external script doesn't add the attributes it prints out
Stun Box
stunbox at gmail.com
Mon May 25 10:07:45 CEST 2009
Hello,
I've tried in the outer-tunel,
post-auth {
GETVLAN
}
but it still does not add my attributes to the reply...
So I have tried (still in the outer-tunel) this :
post-auth {
update reply {
Tunnel-Medium-Type = 6
Tunnel-Type = 13
Tunnel-Private-Group-Id = `%{exec:/usr/local/etc/raddb/getVlan
%{User-Name}}`
}
}
but I got the error
+- entering group post-auth {...}
++[exec] returns noop
Executing /usr/local/etc/raddb/getVlan %{User-Name}
expand: %{User-Name} -> anonymous2nobode
result 0
expand: %{exec:/usr/local/etc/raddb/getVlan %{User-Name}} ->
Exec-Program output: Exec-Program: FAILED to execute : No such file or
directory
Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute : No
such file or directory
Exec-Program: returned: 1
++[reply] returns invalid
And finally, I 've tried like that :
update reply{
Tunnel-Medium-Type = 6
Tunnel-Type = 13
Tunnel-Private-Group-Id = `/usr/local/etc/raddb/getVlan %{User-Name}`
}
and that way works.
But... I don't know an easy way to get the user-name of the inner-tunnel ?
Regards,
G.
2009/5/23 <A.L.M.Buxey at lboro.ac.uk>:
> Hi,
>
>> I have installed freeradius 2.14 on Freebsd using the ports.
>> I need to use an external script, so in radiusd.conf I created in the
>> module section :
>> exec GETVLAN {
>> wait = yes
>> program = "/usr/local/etc/raddb/getVlan %{User-Name}"
>> input-pairs = request
>> output-pairs = reply
>> }
>>
>>
>> and I use it in the post-auth section of the inner-tunnel. (I 'm using
>> peap/mschapv2)
>>
>> But the result is not what I expected...
>> I do "echo" for assigning vlan id but the attributes are not appended
>> to the reply.
>> Here is a cut of the debug debug :
>
> fun. this sort of issue has actually been posted twice to this list in the past
> week - dont use the post-auth of the inner-tunnel, use the post-auth of the
> outer (default site usually) - you may need to ensure that the User-Name
> gets passed back to the outer handler to ensure you are dealing with real
> user info and not just 'anonymous' etc.
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list