Hi All,
I've been writing some programs to have executed by the RADIUS server. At the moment, I have one called "pre-auth" and one called "post-auth".
I'm running freeradius 0.9.3 - with MySQL, under FreeBSD...
I have a user that's a member of a group called 'users'. When the user logs in, from the radreply table, I return:
Session-Timeout := 7200 Exec-Program-Wait = "/usr/local/radius/bin/pre-auth"
From the 'radgroupreply' for the group 'users' I also return:
Service-Type := Framed Framed-Protocol := PPP Exec-Program = "/usr/local/radius/bin/post-auth"
When the user logs in, 'pre-auth' get's fired fine, but 'post-auth' never appears to be invoked by the server.
If I remove the "Exec-Program-Wait" from the radreply table, then post-auth get's invoked when the user logs in.
Are the two mutually exclusive?
'pre-auth' simply outputs "Framed-IP-Address = 1.2.3.4\n", and set's a return code of zero at the moment. Is there anything else it would have to return?
It does 'work' (i.e. if pre-auth returns a code of zero, the user gets logged in - return something other than zero, and the user gets rejected).
Also, the records from the radgroupreply table are being sent out by the RADIUS server, it just seems to ignore the "Exec-Program" from the radgroupreply...
I realise that 'pre-auth' and 'post-auth' could probably be rolled into one program - but it's a lot easier for testing at the moment to have it invoke both programs.
Thanks in advance for any thoughts...
-Karl
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
