External accounting script help
Paul Boehmer
pboehmer at seidata.com
Tue May 12 18:23:15 CEST 2015
...And the first post is an epic fail.
Seems the code below works as advertised. As a part of troubleshooting, I had erroneously put a stray "startrad" in my
sites-enabled/default without a test condition, thus executing the script regardless of Acct-Status-Type.
That being said, am I on the right track as far as best practices?
On 05/12/15 09:22, Paul Boehmer wrote:
> First post please be gentle.
>
> Working on a migration from XtRadius 1.2.1B2 to FreeRadius 3.0.8. In my XtRadius users file, I have the following line:
>
> ------------------------------
> DEFAULT Acct-Status-Type = "Start"
> Exec-Program-Account = "/radius/scripts/startrad.sh %u %f %y %n %p"
> ------------------------------
>
> From what I understand in the documentation, I created the following the file in mods-enabled called startrad. The
> file contains:
>
> -------------------------------
> # -*- text -*-
> exec startrad {
> wait = yes
> program = "/radius/scripts/startrad.sh %{User-Name} \
> %{Framed-IP-Address} \
> %{NAS-Port-Type} \
> %{NAS-IP-Address} \
> %{NAS-Port-Id}"
>
>
> input_pairs = request
> output_pairs = reply
> packet_type = Access-Accept
> }
> ---------------------------------
>
> The shell script right now just dumps the arguments to a flat text file. I call this module in my sites-enabled/default
> config in the accounting section like so:
>
> ---------------------------------
> accounting {
> detail
> unix
> radutmp
> sradutmp
> -sql
> exec
>
> if ( "%{Acct-Status-Type}" == "Start"){
> startrad
> }
>
> }
> -----------------------------------
>
>
> From there, I execute "radius -X | tee -a log" and I see the module enabled and executed, but the result is (showing
> what I think are relevant entries):
>
> ------------------------------------
> ...
> including configuration file /radius/raddb/mods-enabled/startrad
> ...
> ...
> # Instantiating module "startrad" from file /radius/raddb/mods-enabled/startrad
> exec startrad {
> wait = yes
> program = "/radius/scripts/startrad.sh %{User-Name} %{Framed-IP-Address}
> %{NAS-Port-Type} %{NAS-IP-Address} %{NAS-Port-Id}"
> input_pairs = "request"
> output_pairs = "reply"
> shell_escape = yes
> }
> ...
> ...
> (1) User-Name = 'testuser'
> (1) Acct-Authentic = RADIUS
> ...
> ...
> (1) Acct-Status-Type = Stop
> (1) NAS-Port-Type = Virtual
> (1) NAS-Port = 16777297
> (1) Class = 0x61693a6238623938653064353564393061376235626533303763663239313737363134
> (1) Service-Type = Framed-User
> ...
> ...
> ...
> (0) if ( "%{Acct-Status-Type}" == "Start") {
> (0) EXPAND %{Acct-Status-Type}
> (0) --> Stop
> (0) if ( "%{Acct-Status-Type}" == "Start") -> FALSE
> (0) startrad: Executing: /radius/scripts/startrad.sh %{User-Name} %{Framed-IP-Address}
> %{NAS-Port-Type} %{NAS-IP-Address} %{NAS-Port-Id}:
> (0) startrad: EXPAND %{User-Name}
> (0) startrad: --> testuser
> (0) startrad: EXPAND %{Framed-IP-Address}
> (0) startrad: --> ***.***.***.238
> (0) startrad: EXPAND %{NAS-Port-Type}
> (0) startrad: --> Virtual
> (0) startrad: EXPAND %{NAS-IP-Address}
> (0) startrad: --> ***.***.***.226
> (0) startrad: EXPAND %{NAS-Port-Id}
> (0) startrad: -->
> (0) startrad: Program returned code (0) and output ''
> (0) startrad: Program executed successfully
> (0) [startrad] = ok
> (0) } # accounting = ok
> ...
> ...
> -------------------------------------
>
> So, despite the if/then statement being false, the startrad module is still being executed.
>
> I've seen numerous postings on similar question, but any answers I did find are several years old. Am I correct in
> moving the script to a module and sites-enabled/default files from the mods-config/files/authorize (aka users)?
>
> Please advise.
> Thanks.
>
--
Paul Boehmer
SEI Data, Inc
pboehmer at seidata.com
888-200-4392
More information about the Freeradius-Users
mailing list