Exec-Program-Wait not working

Gianni Costanzi gianni.costanzi at gmail.com
Wed Jun 19 17:16:03 CEST 2019


Hi,
I was using the following syntax on Freeradius 2.x to determine if a user
could connect to a particular IP address, even if the authentication
succeeds, based on some parameters passed to a script:

XXX747 Auth-Type = System, Realm == imp
        Service-Type := Login-User,
        cisco-avpair = "shell:priv-lvl=2",
        Exec-Program-Wait =
"/opt/script/radius/bin/check_operator_access.sh %{NAS-IP-Address}
%{User-Name} %{Realm}"

It worked on my old 2.x installation, now I'm on the last version available
on Red Hat Enterprise 7, which is 3.0.13-10.el7_6. The syntax gives no
error, but the script is not invoked (it contains an invocation to logger
system command to put an entry in /var/log/messages and I can't see it),
even if the above entry in the users (authorize) file is mached. What could
be the problem? If this is the wrong way to implement this check can you
give me an hint on how should I do it on 3.x Freeradius installation?



Wed Jun 19 17:01:52 2019 : Debug: (12) files: users: Matched entry XXX747
at line 497
Wed Jun 19 17:01:52 2019 : Debug:
/opt/script/radius/bin/check_operator_access.sh %{NAS-IP-Address}
%{User-Name} %{Realm}
Wed Jun 19 17:01:52 2019 : Debug: Parsed xlat tree:
Wed Jun 19 17:01:52 2019 : Debug: literal -->
/opt/script/radius/bin/check_operator_access.sh
Wed Jun 19 17:01:52 2019 : Debug: attribute --> NAS-IP-Address
Wed Jun 19 17:01:52 2019 : Debug: literal -->
Wed Jun 19 17:01:52 2019 : Debug: attribute --> User-Name
Wed Jun 19 17:01:52 2019 : Debug: literal -->
Wed Jun 19 17:01:52 2019 : Debug: attribute --> Realm
Wed Jun 19 17:01:52 2019 : Debug: (12) files: EXPAND
/opt/script/radius/bin/check_operator_access.sh %{NAS-IP-Address}
%{User-Name} %{Realm}
Wed Jun 19 17:01:52 2019 : Debug: (12) files:    -->
/opt/script/radius/bin/check_operator_access.sh 172.16.120.218 XXX747 at imp
imp
Wed Jun 19 17:01:52 2019 : Debug: (12)     modsingle[authorize]: returned
from files (rlm_files)
Wed Jun 19 17:01:52 2019 : Debug: (12)     [files] = ok

Thank you in advance for any help.

Best regards,
   Gianni Costanzi


More information about the Freeradius-Users mailing list