Infusino, Michael - ADP Dataphile wrote:
I am using radius to authenticate access from VPN.
Would anyone now how to record the IP address the user is assigned after
they log in.
Michael
How does a little dynamic dns strike you? Make sure to actualy read
below and attached scripts and setup a DNS key.
--------------radiusd.conf-------------
----modules section--------
exec ddns_update {
wait = no
program = "/usr/local/sbin/radius-dns-update.sh"
input_pairs = request
packet_type = Accounting-Request
shell_escape = yes
}
------------end modules----
----instantiate section-------
ddns_update
-----------end section--------
#!/bin/bash
#must setup this key!!
#man nsupdate
NSUPDATE="nsupdate -k
/etc/freeradius/keys/Kradius-dns-updates.+157+08981.private"
function usage()
{
echo "Usage: `basename $0` -u User-Name -t Hint -s Acct-Status-Type -i
Framed-IP-Address"
exit 1
}
while getopts "u:t:s:i:" opt; do
case "$opt" in
u) USER_NAME=$OPTARG;;
t) HINT=$OPTARG;;
s) ACCT_STATUS_TYPE=$OPTARG;;
i) FRAMED_IP_ADDRESS=$OPTARG;;
*) usage;;
esac;
done
HINT=`echo ${HINT} | tr -d '"'`
USER_NAME=`echo ${USER_NAME} | tr -d '"'`
ACCT_STATUS_TYPE=`echo ${ACCT_STATUS_TYPE} | tr -d '"'`
FRAMED_IP_ADDRESS=`echo ${FRAMED_IP_ADDRESS} | tr -d '"'`
if [[ "${USER_NAME}" == "" ]] ||
[[ "${HINT}" == "" ]] ||
[[ "${ACCT_STATUS_TYPE}" == "" ]] ||
[[ "${FRAMED_IP_ADDRESS}" == "" ]]; then exit 1; fi
#make sure you update below list to something that fits your setup!
case "${HINT}" in
XXX) DOMAINNAME="xxx.you.net";;
YYY) DOMAINNAME="yyy.you.net";;
*)exit 1;;
esac;
USER_NAME="[EMAIL PROTECTED]"
DNS_A_REC="${USER_NAME}.${DOMAINNAME}"
DELETE_DNS_A_REC="prereq yxdomain ${DOMAINNAME}\nupdate delete ${DNS_A_REC} A"
ADD_DNS_A_REC="update add ${DNS_A_REC} 300 in A ${FRAMED_IP_ADDRESS}"
TOUCH_DNS_A_REC="prereq nxdomain ${DNS_A_REC}\n"
case "${ACCT_STATUS_TYPE}" in
Start)
echo -e "${DELETE_DNS_A_REC}\n${ADD_DNS_A_REC}\nsend" |
$NSUPDATE
;;
Stop)
#comment below to leave logged out users in DNS
echo -e "${DELETE_DNS_A_REC}\nsend" | $NSUPDATE
;;
Alive)
#uncomment below to flood active users in during turnup
# echo -e "${TOUCH_DNS_A_REC}\n${ADD_DNS_A_REC}\nsend" | $NSUPDATE
exit 0;;
*)
exit 1;;
esac;
#!/bin/bash
STAGE2="/usr/local/sbin/radius-dns-update.s2.sh"
if [[ "${USER_NAME}" == "" ]] ||
[[ "${HINT}" == "" ]] ||
[[ "${ACCT_STATUS_TYPE}" == "" ]] ||
[[ "${FRAMED_IP_ADDRESS}" == "" ]]; then exit 0; fi
if [[ -x $STAGE2 ]]; then
$STAGE2 -u"${USER_NAME}" -t"${HINT}" -s"${ACCT_STATUS_TYPE}"
-i"${FRAMED_IP_ADDRESS}" 2>&1 >/dev/null
fi
exit 0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
