custom script for access

[d.tom.schmitt at L-3com.com]

I am new to using freeRADIUS.

I tried to post a similar message on the 26th of October but got no
responses - thought maybe I messed it up as my first posting.

 

I can create a flat-file and have get successful access using radtest. 

 

I have a CentOS 5.2  system running freeRADIUS version 1.1.3.

Soon to be upgraded to 5.3.

 

I need to setup an account on the freeRADIUS server that can be accessed
by another system as a radius server - not the problem.

 

I then need to have freeRADIUS call a bash shell (or Perl) script that
checks additional credentials before allowing or rejecting  the user's
access.

This check can take a multiple seconds to complete so I don't want the
original radius request to timeout (not sure if it will though).

 

Think of it as taking the time to have someone lookup and enter a
PIN+TOKEN string but after the fact.

 

A very simple example would be:

I need to have freeradius verify the passed login/password.  

    (In this case, the password may not be needed to verify access as
the script would do the actual validation.  Not sure if this is even
possible.)

Then have freeradius call the script either on the same or another
server.

Depending upon the outcome determined by the script - either allow or
deny the user access.

So even if the login/password were correct, the account could be denied
from another source.

An easy script for testing could be as simple as: 

                If the minute is EVEN = allow in and say an appropriate
message

                If the minute is ODD   = do not allow access and say an
appropriate message

 

I have read most of the .conf files but am still confused about proxy,
etc.  

Is there a HOW-TO that shows a simple script example?

 

Thanks,

 

Tom Schmitt

Senior IT Staff - R&D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091028/81290ea2/attachment.html>