Hi Craig,
Craig here too...
I am not very knacky with PERL, but I can tell you what you need to know.
1. in the file file users you will need a line like,
DEFAULT Auth-Type := Accept
Exec-Program-Wait = "/usr/local/sbin/auth -X -U -- %{User-Name}
%{User-Password} %{%{Called-Station-Id}:-Missing} %{%{NAS-IP-Address}:-Missing}
%{%{Calling-Station-Id}:-Missing} %{%{NAS-Port-Type}:-Missing}
%{Vendor-Specific}" ,
Fall-Through = no
Where /usr/local/sbin/auth is your perl authorization script.
You may either pass the authentication request parameters via command line as
in the example above, or they may be collected from environmental variables.
Note the '-' characters are replaced with '_' characters in the environmental
variable names. The -X and -U are specific to MY auth program. The '--'
denotes an end to command line switches. The Parameter substitution for some
variables ensures the word "Missing" in the event a value pair variable is not
defined. (Again just for the needs of my script.)
Beware: There is a line length limit - much longer than this and you should
use the environmental variable option to collect the parameters. The example
above EVOLVED form ancient radius software. I'd likely drop the command line
parameters entirely if I was writing it fresh today.
2. The auth script MUST return a return code == 0 (zero) for success. Non zero
and authentication is denied.
3. stdout from the auth script should be any value pairs you wish returned to
the NAS. (From memory) these value pairs need to be comma,' separated.
Returning an INVALID value pair for the NAS results in NO value pairs being
returned and the stdout becomes a log message as I recall - very misleading. I
suggest you test by adding 1 value pair at a time to the successful logins.
There's my 5 minute memory dump.
Hope it helps,
-craig
----- Original Message -----
From: Craig Smith
To: freeradius-users@lists.freeradius.org
Sent: Monday, March 21, 2011 8:14 AM
Subject: $75.00 USD Bounty
Good Morning!
I will pay $75.00 USD (via PayPal) to the first person who can send me the
documentation and working configuration files for external authentication using
a PHP script.
Thanks,
Craig
------------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________ Information from ESET Smart Security, version of virus signature
database 5970 (20110321) __________
The message was checked by ESET Smart Security.
http://www.eset.com
--------------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________ Information from ESET Smart Security, version of virus signature
database 5970 (20110321) __________
The message was checked by ESET Smart Security.
http://www.eset.com
__________ Information from ESET Smart Security, version of virus signature
database 5970 (20110321) __________
The message was checked by ESET Smart Security.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
