Minimal Exec Example

Alan DeKok aland at deployingradius.com
Fri Sep 22 15:51:06 CEST 2017


On Sep 22, 2017, at 9:44 AM, Sky <skydiablo at gmx.net> wrote:
> 
> hi there,
> 
> im stuck in configure a simple "exec" solution. my site config looks
> like this:
> 
> //================ START ================
> authorize{
> #    exec
>     update control {
>         Auth-Type := `/usr/bin/php -f /foo/bar/baz.php --username
> '%{User-Name}' --password '%{User-Password}' --ip '%{Client-IP-Address}'`
>     }

  I would really recommend *not* running PHP on every request.  It's very slow.

> }
> //================ END ================
> 
> so this works fine, i get the params and can handle this request. my
> php-script std-out response looks like this:
> 
> //================ START ================
> Accept
> WISPr-Bandwidth-Max-Up = xxx
> WISPr-Bandwidth-Max-Down = xxx
> WISPr-Redirection-URL = http://google.com
> //================ END ================

  That won't work.  When do you:

	 Auth-Type := `/usr/bin/php ...`

  You're assigning a STRING value to the attribute "Auth-Type".  It does not magically treat the first line as the string for Auth-Type, and the rest of the text as attributes.

  i.e. the server works the way it's documented to work.  If you expect that you can do random things and have the server do what you want, computers don't work like that.

  If you want to add attributes to the packet, you will need to configure the 'exec' module to do that.  By following the documentation.

> to test this configure, i try with CLI:
> 
> //================ START ================
> $ radtest foo bar localhost 0 testing123
> Sending Access-Request of id 145 to 127.0.0.1 port 1812
>         User-Name = "foo"
>         User-Password = "bar"
>         NAS-IP-Address = 127.0.1.1
>         NAS-Port = 0
>         Message-Authenticator = 0x00000000000000000000000000000000
> rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=145,
> length=20
> //================ END ================
> 
> but i cant see any additinal response attributes, so what sould i do?
> any suggestions?

  I fail to understand why people look at out output of radtest, and ignore the debug output from the server.  Are we not documentation that in enough places?

  Alan DeKok.




More information about the Freeradius-Users mailing list