'Re: module fails parsing output, expecting operator'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: module fails parsing output, expecting operator
From:       Richard Green <richard.green () unsw ! edu ! au>
Date:       2020-01-29 4:24:56
Message-ID: SYCPR01MB33261EAA886D17C03C9AF380B70A0 () SYCPR01MB3326 ! ausprd01 ! prod ! outlook ! com
[Download RAW message or body]

Hi Matthew

You are correct with regards to the use of the script /usr/local/bin/multiotp.php \
being used in both the authenticate and authorize sections, and that script returning \
a value which, when parsed by FreeRADIUS 3, resulted in an an error.

To work around this issue, I was able to write wrapper scripts to parse the output of \
/usr/local/bin/multiotp.php, so they only return one output pair.

Thank you for your help :)

-Richard

________________________________
From: Freeradius-Users \
<freeradius-users-bounces+richard.green=unsw.edu.au@lists.freeradius.org> on behalf \
                of Matthew Newton <mcn@freeradius.org>
Sent: Monday, 27 January 2020 9:54 PM
To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Subject: Re: module fails parsing output, expecting operator

On Mon, 2020-01-27 at 09:38 +0000, Richard Green wrote:
> I am seeking help with an error parsing the output from an external
> exec program with FreeRADIUS 3 (a similar configuration, albeit some
> file movements for the updated config, worked without a problem with
> FreeRADIUS 2). The external exec program
> (/usr/local/bin/multiotp.php) seem to return a valid response

It's returning

  Filter-Id += "Erica-Users",NT_KEY: EBEEE229885004ACEA55894DFDC1272D

that's not a valid response, at least not from the ',' onwards.

> (which is the same as for the working configuration for version 2),
> however FreeRADIUS 3 reports a parsing error at this point.

It wasn't a valid response in v2, either. I suspect the code may have
been a bit more lax in what it was willing to accept.

The external script needs to be fixed to return valid output pairs.

However, it looks like it's also being used to run ntlm_auth. Therefore
I'd hazard a guess that it needs to be passed an argument to return
either the output pairs (Filter-Id += "Erica-Users") or the NT key
(NT_KEY: EBEEE22...) depending on whether it's called from 'exec' or
from 'mschap', as they expect to see different formats.

--
Matthew


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic