TS - custom script for access
Alan DeKok
aland at deployingradius.com
Mon Nov 30 20:49:39 CET 2009
d.tom.schmitt at L-3com.com wrote:
> You refer to the scripts/exec-program-wait and I read what I could.
> It is still vague to me.
> Is there a simple example HOW-TO, etc. showing a simple script (bash
> shell)
Umm... that file *is* a simple shell script. It contains comments
describing how to edit the server configuration in order to run the script.
> That is executed by an entry in a flatfile in radius?
Yes... the configuration files are "flat files".
See also "man unlang". It describes how to run programs directly from
the configuration files.
> I found that it must be a 'C' program not a shell script in the
> comments.
Uh... no. The comments do not say that.
> I am still unclear if I create a script called 'doit.sh':
> 1. Do I have to place the script in a certain location?
It has to be executable by the radius server. Use Unix "pathnames" to
point to it.
> 2. What permissions are required for the script to execute?
Unix execute permissions?
> 3. What do I place in the radiusd.conf file to have the script
> available and to run it?
The comments in the sample script try to explain that.
> 4. What would an entry for a user look like to have just that
> user be sent to the 'doit.sh' script?
See "man unlang". You will need to create a policy stating this.
There are "if" statements, and conditional checks you can do. This is
programming, but not very complicated programming.
> 5. Is there a location 'default' that would make all users have
> to run the code for access?
Yes. Just follow the comments in the example script. Or, make the
"if" condition true for all user.
> I am new at freeRADIUS and currently am very confused.
Many of your questions are "unix 101" questions. I suggest a larger
familiarity with Unix systems (paths, permissions, etc.)
Alan DeKok.
More information about the Freeradius-Users
mailing list