Alan,
Thanks for your answer.
Can you point me to a document or website where the following mechanism
is described well ?
ie MSCHAPv2 Radius Client -> Freeradius does the MSCHAPv2 challenge ? ->
auth is delegated to external script receiving attributes like username
and password in clear -> external script gives the auth ok answer ->
Freeradius gives the auth accepted answer to the MSCHAPv2 Radius client.
The part I don't understand is how does this MSCHAPv2 auth work in
Freeradius, and how the external script could get the attributes when
the MSCHAPv2 challenge password is encrypted ? Does it mean that I have
to implement the MSCHAPv2 challenge auth by myself, entirely in the
external script ?
Concerning the cleartext password;
In your previous message, you say : "get it from somewhere" but I can'
figure out how...
Thanks a lot
Best regards
Fab
Alan DeKok wrote :
Fabiano wrote:
Hello,
Does anyone know where I can find some information on how to use the
following in freeradius ?
I have an external shell script which awaits arguments (username, clear
password, and other arguments) and returns an answer for validation.
The problem is that I cannot find any lead on how to do this while using
MSCHAPv2...
$ man unlang
Then, run the script in the post-auth section.
And I am not sure how to do this with Exec-Program-Wait.
Is this possible without rewriting the module in C ?
Is there any way to have the cleartext password sent to the external
script ?
Sure. Get it from somewhere, and then send it to the script.
Alan DeKok.
-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
