[rad] Re: SOLVED Re: pseudo-newbie exec scripts and session-time
cgregory at hwcn.org
Mon Jun 15 19:07:51 CEST 2009
On Mon, 15 Jun 2009, Arran Cudbard-Bell wrote:
> See the thing is a lot of the documentation pitfalls aren't there in 2.*, a
> lot of the inconsistencys aren't there in 2.*. I know, because I regularly
> play the dumb user and pester Alan about niggly bits of syntax and
I try to be a fair person. And I knew that one argument used against me
would be that the docs had improved since version 1.x, but when I had a
look I found that this 'basic' element remained essentially unchanged.
Indeed the one change I spotted was that the references to 'exec-program'
had disappeared! But there was nothing more about 'exec' modules. And when
I checked the documentation for the latest release, neither the users file
itself nor the documentation for it mentions 'exec'. So I would still
have found no help there.... And the docs for freeradisud.conf remained
Think of it this way. In the French language, when someone turns a light
on they say "make the light OPEN". They *mean* the same thing, but they
use a different word. But if you don't *know* that, you can spend a lot of
time trying to figure out why someone wants to 'open' something that you
just want to turn 'on'.
Thus it was with my understanding of config files in FreeRADIUS. I came
from a background where config files only contained constants. Nothing
dynamic. I had come so far as to realize that we could 'specify' modules
in the main config file, but presumed that sub files remained lists of
constant specifications. There was no mention of executable code in the
users file comments, so I presumed that was just the 'wrong place'.
My bad? Well, yes, BUT I would expect that any expert on RADIUS would have
long ago encountered this kind of thinking and recognize it for what it
is. And if they really wanted to help, they'd be sure to say a few 'basic'
things like "what you are looking for is in the README, not the
individual files". That was all I was asking for, but instead I get this
attitude like I failed to take advice.... (sigh)
> I've been following this thread (mostly for its Jerry Springer'esq
> qualities) and I saw where you stumbled. The documentation in v1 is far
> from perfect, but if you'd actually read around a bit more then you'd
> have figured out exactly what was going on.
Actually, I *did* exactly that. My only complaint was that I had to hunt
at random through files I never imagined containing what I wanted. If
someone had grasped that I was 'not getting it' they could have just
pointed me where I needed to go. Not saying they were obliged to do so,
but I am saying they shouldn't treat their failure to do so with the
attitude that they did 'enough' to help.
> The *only* place in 1.* where the syntax used in the rlm_exec example
> exists is in the users file.
Actually, to the uninitated, that is NOT true. Within the module
definitions in the radiusd.conf there are numerous 'assignements' of
values to 'variables' that look remarkably similar to attribute
assignments. Only once it has been *explained* would I realize that there
is something special about the users file 'assignments'. And again, I
point out that the syntax of assigning an executable to an attribute is
*not* given as an example in the users file. If only it had been, then I
would have figured it all out without this mess.
But then again, I would also have been using an older technique.
> But you're not a user, you're a sysadmin/developer. It's assumed that
> you'll have a modicum of initiative.
Certainly. I *did* find my answer on my own. (smile)
This is the stumbling point. I thought I had looked in all the obvious and
relevant documents. And enough of them were lacking in detail that I don't
think anyone can fairly say I didn't bother to look for my answer before I
posted my question. And that's why I get angry when people just say I was
offered lots of options. No, not really. They were only options for
someone who (and I know this happens) posts a question without having read
*any* of the documentation. I had hoped my included syntax sample would
have desmontrated that I had made progress. :) But really, if no one
grasped that I was lacking that key concept, then how would they know to
tell me where to look for what I wanted? So who is to blame there?
> I don't always agree with Alans way of dealing with users on the list,
> but I understand why he's the way he is.
I understand it too. I just figur if he wants to be helpful, then he could
try to understand how he wasn't. Yes, it is mostly *my* shortcoming, but
when someone like me doesn't *know* he has a shortcoming, just saying
'read the docs' or 'upgrade to 2.x' does not fix this error. I hope my
comments lend themselves to increased awareness of ignorance and better
handling of it.
>> In all honesty, I don't even know what 'EAP' is.
> Extensible Authentication Protocol, it's the Authentication protocol used in
> 802.1X (WPA-Enterprise etc...).
Silly me. I had actually read that. Sorry. I tend to forget things that I
think I won't be likely to use. :)
> If you genuinely want to help other FreeRADIUS v1 users, then you can
> contact me, or any other wiki admins for an account.
Hmmmm. My first gut reaction is that I "don't know enough", but before
I dismiss this idea, I have to ask what you have in mind.
More information about the Freeradius-Users