Running an external script
In my my inner-tunnel virtual server, authorize section, I have some code like this, for sorting users into vlans: update control { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := `/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null` } update reply { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := `/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null` } This was put together in a hurry and is pretty undesirable, as the perl script (which queries a slow database) is executed twice. Of course in any other language, one would simply save the return value of the script in a variable and reference it twice - but quoting man unlang: Note that unlike C, there is no way to declare variables. So is there a way to store the return value such that I can execute the script only once? Or how about something like: update control { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := `/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null` } update reply { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := %{control.Tunnel-Private-Group-Id} } Cheers, Jonathan Jonathan Gazeley Systems Support Specialist ResNet | Wireless VPN Team Information Services University of Bristol - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running an external script
t...@kalik.net wrote: In my my inner-tunnel virtual server, authorize section, I have some code like this, for sorting users into vlans: update control { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := `/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null` } What does that do? Nothing me thinks ;-) Thanks for your reply, Ivan. So I don't need to update control to place a user in a vlan? If I can safely remove this section, that's my problem solved - thanks. Jonathan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running an external script
Hi, Thanks for your reply, Ivan. So I don't need to update control to place a user in a vlan? If I can safely remove this section, that's my problem solved - thanks. this sort of stuff needs to go into the RADIUS REPLY. you can use eg PERL to do this, see the examples that come with the server - you need to populate $RAD_REPLY. stick 'perl' into the post_auth section of the relevant virtual host (sites-enabled/* file) and ensure that the perl module gets loaded up (radiusd -X) and ensure that the post_auth section for perl and the post_auth routine in the perl code is set. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running an external script
In my my inner-tunnel virtual server, authorize section, I have some code like this, for sorting users into vlans: update control { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := `/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null` } What does that do? Nothing me thinks ;-) update reply { Tunnel-Type := VLAN Tunnel-Medium-Type := IEEE-802 Tunnel-Private-Group-Id := `/usr/local/etc/raddb/scripts/userVlan.pl %{User-Name} 2/dev/null` } Or replace that just with: perl And crete sub authorize in your script that will populate $RAD_REPLY for those attributes. See rlm_perl wiki page or documentation included with the server. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html