Running an external script
In my my inner-tunnel virtual server, authorize section, I have some
code like this, for sorting users into vlans:
update control {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id :=
`/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null`
}
update reply {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id :=
`/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null`
}
This was put together in a hurry and is pretty undesirable, as the perl
script (which queries a slow database) is executed twice. Of course in
any other language, one would simply save the return value of the script
in a variable and reference it twice - but quoting man unlang: Note
that unlike C, there is no way to declare variables.
So is there a way to store the return value such that I can execute the
script only once?
Or how about something like:
update control {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id :=
`/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null`
}
update reply {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id :=
%{control.Tunnel-Private-Group-Id}
}
Cheers,
Jonathan
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless VPN Team
Information Services
University of Bristol
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running an external script
t...@kalik.net wrote:
In my my inner-tunnel virtual server, authorize section, I have some
code like this, for sorting users into vlans:
update control {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id :=
`/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null`
}
What does that do? Nothing me thinks ;-)
Thanks for your reply, Ivan. So I don't need to update control to
place a user in a vlan? If I can safely remove this section, that's my
problem solved - thanks.
Jonathan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running an external script
Hi, Thanks for your reply, Ivan. So I don't need to update control to place a user in a vlan? If I can safely remove this section, that's my problem solved - thanks. this sort of stuff needs to go into the RADIUS REPLY. you can use eg PERL to do this, see the examples that come with the server - you need to populate $RAD_REPLY. stick 'perl' into the post_auth section of the relevant virtual host (sites-enabled/* file) and ensure that the perl module gets loaded up (radiusd -X) and ensure that the post_auth section for perl and the post_auth routine in the perl code is set. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running an external script
In my my inner-tunnel virtual server, authorize section, I have some
code like this, for sorting users into vlans:
update control {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id :=
`/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null`
}
What does that do? Nothing me thinks ;-)
update reply {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id :=
`/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null`
}
Or replace that just with:
perl
And crete sub authorize in your script that will populate $RAD_REPLY for
those attributes. See rlm_perl wiki page or documentation included with
the server.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
