The difficult part was to figure out right config syntax, the only one worked below:
auth-user-pass-verify "C:/Python27/python.exe user-auth.py" via-env
The most surprising thing was: OpenVPN cannot run python (or vbs) script without crouches!
user-auth.py
Code: Select all
#!/usr/bin/python
import os
import sys
import socket
import pyrad.packet
from pyrad.client import Client
from pyrad.dictionary import Dictionary
srv=Client(server="server_ip", secret="some_s3cret", dict=Dictionary("dictionary"))
req=srv.CreateAuthPacket(code=pyrad.packet.AccessRequest, User_Name=os.environ.get('username'))
req["User-Password"]=req.PwCrypt(os.environ.get('password'))
try:
reply=srv.SendPacket(req)
except pyrad.client.Timeout:
print "RADIUS server does not reply"
sys.exit(1)
except socket.error, error:
print "Network error: " + error[1]
sys.exit(1)
if reply.code==pyrad.packet.AccessAccept:
print "access accepted"
sys.exit(0)
else:
print "access denied"
sys.exit(1)