I'm trying to configure Freeradius to make a REST call to authenticate users in the inner tunnel.
Without the REST call, I have user bob in the users file and the entry
bob Cleartext-Password := "test"
This by itself works as expected when the test user tries to authenticate.
Now, I have configured the REST endpoint to return the json:
{
"Cleartext-Password": "test"
}
and I have changed the config in inner-tunnel:
authorize {
...
rest
# files
...
}
authenticate {
...
Auth-Type MS-CHAP {
mschap
}
Auth-Type rest {
rest
}
...
This fails, and the relavant logs are:
2020-09-22T16:14:30.698-04:00 (7) rest: Status : 200 (OK)
2020-09-22T16:14:30.698-04:00 (7) rest: Type : json (application/json)
2020-09-22T16:14:30.698-04:00 (7) rest: Parsing attribute "Cleartext-Password"
2020-09-22T16:14:30.698-04:00 (7) rest: EXPAND test
2020-09-22T16:14:30.698-04:00 (7) rest: --> test
2020-09-22T16:14:30.698-04:00 (7) rest: Cleartext-Password := "test"
2020-09-22T16:14:30.703-04:00 (7) [rest] = updated
2020-09-22T16:14:30.703-04:00 (7) [expiration] = noop
2020-09-22T16:14:30.703-04:00 (7) [logintime] = noop
2020-09-22T16:14:30.703-04:00 (7) [pap] = noop
2020-09-22T16:14:30.703-04:00 (7) } # authorize = updated
2020-09-22T16:14:30.703-04:00 (7) Found Auth-Type = mschap
2020-09-22T16:14:30.703-04:00 (7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
2020-09-22T16:14:30.703-04:00 (7) authenticate {
2020-09-22T16:14:30.703-04:00 (7) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password
I'm sure what I'm missing here is quite simple, but I'm a radius noob and this is as far as I've managed to get by fiddling around.
