Using EXEC authentication sources

Alan DeKok aland at deployingradius.com
Fri Oct 4 03:20:42 CEST 2019


On Oct 3, 2019, at 4:30 PM, Nate . <nate2077developer at gmail.com> wrote:
> 
> Sorry, things are still busy around here. I did not catch that, thank you!
> I must have edited the wrong file by accident. For the most part things are
> working great. I am only struggling with one last thing; I am trying to
> pass the variable for the devices mac address to the script. I am able to
> collect the username, IP, and their entered pap password perfectly fine.
> It's just the MacAddr that appears to be blank every time.
> 
> I thought I was referencing it properly using Calling-Station-Id..

  As always, read the debug output to see where Calling-Station-ID shows up.

> authorize {
>        update control {
>                Auth-Type := `/usr/bin/php -f /etc/freeradius/auth.php
> '%{User-Name}' '%{User-Password}' '%{Client-IP-Address}'
> '%{Calling-Station-Id}'`
>        }
> }
> 
> A side question I have as well. Do you happen to know of a way to pass
> these parameters securely? or a way to prevent Injection attacks using this
> execution method?

  Don't exec a program where anything can read the program arguments.  Use an interpreted module like rlm_perl or rlm_pyhthon

  Alan DeKok.




More information about the Freeradius-Users mailing list