Output from Exec-Program-Wait in users file
Craig Campbell
craig.campbell at ccraft.ca
Fri Nov 12 12:24:43 CET 2010
Hi,
am migrating from an ancient radius install to FreeRADIUS Version 2.1.8
The system uses a custom authentication binary which we access from the users file via,
DEFAULT NAS-IP-Address == "192.168.1.100", Auth-Type := Accept, Simultaneous-Use := 1
Exec-Program-Wait = "/usr/local/sbin/auth -X -U -u 5882626 -- %{User-Name} %{User-Password} %{%{Called-Station-Id}:-Missing} %{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing} %{%{NAS-Port-Type}:-Missing} %{Vendor-Specific}" ,
Fall-Through = no
On the old version, the output from the EXEC was sent back in the Accept packet..
Now is looks like the stdout form the Exec-Program-Wait is not being send back but either dropped or misplaced.
++[sql] returns ok
+- entering group post-auth {...}
Exec-Program output: Framed-Compression=Van-Jacobsen-TCP-IP Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
Exec-Program-Wait: plaintext: Framed-Compression=Van-Jacobsen-TCP-IP Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
Exec-Program: returned: 0
++[exec] returns noop
Sending Access-Accept of id 248 to 192.168.1.100 port 50000
Finished request 0.
Is there a way to direct the output from the Exec-Program into the Accept packet?
As far as we can tell, we are sending back and empty Accept packet. The values are calculated by the auth binary, so hard coding them would be very difficult.
It's after 1am here, so I hope this won't seem obvious in the morning.
Any hints would be greatly appreciated.
Thanks so much,
-craig
--------------------------------------------------------------------------------
Craig Campbell
craig.campbell at ccraft.ca
CampbellCraft Consulting Inc
2 Kenny Court
Whitby, Ontario
Canada
L1R 2L8
905 922-2789
__________ Information from ESET Smart Security, version of virus signature database 5612 (20101111) __________
The message was checked by ESET Smart Security.
http://www.eset.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101112/dfb4d327/attachment.html>
More information about the Freeradius-Users
mailing list