On Wed, 2004-05-05 at 13:13, Alan DeKok wrote:
> > Now one more question: is there any way to get FreeRadius to look at the
> > NIS information, directly or indirectly?
>
> NIS supplies a lot of information. Are you looking to have it read
> group information from NIS? If so, there's no built-in way to do it.
>
> You can, however, run an external shell script to do it. See the
> "groups" command. Run the groups command from a shell script(see
> scripts/exec-program-wait), and turn the output into a list of "Class
> += group" attributes. The server will do the rest.
Brilliant, now we're talkin'!
I added the following Exec-Program-Wait to the raddb/users file:
DEFAULT Auth-Type = System
Exec-Program-Wait = "/usr/local/System/bin/nis-group-list.sh",
Fall-Through = 1
And the nis-group-list.sh script is:
#!/bin/bash
export UN=`echo $USER_NAME|tr -d \"`
for FF in `/usr/bin/groups $UN | cut -d":" -f2`
do
echo "Class += \"$FF\","
done
echo Framed-IP-Address = 255.255.255.255
exit 0
One strange side-effect was encountered that the export line is used to
overcome. The environment variable $USER_NAME includes quotes around the
name (e.g., if the username is 'joe' the string translates literally as
"joe" including the quotes). 'groups' takes the quotes literally and
errors (cuz the user "joe" doesn't exist, only joe does). So I strip the
quotes. No biggie.
Thanks again for the help! I wouldn't have found the script example
without you as it appears RedHat/Fedora doesn't include them in the
install, only with the source.
--
John Duino <[EMAIL PROTECTED]>
National Engineering Technology
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
