Config hints for providing list of groups in post-auth?
Mike Ely
me at mikeely.org
Tue Jun 7 20:29:51 CEST 2016
On 06/07/2016 08:55 AM, Alan DeKok wrote:
> On Jun 7, 2016, at 11:52 AM, Mike Ely <me at mikeely.org> wrote:
>> Intriguing. Are you aware of a way in "unlang" to pull all of a user's group memberships and present those in the reply to the NAS? It would certainly be easier to maintain compared to calling an external script.
> In v3.0.x, you might as well use a shell script.
We have to stick with 3.0.x for now. I'm _this_ close here. I wrote a
module that follows the pattern in the ntlm_auth module, and call it in
post-auth. I can see it run successfully:
Program returned code (0) and output 'domain users,techs'
(0) getadgroups : Program executed successfully
(0) [getadgroups] = ok
The part I am conceptually lost on is how to get that program output -
in the case of my test user 'domain users,techs' - into the main
post-auth process so I can use "update reply" with whatever custom
dictionary we settle on here.
How do I set a variable to the ouptut of this module? I've tried
somevariable = "%{exec:/path/to/script etc etc}" in the module and then
radius says [getadgroups] = noop
More information about the Freeradius-Users
mailing list