802.1x post Authentication and Authorization user processing
Nelson Freire do Vale
nf-vale at critical-links.com
Tue Mar 20 15:21:25 CET 2007
Hi Alan,
Thanks for your quick answer. I added the following lines to the "exec"
module:
exec {
wait = yes
input_pairs = request
program = `${raddbdir}/teste.sh %{username} %i`
}
The "wait" and "input_pairs" were already there. What do they mean?
my raddb/teste.sh script is as follows:
#!/bin/bash
echo "Username: $1"
echo "MAC: $2"
exit 0
The debug from radius is as follows:
...
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 8
radius_xlat: '/etc/raddb/teste.sh userx 00-20-xx-xx-xx-xx'
Exec-Program: /etc/raddb/teste.sh userx 00-20-xx-xx-xx-xx
Exec-Program output: Username: userx MAC: 00-20-xx-xx-xx-xx
Exec-Program-Wait: plaintext: Username: userx MAC: 00-20-xx-xx-xx-xx
Exec-Program: returned: 0
modcall[post_auth]: module "exec" returns ok for request 18
...
So far so good...
It's this the best approach? Are any issues involved with this kind of
approach?
Thank you for your time
Ter, 2007-03-20 às 12:34 +0100, Alan DeKok escreveu:
> Nelson Freire do Vale wrote:
> > - After the authentication and authorization process succeeds I need to
> > pass the authenticated/authorized username and mac address to my
> > firewall system in order to "authenticate" the client in my firewall.
>
> See the "post-auth" section. You can use the "exec" module to run
> arbitrary scripts once the user has been authenticated.
>
> Alan DeKok.
> --
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
--
Nelson Vale
Test Engineer
Critical Links, S.A.
Parque Industrial de Taveiro, Lote 48
3045-504 Coimbra
PORTUGAL
Tel: +351.239989100
Fax: +351.239989119
Web: www.critical-links.com/
Email: nf-vale at critical-links.com
More information about the Freeradius-Devel
mailing list