On Mar 19, 2008, at 11:34, T Kid82 wrote:
You have put significant effort into butchering the default
configuration. Why?
I got this from the comments in exec-program-wait (which has been
deprecated) where it explains how to use rlm_exec. It says,
"An entry for the module 'rlm_exec' must be added to the file
'radiusd.conf' with the path of the script."
authorize {
...
exec
...
}
I also added
exec {
program = "/usr/local/etc/raddb/authenticate"
wait = yes
input_pairs = request
output_pairs = reply
}
to my radiusd.conf which is also from the comments in exec-program-
wait
Why would this let all users through?
I thought that since I am always returning 3 to the server, that this
would let all users pass through.
you didn't set Auth-Type
Where do I set the Auth-Type. Can you provide a sample code snippet on
how to do this? Or perhaps a link to the doc.
If you think this isn't necessary, then you need to spend more time
understanding how the server works.
I dont know either way. Thats why I decided to mail the list. I have
looked through quite a bit of documentation but I didnt find much on
this particular module
Its not obvious what you are really trying to accomplish. However, I
suspect you would like to use your own special criteria for
determining if access should be permitted. rlm_exec is a very
inefficent way to do that. You can make it work, but it will require
extensive forks and perform rather poorly. rlm_perl works a whole lot
better. However, if you are really concerned about performance, you
should consider rolling your own module. There is an example of how
to do that in the wiki. That will give you the best performance as
you will not incur the perl overhead either.
There is a really big difference between authorization and
authentication modules. Creating an authorization module is probably
all you need to do. Authentication modules require much more than
just including them in the list of authentication modules. I
understand that you also might have to modify the base radiusd code
for them in addition to creating a module that requires some very
special structuring. Freeradius separates the concepts of
authentication from authorization to relieve you of the details of
some of the very complex authentication schemes. Generally all you
need to deal with is authorization. If you use the default
authentication setup, radiusd will figure out which method to use and
take care of it.
If you are going to make major mods to the configuration, you will
need to start reading the source code. There just isn't that much
documented beyond that.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
