post-auth bash script

Jean Carlos Coelho coelho at teltecsolutions.com.br
Mon Jan 13 11:52:03 CET 2014


Hi!

Is there some way to execute a shell with freeradius? here’s my scenario:

- Users login to cisco wi-fi with 3 BSSID (teachers, students or employees) with LDAP credentials;
- I verify if user is at group X, Y or Z (LDAP-Group);
- *** Now, i need to verify in ldap (ldapsearch/shell) if the objectclass “userenalbled” is enabled or “expiredate” is “less” than "now” ***
- Then grant or not access to wifi lan.

This is what I did so far (eg. From students network)…


Authenticate {

  post-auth {

#  if (LDAP-Group == “teachers" || LDAP-Group == “employees") {

#        reject

#      else {

#         noop

#      }

#    }

  }

}

Same file above:


Authorize {

    update control {

        Auth-Type := `bash /opt/verify_date.sh '%{User-Name}'`

    }

  }

Content of “verify_date.sh” file is an ldapsearch with filters to return the values of “expiredate” or “userenabled” with “if” statements to check the results, my question is:

How can I work with the results of this script to allow or deny access to networks?

Thank You!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140113/527ea50e/attachment.html>


More information about the Freeradius-Users mailing list