I think I found the issue.  One of the value pairs being returned used a name not defined in the dictionary file.  The new name is similar leading me to suspect the old name was deprecated and eventually replaced with a more clear name.
 
Thanks all!
-craig
----- Original Message -----
From: Craig Campbell
To: FreeRadius users mailing list
Sent: Friday, November 12, 2010 6:24 AM
Subject: Output from Exec-Program-Wait in users file

Hi,
    am migrating from an ancient radius install to FreeRADIUS Version 2.1.8
The system uses a custom authentication binary which we access from the users file via,
 

DEFAULT NAS-IP-Address == "192.168.1.100", Auth-Type := Accept, Simultaneous-Use := 1
        Exec-Program-Wait = "/usr/local/sbin/auth -X -U -u 5882626 -- %{User-Name} %{User-Password} %{%{Called-Station-Id}:-Missing} %{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing} %{%{NAS-Port-Type}:-Missing} %{Vendor-Specific}" ,
        Fall-Through = no
 
On the old version, the output from the EXEC was sent back in the Accept packet..
 
Now is looks like the stdout form the Exec-Program-Wait is not being send back but either dropped or misplaced.
 
++[sql] returns ok
+- entering group post-auth {...}
Exec-Program output: Framed-Compression=Van-Jacobsen-TCP-IP Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
Exec-Program-Wait: plaintext: Framed-Compression=Van-Jacobsen-TCP-IP Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
Exec-Program: returned: 0
++[exec] returns noop
Sending Access-Accept of id 248 to 192.168.1.100 port 50000
Finished request 0.
Is there a way to direct the output from the Exec-Program into the Accept packet? 
 
As far as we can tell, we are sending back and empty Accept packet.  The values are calculated by the auth binary, so hard coding them would be very difficult.
 
It's after 1am here, so I hope this won't seem obvious in the morning.
 
Any hints would be greatly appreciated.
 
Thanks so much,
-craig
 


Craig Campbell
craig.campbell@ccraft.ca
CampbellCraft Consulting Inc
2 Kenny Court
Whitby, Ontario
Canada
L1R 2L8
905 922-2789

 



__________ Information from ESET Smart Security, version of virus signature database 5612 (20101111) __________

The message was checked by ESET Smart Security.

http://www.eset.com


__________ Information from ESET Smart Security, version of virus signature database 5614 (20101112) __________

The message was checked by ESET Smart Security.

http://www.eset.com