How to add check item (Pool-Name) from Exec-Program-Wait script?
Mindaugas
mind at bi.lt
Fri Feb 2 13:06:39 CET 2007
>>> I want to use two ippools. That's no problem of course. But which IP
>>> pool
>>> to assign I can decide only in Exec-Program-Wait script. Now I have the
>>> following lines in users file:
>>>
>>> DEFAULT Auth-Type := Accept
>>> Exec-Program-Wait = "/etc/raddb/authclient"
>>>
>>> authclient script checks text file, connects to MySQL and Oracle and
>>> then
>>> it
>>> can say - use ippool1 or ippool2. But how to set Pool-Name check item?
>>> As
>>> far as I understand if authclient would write "Pool-Name:=ipool1" to
>>> stdout
>>> then that would be reply not check item!?
>>>
>>> So how could I tell from the script which ippool to use? I feel that
>>> that
>>> somehow should be possible since ippool is post-auth thing. :)
>>
>> So no ideas? :)
>
> The "exec" module has two configuration items specifying where to take
> the input from and output to. You will want to do this:
>
> exec myprogram {
> wait = yes
> program = "/path/to/your/program %{Some-Argument}"
> input_pairs = request
> output_pairs = config
> }
>
> Then put the module in the authorize section:
>
> authorize {
> preprocess
> files
> # ..others
> myprogram
> }
Aha! So my program then should write "Pool-Name:=ippool2" to stdout and it
will pass as check item in post auth section later? And it can also return 1
if I want to deny access for particular user?
Thank you for the hint. I'll test it anyway.
Mindaugas
More information about the Freeradius-Users
mailing list