Hello everyone :)
I'm having some problems with Freeradius, which I'm sure some folks here will
know how to solve. :)
Version: 2.0.4 (debian custom build to support SSL)
Objective: Upon receiving a request with a username & password (from NAS),
Freeradius should invoke an external script (PHP in this case). Script should
look-up the username/password, and based on some internal logic return an
Access-Accept or Access-Reject. In case of a Access-Accept, script should also
provide some VLAN information. Prefered method is EAP/TTLS.
I haven't been able to find much info on this subject (maybe I'm looking in
wrong place?). This is what I have so far (only the important parts):
*radiusd.conf*
exec php {
wait = yes
program = "/usr/bin/php -f myscript.php"
input_pairs = request
output_pairs = reply
}
*site-enabled/default*
authenticate {
Auth-Type TEST {
php
}
*users*
DEFAULT Auth-Type := TEST
*myscript.php* (simplified version)
<?php
$user = getenv("USER_NAME");
$password = getenv("USER_PASSWORD");
if ($user == "test" && $password == "test") {
echo "Access-Accept";
echo "Tunnel-Type = 13,"
echo "Tunnel-Medium-Type = 6,"
echo "Tunnel-Private-Group-Id = 1"
}
else
echo "Access-Reject";
?>
The echo-part in myscript.php is obviously wrongly implemented, so please help..
With the above mentioned, invoking the script works, but always returns
Access-Accepted packet (testing with radtest utility).
_________________________________________________________________
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
