getting additional functionality, snmp or external program
Phil Mayers
p.mayers at imperial.ac.uk
Sat Dec 29 13:40:30 CET 2012
On 12/29/2012 04:00 AM, Duane Cox wrote:
> I think this is possible, but wanted to make sure and ask what would be
> the best way to do this…
>
> ie. Execute an external program or create a module.
>
> I’m authenticating cable modems using freeradius with a sql database
> backend.
>
> What I want to do, is after the authentication process, query the cable
> modem using snmp (retrieving data) and store this data back into the
> already connected database.
>
> Is anyone doing such a thing?
If I've understood what you want correctly, you don't need to query
within the auth - "post" post-auth would be fine i.e. after the
Access-Accept was sent?
If so, my suggestion would be to do this externally to FreeRADIUS. After
auth, write a log entry or SQL row with the auth info; then have an
external work process (daemon or cron job) execute those queries and
update the "connected" row.
If you do it within FreeRADIUS, you risk blocking the server if an SNMP
query is slow or suffers packet loss / retransmit.
If you must do it within FreeRADIUS, there's a bunch of ways e.g. write
a perl script and run it with rlm_perl. Alternatively use rlm_exec to
run an external script, possibly with "wait = no" to avoid blocking the
server - but the fork/exec cycle will limit your performance significantly.
Writing a module is almost certainly not the right solution.
More information about the Freeradius-Users
mailing list