I'm trying to use an external php script to authenticate users connecting to an Access Point. Protocol used is EAP-TTLS with PAP as inner authentication protocol.
The relevant parts of config file i use is: ********** radiusd.conf ************* modules { pap { auto_header = yes } exec test { wait = yes program = "/usr/local/bin/php -f /etc/raddb/radiusaccess.php" input_pairs = request output_pairs = reply } } authorize { preprocess suffix eap pap } authenticate { Auth-Type PAP { test } eap } ************* END radiusd.conf ********** When i try to connect the TTLS comunication seems to work fine but this is the relevan ouput of radiusd -X at the final steps ************ radiusd -X ***************** Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = "testa" User-Password = "testb" FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "testa" User-Password = "testb" FreeRADIUS-Proxied-To = 127.0.0.1 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Id = "wlan1" Calling-Station-Id = "00-13-49-71-85-68" Called-Station-Id = "00-80-48-47-6B-E1:comune_segrate_milano_oltre" NAS-Identifier = "AP2" NAS-IP-Address = 192.168.11.168 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 rlm_realm: No '@' in User-Name = "testa", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 9 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 9 modcall: leaving group authorize (returns ok) for request 9 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. TTLS: Got tunneled reply RADIUS code 3 TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 9 modcall: leaving group authenticate (returns invalid) for request 9 auth: Failed to validate the user. Delaying request 9 for 1 seconds Finished request 9 ************************ END radiusd -X ****************** As you can see there is the message: "rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 9" So the php script for pap authorization is not even executed. Maybe there is something i missed in configuration? Thanx Maccari Dario _________________________________________________________________ Discover the new Windows Vista http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html