ConfD User Community

No username/password argument with External Authentication [Solved]


#1

I have setup a basic NCS (version 4.5.1) server and would like to use External Authentication to Radius. The scripts are ready, but the problem is that the username/password seem not to be provided to the authentication script.

Some more details;
In /etc/ncs/ncs.conf;

<external-authentication>
  <enabled>true</enabled>
  <executable>/usr/local/bin/nso-radius-auth.py</executable>
</external-authentication>

Testscript;

#!/usr/bin/python3.6
import os
import sys

fo = open("/tmp/foo.txt", “w”)
fo.write( “Arguments:\n”)
fo.write(’\n’.join(sys.argv[0:]))
fo.close()

print(“accept ncsadmin ncsoper 9999 9999 /tmp”);

Login works, because of the last line. However after doing;

otter@sambal:~$ ssh tailf@nso-01-tst -p 2024
tailf@nso-01-tst’s password:

tailf connected from 10.10.77.7 using ssh on nso-01-tst

in /tmp/foo.txt the output is as follows;

[root@nso-01-tst ncs]# cat /tmp/foo.txt
Arguments:
/usr/local/bin/nso-radius-auth.py

So, without the username and password, there is no method to do the Radius check within the script.

Is there anyone that can provide me with a hint what I’m doing wrong?


#2

I found the cause of the problem. The username/password are not provided as ARGVs, but they are provided on STDIN.

The executable will receive the username and the clear text password on its standard input in the format “[${USER};${PASS};]\n”.

Problem fixed.