802.1x post Authentication and Authorization user processing

Nelson Freire do Vale nf-vale at critical-links.com
Tue Mar 20 15:21:25 CET 2007


Hi Alan,

Thanks for your quick answer. I added the following lines to the "exec"
module:
exec {
	wait = yes
	input_pairs = request
	program = `${raddbdir}/teste.sh %{username} %i`
}

The "wait" and "input_pairs" were already there. What do they mean?


my raddb/teste.sh script is as follows:

#!/bin/bash
echo "Username: $1"
echo "MAC: $2"
exit 0

The debug from radius is as follows:

...
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 8
radius_xlat:  '/etc/raddb/teste.sh userx 00-20-xx-xx-xx-xx'
Exec-Program: /etc/raddb/teste.sh userx 00-20-xx-xx-xx-xx
Exec-Program output: Username: userx MAC: 00-20-xx-xx-xx-xx
Exec-Program-Wait: plaintext: Username: userx MAC: 00-20-xx-xx-xx-xx
Exec-Program: returned: 0
	modcall[post_auth]: module "exec" returns ok for request 18
...

So far so good...

It's this the best approach? Are any issues involved with this kind of
approach?


Thank you for your time

Ter, 2007-03-20 às 12:34 +0100, Alan DeKok escreveu:
> Nelson Freire do Vale wrote:
> > - After the authentication and authorization process succeeds I need to
> > pass the authenticated/authorized username and mac address to my
> > firewall system in order to "authenticate" the client in my firewall.
> 
>   See the "post-auth" section.  You can use the "exec" module to run
> arbitrary scripts once the user has been authenticated.
> 
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- 
Nelson Vale
Test Engineer

Critical Links, S.A.
Parque Industrial de Taveiro, Lote 48
3045-504 Coimbra
PORTUGAL

Tel: +351.239989100
Fax: +351.239989119
Web: www.critical-links.com/
Email: nf-vale at critical-links.com






More information about the Freeradius-Devel mailing list