Since i was just in the making of some hooks using DBI I took some time to copy paste something that could be something towards the thing you wanted? This is just an example so don't take it to serious..
I also don't think you should do it as post_auth hook but a authorize hook so Don't forget to add module = /etc/freeradius/myscript.pl and uncomment #func_authorize = authorize ANDS/OR #func_post_auth = post_auth in modules/perl And add perl and sql tp your default vi sites-enabled/default authorize { preprocess perl ## <--- auth_log sql ## <--- expiration logintime } ## Example myscript.pl script ## #!/usr/bin/perl use strict; use warnings; use diagnostics; use DBI; use Data::Dumper; ### Radius HASH Tables ### our (%RAD_REQUEST, %RAD_REPLY, %RAD_CHECK); use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */ use constant RLM_MODULE_FAIL=> 1;# /* module failed, don't reply */ use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */ use constant RLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */ use constant RLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */ use constant RLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */ use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found */ use constant RLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */ use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */ use constant RLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */ sub authorize{ ################################ ### DB Connection variables ### ################################ our ($driver) = "mysql"; our ($user) = "dbuser"; our ($pw) = "mypassword"; our ($database) = "radius"; our ($host) = "localhost:3306"; our $dsn = "DBI:$driver:$database:$host"; ## For good manners you should add something here that only makes the db connect if code eq "Access-Request" or something something... our $dbh = DBI->connect ($dsn, $user, $pw, { RaiseError => 1 }); our $sth; ### Other variables ### my $NAS_IP_ADDRESS = $RAD_REQUEST{'NAS-IP-Address'}; my $CALLING_STATION_ID = $RAD_REQUEST{'Calling-Station-Id'}; my $NAS_PORT_ID = $RAD_REQUEST{'NAS-Port-Id'}; my $USER_NAME = $RAD_REQUEST{'User-Name'}; my $MAC = $RAD_REQUEST{'some-Client-Hardware-Addr'}; my $VENDOR_ID = $RAD_REQUEST{'some-DHCP-Vendor-Class-Id'}; if (!$VENDOR_ID) { $RAD_REQUEST{'some-DHCP-Vendor-Class-Id'} = "NO_VENDOR_ID"; } ### ETC ETC... $sth = $dbh->prepare("SELECT vlan FROM my_vlan_table WHERE NAS_IP_ADDRESS = '$NAS_IP_ADDRESS' AND CALLING_STATION_ID = '$CALLING_STATION_ID'"); ## <-- Or something. $sth->execute (); my $VLAN = $sth->fetchrow_array(); $sth->finish (); if (!$VLAN) { ### SOmething something ### Or maybe a default account.. $RAD_REQUEST{'User-Name'} = "my_default_user_account"; $RAD_REPLY{'Auth-Type'} = "Accept"; $RAD_REPLY{'User-Name'} = "$USER_NAME"; $RAD_REPLY{'needed-reply-attribute-Subsc-ID-Str'} = "$MAC"; $RAD_REPLY{'needed-reply-attribute-Subsc-Prof-Str'} = "direct_access"; $RAD_REPLY{'needed-reply-attribute-SLA-Prof-Str'} = "150-BB-10-10"; ### ETC ETC... } else { $RAD_REPLY{'vlan-id-attribute-to-send-back'} = "$VLAN"; $RAD_REPLY{'Auth-Type'} = "Accept"; $RAD_REPLY{'User-Name'} = "$USER_NAME"; $RAD_REPLY{'needed-reply-attribute-Subsc-ID-Str'} = "$MAC"; $RAD_REPLY{'needed-reply-attribute-Subsc-Prof-Str'} = "direct_access"; $RAD_REPLY{'needed-reply-attribute-SLA-Prof-Str'} = "150-BB-10-10"; } $dbh->disconnect (); return RLM_MODULE_OK; } -----Ursprungligt meddelande----- Från: freeradius-users-bounces+alexander.silverohrt=itux...@lists.freeradius.org [mailto:freeradius-users-bounces+alexander.silverohrt=itux...@lists.freeradius.org] För Alex Sharaz Skickat: den 8 april 2013 13:37 Till: FreeRadius users mailing list Ämne: perl examples Hi, There don't seem to be many examples relating to using perl to access remote databases.... in fact there don't seem to be many perl examples at all. Got example.pl configured a wee bit and running on test server but could do with a better db related example. Unfortunately my perl skills aren't ts good as they could be. In post-auth I want to extract the nas-ip address and calling station-id of the client device open a db connection and perform a query that'll let me decide what vlan-id to send back in the access-accept packet write radius attributes into the access-accept reply Anyone got some form of template I could use for the above? Rgds Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ********* DISCLAIMER ********* This message and any attachment are confidential and may be privileged or otherwise protected from disclosure and may include proprietary information. If you are not the intended recipient, please telephone or email the sender and delete this message and any attachment from your system. If you are not the intended recipient you must not copy this message or attachment or disclose the contents to any other person - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html