1.10.
I would configure my Switch-Ports Mac-Based. When a Computer wired a
Perl-Script should check the Username and gives VLAN back.
For a simple Test i don't have some conditions in the Script only outputs:
use strict;
use warnings;
use DBI;
### SwitchUser ###
my $pass= $ARGV[0];
print 'Access-Accept';
print 'Cleartext-Password := "'.$pass.'"';
exit 0;
my modules/exec looks here:
exec {
wait = yes
program = "/usr/bin/perl /usr/local/test.pl %{User-Name}"
input_pairs = request
output = reply
shell_escape = yes
}
and my sites-enabled/switch its this:
authorize {
exec
expiration
chap
}
authenticate {
chap
}
post-auth {
exec
}
When i wired with my PC Log Says following:
# Executing section authorize from file /etc/freeradius/sites-enabled/switchport
+- entering group authorize {...}
[php] expand: %{User-Name} -> aa:bb:cc:dd:ee:ff
Exec-Program output: Access-AcceptCleartext-Password := "aa:bb:cc:dd:ee:ff"
Exec-Program-Wait: plaintext: Access-AcceptCleartext-Password :=
"aa:bb:cc:dd:ee:ff"
Exec-Program: returned: 0
++[php] returns ok
++[expiration] returns noop
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
Found Auth-Type = CHAP
# Executing group from file /etc/freeradius/sites-enabled/switchport
+- entering group authenticate {...}
[chap] login attempt by "aa:bb:cc:dd:ee:ff" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
} # server switchport
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Anyone knows what is wrong in my Configuration?-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
