The Calling-Station-ID shows up in the outer portion, eap & "default", but not the inner-tunnel. I just don't understand how I'm supposed to set a custom variable to pass to the inner tunnel for use like this. I'll have to look at the python module when I have the free time, sounds much nicer than what I'm being told to do.. I'm required to use PHP for this job, so I can't just go with the python module unless it was warranted unfortunately. I've expressed my concerns about the security of this method, but they do not care and want it done this way. Their argument is that the server will be locked down with hardware only access once it is completed. My task is simply to collect the user login and device identity, passing it onto their secondary system for processing, then it will respond with Ok or Fail. On Thu, Oct 3, 2019 at 9:20 PM Alan DeKok <aland@deployingradius.com> wrote:
On Oct 3, 2019, at 4:30 PM, Nate . <nate2077developer@gmail.com> wrote:
Sorry, things are still busy around here. I did not catch that, thank
you!
I must have edited the wrong file by accident. For the most part things are working great. I am only struggling with one last thing; I am trying to pass the variable for the devices mac address to the script. I am able to collect the username, IP, and their entered pap password perfectly fine. It's just the MacAddr that appears to be blank every time.
I thought I was referencing it properly using Calling-Station-Id..
As always, read the debug output to see where Calling-Station-ID shows up.
authorize { update control { Auth-Type := `/usr/bin/php -f /etc/freeradius/auth.php '%{User-Name}' '%{User-Password}' '%{Client-IP-Address}' '%{Calling-Station-Id}'` } }
A side question I have as well. Do you happen to know of a way to pass these parameters securely? or a way to prevent Injection attacks using this execution method?
Don't exec a program where anything can read the program arguments. Use an interpreted module like rlm_perl or rlm_pyhthon
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html