post-auth bash script

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Jan 13 12:25:12 CET 2014


> 
> Same file above:
> 
> Authorize {
>     update control {
>         Auth-Type := `bash /opt/verify_date.sh '%{User-Name}'`
>     }
>   }
> 
> Content of “verify_date.sh” file is an ldapsearch with filters to return the values of “expiredate” or “userenabled” with “if” statements to check the results, my question is:
> 
> How can I work with the results of this script to allow or deny access to networks? 
> 

Well if you're intent on ABSOLUTELY CRIPPLING THE PERFORMANCE OF THE RADIUS SERVER FOR NO GOOD REASON, then call the exec module instead of using backticks.

Different exit codes map to different FreeRADIUS rcodes. See raddb/mods-available/echo for the mappings.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140113/62dddd89/attachment.pgp>


More information about the Freeradius-Users mailing list