getting additional functionality, snmp or external program

Phil Mayers p.mayers at imperial.ac.uk
Sat Dec 29 13:40:30 CET 2012


On 12/29/2012 04:00 AM, Duane Cox wrote:
> I think this is possible, but wanted to make sure and ask what would be
> the best way to do this…
>
> ie. Execute an external program or create a module.
>
> I’m authenticating cable modems using freeradius with a sql database
> backend.
>
> What I want to do, is after the authentication process, query the cable
> modem using snmp (retrieving data) and store this data back into the
> already connected database.
>
> Is anyone doing such a thing?

If I've understood what you want correctly, you don't need to query 
within the auth - "post" post-auth would be fine i.e. after the 
Access-Accept was sent?

If so, my suggestion would be to do this externally to FreeRADIUS. After 
auth, write a log entry or SQL row with the auth info; then have an 
external work process (daemon or cron job) execute those queries and 
update the "connected" row.

If you do it within FreeRADIUS, you risk blocking the server if an SNMP 
query is slow or suffers packet loss / retransmit.

If you must do it within FreeRADIUS, there's a bunch of ways e.g. write 
a perl script and run it with rlm_perl. Alternatively use rlm_exec to 
run an external script, possibly with "wait = no" to avoid blocking the 
server - but the fork/exec cycle will limit your performance significantly.

Writing a module is almost certainly not the right solution.


More information about the Freeradius-Users mailing list