Freeradius Authentication via REST + MSCHAPv2

Question

I'm trying to configure Freeradius to make a REST call to authenticate users in the inner tunnel.

Without the REST call, I have user bob in the users file and the entry

bob    Cleartext-Password := "test"

This by itself works as expected when the test user tries to authenticate.

Now, I have configured the REST endpoint to return the json:

{
  "Cleartext-Password": "test"
}

and I have changed the config in inner-tunnel:

authorize {
  ...
  rest
  # files
  ...
}

authenticate {
  ...
  Auth-Type MS-CHAP {
    mschap
  }
  Auth-Type rest {
    rest
  }
  ...

This fails, and the relavant logs are:

2020-09-22T16:14:30.698-04:00   (7) rest: Status : 200 (OK)
2020-09-22T16:14:30.698-04:00   (7) rest: Type : json (application/json)
2020-09-22T16:14:30.698-04:00   (7) rest: Parsing attribute "Cleartext-Password"
2020-09-22T16:14:30.698-04:00   (7) rest: EXPAND test
2020-09-22T16:14:30.698-04:00   (7) rest: --> test
2020-09-22T16:14:30.698-04:00   (7) rest: Cleartext-Password := "test"
2020-09-22T16:14:30.703-04:00   (7) [rest] = updated
2020-09-22T16:14:30.703-04:00   (7) [expiration] = noop
2020-09-22T16:14:30.703-04:00   (7) [logintime] = noop
2020-09-22T16:14:30.703-04:00   (7) [pap] = noop
2020-09-22T16:14:30.703-04:00   (7) } # authorize = updated
2020-09-22T16:14:30.703-04:00   (7) Found Auth-Type = mschap
2020-09-22T16:14:30.703-04:00   (7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
2020-09-22T16:14:30.703-04:00   (7) authenticate {
2020-09-22T16:14:30.703-04:00   (7) mschap: WARNING: No Cleartext-Password configured. Cannot create NT-Password

I'm sure what I'm missing here is quite simple, but I'm a radius noob and this is as far as I've managed to get by fiddling around.

Freeradius Authentication via REST + MSCHAPv2

Answers (1)

Related Questions