post-auth bash script
Olivier Beytrison
olivier at heliosnet.org
Mon Jan 13 16:30:18 CET 2014
On 13.01.2014 11:52, Jean Carlos Coelho wrote:
> Hi!
>
> Is there some way to execute a shell with freeradius? here’s my scenario:
>
> - Users login to cisco wi-fi with 3 BSSID (teachers, students or
> employees) with LDAP credentials;
> - I verify if user is at group X, Y or Z (LDAP-Group);
> - *** Now, i need to verify in ldap (ldapsearch/shell) if the
> objectclass “userenalbled” is enabled or “expiredate” is “less” than
> "now” ***
Why ooh why do you want to call a script for that ??
Just adapt your filter in your ldap module, in the user {} section.
For example :
filter =
"(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})(userEnabled=enabled)(expireDate<%lZ)"
(this is an example and should be adapted/tested against your directory)
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: olivier at heliosnet.org
More information about the Freeradius-Users
mailing list