<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18975">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2 face=Arial>
<DIV><FONT size=2 face=Arial>Hi,</FONT></DIV>
<DIV><FONT size=2 face=Arial> am migrating from an ancient
radius install to FreeRADIUS Version 2.1.8</FONT></DIV>
<DIV><FONT size=2 face=Arial>The system uses a custom authentication binary
which we access from the users file via,</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV><FONT size=2 face=Arial>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr>
<DIV><BR>DEFAULT NAS-IP-Address == "192.168.1.100", Auth-Type := Accept,
Simultaneous-Use := 1<BR>
Exec-Program-Wait = "/usr/local/sbin/auth -X -U -u 5882626 -- %{User-Name}
%{User-Password} %{%{Called-Station-Id}:-Missing}
%{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing}
%{%{NAS-Port-Type}:-Missing} %{Vendor-Specific}"
,<BR> Fall-Through =
no</DIV></BLOCKQUOTE>
<DIV> </DIV>
<DIV>On the old version, the output from the EXEC was sent back in the Accept
packet..</DIV>
<DIV> </DIV>
<DIV>Now is looks like the stdout form the Exec-Program-Wait is not being send
back but either dropped or misplaced.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px" dir=ltr>
<DIV><FONT size=2 face=Arial>++[sql] returns ok<BR>+- entering group post-auth
{...}<BR>Exec-Program output: Framed-Compression=Van-Jacobsen-TCP-IP
Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0
Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800
Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER
ERX-Ingress-Policy-Name=COMFORT_UP
ERX-Egress-Policy-Name=COMFORT_DOWN<BR>Exec-Program-Wait: plaintext:
Framed-Compression=Van-Jacobsen-TCP-IP Framed-Routing=None Framed-MTU=1500
Framed-IP-Netmask=255.255.255.0 Framed-Protocol=PPP Service-Type=Framed-User
Idle-Timeout=1800 Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER
ERX-Ingress-Policy-Name=COMFORT_UP
ERX-Egress-Policy-Name=COMFORT_DOWN<BR>Exec-Program: returned: 0<BR>++[exec]
returns noop<BR>Sending Access-Accept of id 248 to 192.168.1.100 port
50000<BR>Finished request 0.</FONT></DIV></BLOCKQUOTE>
<DIV dir=ltr><FONT size=2 face=Arial>Is there a way to direct the output from
the Exec-Program into the Accept packet? </FONT></DIV>
<DIV dir=ltr><FONT size=2 face=Arial></FONT> </DIV>
<DIV dir=ltr><FONT size=2 face=Arial>As far as we can tell, we are sending back
and empty Accept packet. The values are calculated by the auth binary, so
hard coding them would be very difficult.</FONT></DIV>
<DIV dir=ltr><FONT size=2 face=Arial></FONT> </DIV>
<DIV dir=ltr><FONT size=2 face=Arial>It's after 1am here, so I hope this won't
seem obvious in the morning.</FONT></DIV>
<DIV dir=ltr><FONT size=2 face=Arial></FONT> </DIV>
<DIV dir=ltr><FONT size=2 face=Arial>Any hints would be greatly
appreciated.</FONT></DIV>
<DIV dir=ltr><FONT size=2 face=Arial></FONT> </DIV>
<DIV dir=ltr><FONT size=2 face=Arial>Thanks so much,</FONT></DIV>
<DIV dir=ltr><FONT size=2 face=Arial>-craig</FONT></DIV>
<DIV dir=ltr><FONT size=2 face=Arial></FONT> </DIV></FONT></DIV>
<DIV>
<DIV class=Section1>
<P style="mso-layout-grid-align: none" class=MsoNormal><I><SPAN
style="mso-ansi-language: EN-US">
<HR>
Craig Campbell <BR><A
href="mailto:craig.campbell@ccraft.ca">craig.campbell@ccraft.ca</A>
<BR>CampbellCraft Consulting Inc<BR>2 Kenny Court <BR>Whitby, Ontario <BR>Canada
<BR>L1R 2L8 <BR>905 922-2789
<P></P>
<P class=MsoNormal><SPAN lang=EN-CA> <?xml:namespace prefix = o
/><o:p></o:p></SPAN></P></DIV></SPAN></I></DIV><BR>
<BR>
__________ Information from ESET Smart Security, version of virus signature database 5612 (20101111) __________<BR>
<BR>
The message was checked by ESET Smart Security.<BR>
<BR>
<A HREF="http://www.eset.com">http://www.eset.com</A><BR>
</BODY></HTML>