Many times I wanted a simple script to check a users
password or to see if a radius server is working.
The output of radclient and radtest need to be parsed to
figure out what you want to know.
The script I put together provides output on stdout
for simple command line use, and also uses exit codes
so it can easily be used in shell scripts.
---radauth---
#!/bin/sh
#
# radauth
#
# Created by Guy Fraser on Jan 18 2005.
#
# This program is a quick and simple tool used to verify the
# authentication of a user on a radius server.
#
# This program requires four options ;
# 1) radius server
# 2) radius secret for the sending machine and radius server
# 3) username with realm if required
# 4) password
#
# There are three possible responces ;
# 1) If all options are presesnt and correct :
# "yes" sent to stdout and exit status is 0 {true}.
# 2) If all options are presesnt but something is incorrect :
# "no" is sent to stdout and exit status is 1 {false}.
# 3) If all options are not present :
# Usage message is displayed.
#
PREFIX=/usr/local
EXEC_PREFIX=${PREFIX}
BINDIR=${EXEC_PREFIX}/bin
ECHO=/bin/echo
RADCLIENT=$BINDIR/radclient
AWK=/usr/bin/awk
TEST=/bin/test
usage () {
$ECHO "" >&2
$ECHO "Authenticate a user on an authorized radius server." >&2
$ECHO "" >&2
$ECHO "Usage:" >&2
$ECHO " radauth radius-server[:port] secret user passwd" >&2
$ECHO "" >&2
exit 1
}
if [ $# -ne 4 ]
then
usage
fi
SERVER=$1
SECRET=$2
UNAME=$3
PASS=$4
RES=`$ECHO "User-Name=\"$UNAME\",User-Password=\"$PASS\"" \
| $RADCLIENT -q -s $SERVER auth $SECRET 2>&1 \
| $AWK '/Total approved auths/ {print $4}'`
if $TEST $RES = 1 2>/dev/null
then {
$ECHO yes
exit 0
} else {
$ECHO no
exit 1
}
fi
---radauth---
Command line use :
------------------
--everything correct--
$ radauth 127.0.0.1 testing123 [EMAIL PROTECTED] wilma
yes
--passord is wrong--
$ radauth 127.0.0.1 testing123 [EMAIL PROTECTED] wilm
no
--secret is wrong--
$ radauth 127.0.0.1 testing12 [EMAIL PROTECTED] wilma
no
Shell script use :
------------------
--everything correct--
$ if radauth 127.0.0.1 testing123 [EMAIL PROTECTED] wilma \
>/dev/null 2>&1
then echo Bonus
else echo Busted
fi
--output--
Bonus
--passord is wrong--
$ if radauth 127.0.0.1 testing123 [EMAIL PROTECTED] wilm \
>/dev/null 2>&1
then echo Bonus
else echo Busted
fi
--output--
Busted
--secret is wrong--
$ if radauth 127.0.0.1 testing12 [EMAIL PROTECTED] wilma \
>/dev/null 2>&1
then echo Bonus
else echo Busted
fi
--output--
Busted
---
Feel free to use this or add it to the CVS tree.
Have a nice day
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
