Output from Exec-Program-Wait in users file

Craig Campbell craig.campbell at ccraft.ca
Fri Nov 12 12:24:43 CET 2010


Hi,
    am migrating from an ancient radius install to FreeRADIUS Version 2.1.8
The system uses a custom authentication binary which we access from the users file via,


  DEFAULT NAS-IP-Address == "192.168.1.100", Auth-Type := Accept, Simultaneous-Use := 1
          Exec-Program-Wait = "/usr/local/sbin/auth -X -U -u 5882626 -- %{User-Name} %{User-Password} %{%{Called-Station-Id}:-Missing} %{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing} %{%{NAS-Port-Type}:-Missing} %{Vendor-Specific}" ,
          Fall-Through = no

On the old version, the output from the EXEC was sent back in the Accept packet..

Now is looks like the stdout form the Exec-Program-Wait is not being send back but either dropped or misplaced.

  ++[sql] returns ok
  +- entering group post-auth {...}
  Exec-Program output: Framed-Compression=Van-Jacobsen-TCP-IP Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
  Exec-Program-Wait: plaintext: Framed-Compression=Van-Jacobsen-TCP-IP Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
  Exec-Program: returned: 0
  ++[exec] returns noop
  Sending Access-Accept of id 248 to 192.168.1.100 port 50000
  Finished request 0.
Is there a way to direct the output from the Exec-Program into the Accept packet?  

As far as we can tell, we are sending back and empty Accept packet.  The values are calculated by the auth binary, so hard coding them would be very difficult.

It's after 1am here, so I hope this won't seem obvious in the morning.

Any hints would be greatly appreciated.

Thanks so much,
-craig



--------------------------------------------------------------------------------
Craig Campbell 
craig.campbell at ccraft.ca 
CampbellCraft Consulting Inc
2 Kenny Court 
Whitby, Ontario 
Canada 
L1R 2L8 
905 922-2789 

 



__________ Information from ESET Smart Security, version of virus signature database 5612 (20101111) __________

The message was checked by ESET Smart Security.

http://www.eset.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101112/dfb4d327/attachment.html>


More information about the Freeradius-Users mailing list