Lost values

Jack Daniels da_very_newbie at hotmail.com
Tue Sep 5 13:24:38 CEST 2006 

Hi there, I've got the next config file:

radiusd.conf
-----------------
modules {
   exec my_auth {
      wait = yes
      program = "/home/myself/my_auth.sh %{NAS-IP-Address} 
%{Calling-Station-ID} %{User-Name}"
      input_pairs = request
      output_pairs = reply
   }
...

instantiate {
   exec
   my_auth
}

authorize {
   mschap
   my_auth
   eap
}
...

/home/myself/my_auth.sh
------------------------------------
#!/bin/bash
echo "NAS: $1"
echo "Caller: $2"
echo "User: $3"
exit 0

And I'm using a Cisco Aironet 1200 AP.
Ok, so the problem is the next:
When I connect through the access point, i get the following output (I just 
put the parts regarding my script)
...
radius_xlat:  '/tmp/radius_auth/auth.sh 192.168.254.22 0002.2d85.4676 test'
Exec-Program: /tmp/radius_auth/auth.sh 192.168.254.22 0002.2d85.4676 test
Exec-Program output: NAS: 192.168.254.22 Caller: 0002.2d85.4676 User: test
Exec-Program-Wait: plaintext: NAS: 192.168.254.22 Caller: 0002.2d85.4676 
User: test
Exec-Program: returned: 0
...
I get like 6 of those and then I got 3 of these (Please note that the 
parameters are gone)
Exec-Program: /tmp/radius_auth/auth.sh   test
Exec-Program output: NAS: test Caller:  User:
Exec-Program-Wait: plaintext: NAS: test Caller:  User:
Exec-Program: returned: 0

And finally I get this one (And they are back)
radius_xlat:  '/tmp/radius_auth/auth.sh 192.168.254.22 0002.2d85.4676 test'
Exec-Program: /tmp/radius_auth/auth.sh 192.168.254.22 0002.2d85.4676 test
Exec-Program output: NAS: 192.168.254.22 Caller: 0002.2d85.4676 User: test
Exec-Program-Wait: plaintext: NAS: 192.168.254.22 Caller: 0002.2d85.4676 
User: test
Exec-Program: returned: 0

And access is granted.

So, my question is, why, at some point, i lose the values of 
%{NAS-IP-Address} and %{Calling-Station-ID}?
I'd like to know also if there is a way to "ignore" a request for my script. 
In this case, my script gives a 0 back, and this grants access. If I modify 
it to return 1, access is denied. I'd like to know if there is a value that 
doesn't cause the whole auth process to fail, like ignore until I get the IP 
address that was lost.
What I want to do in my script, is to check the AP's ip address and 
depending on it deny access to users of a determined AP and grant access to 
users of the others AP, but since sometimes I lose the value of those vars, 
the whole process will fail even for a user who is on an authorized AP.

If someone could shed some light, that'd be great.

Thanks a lot.

Jack

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

More information about the Freeradius-Users mailing list