External accounting script help

Paul Boehmer pboehmer at seidata.com
Tue May 12 15:22:04 CEST 2015 

First post please be gentle.

Working on a migration from XtRadius 1.2.1B2 to FreeRadius 3.0.8.  In my XtRadius users file, I have the following line:

------------------------------
DEFAULT Acct-Status-Type = "Start"
         Exec-Program-Account = "/radius/scripts/startrad.sh %u %f %y %n %p"
------------------------------

 From what I understand in the documentation, I created the following the file in mods-enabled called startrad.  The 
file contains:

-------------------------------
# -*- text -*-
exec startrad {
         wait = yes
         program = "/radius/scripts/startrad.sh %{User-Name} \
                                                 %{Framed-IP-Address} \
                                                 %{NAS-Port-Type} \
                                                 %{NAS-IP-Address} \
                                                 %{NAS-Port-Id}"


         input_pairs = request
         output_pairs = reply
         packet_type = Access-Accept
}
---------------------------------

The shell script right now just dumps the arguments to a flat text file.  I call this module in my sites-enabled/default 
config in the accounting section like so:

---------------------------------
accounting {
         detail
         unix
         radutmp
         sradutmp
         -sql
         exec

         if ( "%{Acct-Status-Type}" == "Start"){
                 startrad
         }

}
-----------------------------------


 From there, I execute "radius -X | tee -a log" and I see the module enabled and executed, but the result is (showing 
what I think are relevant entries):

------------------------------------
...
including configuration file /radius/raddb/mods-enabled/startrad
...
...
   # Instantiating module "startrad" from file /radius/raddb/mods-enabled/startrad
   exec startrad {
         wait = yes
         program = "/radius/scripts/startrad.sh %{User-Name} 
%{Framed-IP-Address}
%{NAS-Port-Type}                                                %{NAS-IP-Address} 
         %{NAS-Port-Id}"
         input_pairs = "request"
         output_pairs = "reply"
         shell_escape = yes
   }
...
...
(1)   User-Name = 'testuser'
(1)   Acct-Authentic = RADIUS
...
...
(1)   Acct-Status-Type = Stop
(1)   NAS-Port-Type = Virtual
(1)   NAS-Port = 16777297
(1)   Class = 0x61693a6238623938653064353564393061376235626533303763663239313737363134
(1)   Service-Type = Framed-User
...
...
...
(0)     if ( "%{Acct-Status-Type}" == "Start") {
(0)     EXPAND %{Acct-Status-Type}
(0)        --> Stop
(0)     if ( "%{Acct-Status-Type}" == "Start")  -> FALSE
(0) startrad: Executing: /radius/scripts/startrad.sh %{User-Name} 
%{Framed-IP-Address}                            %{NAS-Port-Type} 
%{NAS-IP-Address}                                               %{NAS-Port-Id}:
(0) startrad: EXPAND %{User-Name}
(0) startrad:    --> testuser
(0) startrad: EXPAND %{Framed-IP-Address}
(0) startrad:    --> ***.***.***.238
(0) startrad: EXPAND %{NAS-Port-Type}
(0) startrad:    --> Virtual
(0) startrad: EXPAND %{NAS-IP-Address}
(0) startrad:    --> ***.***.***.226
(0) startrad: EXPAND %{NAS-Port-Id}
(0) startrad:    -->
(0) startrad: Program returned code (0) and output ''
(0) startrad: Program executed successfully
(0)     [startrad] = ok
(0)   } # accounting = ok
...
...
-------------------------------------

So, despite the if/then statement being false, the startrad module is still being executed.

I've seen numerous postings on similar question, but any answers I did find are several years old.  Am I correct in 
moving the script to a module and sites-enabled/default files from the mods-config/files/authorize (aka users)?

Please advise.
Thanks.

-- 
Paul Boehmer
pboehmer at seidata.com

More information about the Freeradius-Users mailing list