Exec-Program-Wait w/ FreeRADIUS 2.1.3

Jeremiah Millay millay at sover.net
Tue Mar 17 19:09:03 CET 2009


I'm having trouble getting FreeRADIUS to run programs called by 
Exec-Program-Wait in the newest version of FreeRADIUS (version 2.1.3). 
I'm using a custom C script that used to work with all versions of 
FreeRADIUS prior to version 2.

I have an entry like this in the users file which is matching my 
access-requests:


DEFAULT Suffix == "@test.net", Auth-Type := Accept
        Exec-Program-Wait = "/usr/local/sbin/checkradacct 
%{Stripped-User-Name} %{Password}",
        Ascend-Data-Filter += "ip in forward tcp est",
        Ascend-Data-Filter += "ip in forward dstip 10.0.0.0/24 tcp",
        Ascend-Data-Filter += "ip in drop tcp dstport = 25",
        Ascend-Data-Filter += "ip in forward",
        Fall-Through = No



Here is my debugging output when I attempt to authenticate (doesn't 
appear to execute my program):


Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.1.1.1 port 49411, id=74, 
length=76
        User-Name = "jmillay at test.net"
        User-Password = "blah"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
        Framed-Protocol = PPP
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]      expand: 
/var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> 
/var/log/radacct/10.1.1.1/auth-detail-20090317
[auth_log] /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d 
expands to /var/log/radacct/10.1.1.1/auth-detail-20090317
[auth_log]      expand: %t -> Tue Mar 17 13:58:23 2009
++[auth_log] returns ok
[suffix] Looking up realm "test.net" for User-Name = "jmillay at test.net"
[suffix] Found realm "test.net"
[suffix] Adding Stripped-User-Name = "jmillay"
[suffix] Adding Realm = "test.net"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[files] users: Matched entry DEFAULT at line 26
[files]         expand: /usr/local/sbin/checkradacct 
%{Stripped-User-Name} %{Password} -> /usr/local/sbin/checkradacct 
jmillay blah
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [jmillay at test.net] (from client 10.1.1.1 port 0)
Sending Access-Accept of id 74 to 10.1.1.1 port 49411
        Ascend-Data-Filter += "ip in forward tcp est"
        Ascend-Data-Filter += "ip in forward dstip 10.0.0.0/24 tcp"
        Ascend-Data-Filter += "ip in drop tcp dstport = 25"
        Ascend-Data-Filter += "ip in forward 0"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 74 with timestamp +21



Any suggestions? I read in the docs that Exec-Program and 
Exec-Program-Wait are deprecated but I haven't found any clear 
documentation on how to configure rlm_exec to duplicate what I am trying 
to do.
Thanks in advance,
Jeremiah




More information about the Freeradius-Users mailing list