On Oct 3, 2019, at 4:30 PM, Nate . <nate2077developer@gmail.com> wrote:
Sorry, things are still busy around here. I did not catch that, thank you! I must have edited the wrong file by accident. For the most part things are working great. I am only struggling with one last thing; I am trying to pass the variable for the devices mac address to the script. I am able to collect the username, IP, and their entered pap password perfectly fine. It's just the MacAddr that appears to be blank every time.
I thought I was referencing it properly using Calling-Station-Id..
As always, read the debug output to see where Calling-Station-ID shows up.
authorize { update control { Auth-Type := `/usr/bin/php -f /etc/freeradius/auth.php '%{User-Name}' '%{User-Password}' '%{Client-IP-Address}' '%{Calling-Station-Id}'` } }
A side question I have as well. Do you happen to know of a way to pass these parameters securely? or a way to prevent Injection attacks using this execution method?
Don't exec a program where anything can read the program arguments. Use an interpreted module like rlm_perl or rlm_pyhthon Alan DeKok.