Re: External authentication ?

Torbjorn Tornkvist Wed, 25 Sep 2002 23:19:49 -0700

>   Yes.  But you can also do:
> 
> bob   Auth-Type := Accept
>       Exec-Program-Wait ....
> 
> 
>  If the program does: exit(1), then the authentication fails.

I did try that too and it didn't work. Look, here is an
excerpt from my users file:
------
tobbe Auth-Type := Accept                                                       
        Exec-Program-Wait = "/home/tobbe/junk/radius_auth.sh %u"                
------

And here is my shell script: radius_auth.sh
------
#!/bin/sh

echo "$*" > /tmp/args_from_radiusd.data
printenv >> /tmp/args_from_radiusd.data

## 0=GRANTED  ,  0<REJECTED
#exit 1
exit 0
------

The file /tmp/args_from_radiusd.data is being created alright
but the authentication fails, and this is what radiusd says:
---------------------------------------------------------------
rad_recv: Access-Request packet from host 192.168.128.51:33074, id=1, length=51
        User-Name = "tobbe"
        NAS-IP-Address = 192.168.128.51
        User-Password = "\266\274\220/l\220\372:\254\023h\002\376rF?"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
    rlm_realm: Looking up realm NULL for User-Name = "tobbe"
    rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
    users: Matched tobbe at 152
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Accept
  rad_check_password: Auth-Type = Accept, accepting the user
radius_xlat:  '/home/tobbe/junk/radius_auth.sh tobbe'
Exec-Program: /home/tobbe/junk/radius_auth.sh tobbe
Exec-Program: Abnormal child exit
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rl_next:  returning NULL
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 1 to 192.168.128.51:33074
        Reply-Message = "\r\nAccess denied (external check failed)."
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 3d92a7df
Nothing to do.  Sleeping until we see a request.
---------------------------------------------------------------

I'm not sure what I'm doing wrong, so any help would be
much appreciated. I'm running FreeRadius 0.7.1 on a RH-7.3
machine.

Cheers /Tobbe


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: External authentication ?

Reply via email to
