How to add check item (Pool-Name) from Exec-Program-Wait script?

Phil Mayers p.mayers at
Fri Feb 2 10:50:45 CET 2007

Mindaugas wrote:
>>  I want to use two ippools. That's no problem of course. But which IP pool
>> to assign I can decide only in Exec-Program-Wait script. Now I have the
>> following lines in users file:
>> DEFAULT Auth-Type := Accept
>>    Exec-Program-Wait = "/etc/raddb/authclient"
>> authclient script checks text file, connects to MySQL and Oracle and then 
>> it
>> can say - use ippool1 or ippool2. But how to set Pool-Name check item? As
>> far as I understand if authclient would write "Pool-Name:=ipool1" to 
>> stdout
>> then that would be reply not check item!?
>>  So how could I tell from the script which ippool to use? I feel that that
>> somehow should be possible since ippool is post-auth thing. :)
>   So no ideas? :)

The "exec" module has two configuration items specifying where to take 
the input from and output to. You will want to do this:

exec myprogram {
   wait = yes
   program = "/path/to/your/program %{Some-Argument}"
   input_pairs = request
   output_pairs = config

Then put the module in the authorize section:

authorize {
   # ..others

There may be other ways of doing this. In particular, you might be able 
in the users file to do this (haven't tested it):

DEFAULT	Pool-Name := `%{exec:/path/to/program args}`
	Fall-Through = yes/no

>   I'm thinking that maybe "Fall-Through = Yes" could help!? But again - how 
> to set something from script that I could specify as check item in second 
> DEFAULT entry?

You can't compare against config items in the "users" file, but should 
not need to

More information about the Freeradius-Users mailing list