On Thu, 19 May 2005, Thomas Boutell wrote:
> Dustin Doris wrote:
>
> > Check out exec echo in radiusd.conf. That is an example using exec to run
> > a script.
> >
> > Read variables.txt in doc/
> >
> > For your first script, make it this.
> > #!/bin/sh
> > printenv > /tmp/example
> >
> > It passes all the variables to your script as environmental variables.
> > This will show you.
>
> Okay, but how do I pass the good or bad news back to radius at the
> end of my script? Exit status? Standard output? And how would I
> hook this into authorization? A really useful example would
> be great, but if that isn't available I do at least need some
> idea of how to communicate the result of my authorization attempt
> back to Radius.
>
> --
Kind of hard to find, but its in the README
If Exec-Program-Wait returns a non-zero exit status, access will be
denied to the user. With a zero-exit status, access is granted.
This applies to exec as well.
eg:
Say you want to go through the normal process, but then make sure that
there is a Framed-IP-Address value being sent back as a reply item.
radiusd.conf
in modules section
exec testing {
wait = yes
program = "/usr/local/etc/raddb/reply.sh"
input_pairs = reply
output_pairs = reply
packet_type = Access-Accept
}
post-auth {
testing
}
reply.sh
#!/bin/sh
if [ -z $FRAMED_IP_ADDRESS ]
then
exit 1
else
exit 0
fi
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
