post-auth bash script
Jean Carlos Coelho
coelho at teltecsolutions.com.br
Mon Jan 13 11:52:03 CET 2014
Hi!
Is there some way to execute a shell with freeradius? here’s my scenario:
- Users login to cisco wi-fi with 3 BSSID (teachers, students or employees) with LDAP credentials;
- I verify if user is at group X, Y or Z (LDAP-Group);
- *** Now, i need to verify in ldap (ldapsearch/shell) if the objectclass “userenalbled” is enabled or “expiredate” is “less” than "now” ***
- Then grant or not access to wifi lan.
This is what I did so far (eg. From students network)…
Authenticate {
post-auth {
# if (LDAP-Group == “teachers" || LDAP-Group == “employees") {
# reject
# else {
# noop
# }
# }
}
}
Same file above:
Authorize {
update control {
Auth-Type := `bash /opt/verify_date.sh '%{User-Name}'`
}
}
Content of “verify_date.sh” file is an ldapsearch with filters to return the values of “expiredate” or “userenabled” with “if” statements to check the results, my question is:
How can I work with the results of this script to allow or deny access to networks?
Thank You!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140113/527ea50e/attachment.html>
More information about the Freeradius-Users
mailing list