Shell script execution

Stefan Paetow Stefan.Paetow at jisc.ac.uk
Thu Apr 16 10:32:21 CEST 2015


> Filter-Id := '/usr/sbin/ldap_get_group_info.sh %{User-name}'  ->
>> /usr/sbin/ldap_get_group_info.sh %{User-name}

That won't work. Single quotes are literally quoting what's in the quotes.

> Filter-Id := "/usr/sbin/ldap_get_group_info.sh %{User-name}"  ->
>> /usr/sbin/ldap_get_group_info.sh monUserTest

That looks better, but it doesn't give you what you want.

> Does someone knows why it doesn't work? Is there a way to enable some logs
> to see why it doesn't work?

Yes, run radiusd -X to run it in debug mode, then do a request. Check that user radiusd actually has permissions to execute the script.

Try this:

Filter-Id := "%{echo:/usr/sbin/ldap_get_group_info.sh %{User-Name}}"

That should do the trick provided that user radiusd has permission to execute the script. 

Also, you could do the searches you're doing with the LDAP module?

:-)

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet
Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG

jisc.ac.uk
 
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under Company No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235 822200.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150416/3d1ce328/attachment.sig>


More information about the Freeradius-Users mailing list