Travis Dimmig wrote: > I have a problem scenario where I need to be able to handle the > authentication of users myself. I am looking into using either rlm_perl > or (preferably) rlm_jradius to be able to write my own piece to do > authentication.
Or just an external program. > I believe this is possible with either module (please > correct me if I’m wrong on that, it would stop me in my tracks). What I > need to know is if when writing my own authenticator there is a terribly > complicated process of requests and responses that I have to honor in > order to make the supplicant happy, No. Just use your program in the "inner-tunnel" virtual server. FreeRADIUS takes care of all of the EAP requests and responses. > As a test case, > I wrote a Java class for rlm_jradius that just replaced reject packets > with accept packets, to see if it would work. It won't work. A reject is a reject. > That was long winded, here is a summary of my questions. Can I write my > own piece to do authentication? You can write your own code to check names && passwords, yes. > Where in the freeRadius process do I list that listener? In the "authenticate" section. See the examples on deployingradius.com related to Active Directory. There's an example of using the "exec" module. Follow that for your program. > Is there a series of requests and responses that I > have to honor? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
