EXEC : possible to update pairs directly?

FRANKS, Andy (SHREWSBURY AND TELFORD HOSPITAL NHS TRUST) andy.franks1 at nhs.net
Tue Aug 11 12:45:50 CEST 2020


Hi all,
  Just researching possibilities to help me around the upgrades I need to do to move from old operating systems and FR3.1.
I tried v4 for a while, and may go back to that, but am struggling with the exec module race condition - the dilemma is that I can't spend too long redoing what we used to do in exec.

I've gone back to v3.0.22 to see what I can do there, but missed the SQL maps bit quite a bit so have do a few quick tests to see what I can achieve in the exec module, expanding my knowledge as it were.

The following url contains an example that would be useful, but I can't get it working in 3.0.22 :

https://stackoverflow.com/questions/26442693/freeradius-reading-attributes-while-executing-external-script

In the example Arran says :

"Version 3 supports attribute assignment similar to what you've posted, but it'd be:
update {
    control: += `/usr/bin/php -f /web/auth.php '%{NAS-Identifier} %{Calling-Station-Id}'`
}
Then modify your script output to be:
Auth-Type = Accept
reply:WISPr-Bandwidth-Max-Up = xxx
..
"

The key question is the inclusion of "reply:" attribute in an update { control : } section - it would be useful to be able to update any pairs via exec, not just the control (in this example), as you can do directly via

Update [
Reply:reply-message := ..
Control:auth-type := ..
}

When I try the example above, FR 3.0.22 can't parse the output:

ERROR: Failed parsing output from: /usr/bin/php -f /etc/freeradius/sql_active_device_check_accounting.php -- '--hostname %{control:Hostname} --username %{request:User-Name} --nasipaddress %{request:NAS-IP-Address} --nasport %{request:NAS-Port} --macaddresslimit %{%{control:MacAddressLimit}:-0}': Expecting operator

(0)               ERROR: Program returned code (0) and output 'Auth-Type = Accept,reply:WISPr-Bandwidth-Max-Up = 123'

It works if removing the reply: specifier from the "reply:WISPr-Bandwidth-Max-Up", i.e.

Program returned code (0) and output 'Auth-Type = Accept,WISPr-Bandwidth-Max-Up = 123'
(0)         control::Auth-Type = Accept
(0)         control::WISPr-Bandwidth-Max-Up = 123

It's not the end of the world to have to copy the attributes from one "set" to another, but was hoping to be a bit cleaner if possible. IT's possible I just don't have the right syntax.

Also happy taking advice on how best to replicate sql maps and attribute pair functionality best, possibly in python or perl I suppose, although those seem more "fixed" at a glance than exec.

Thanks!
Andy


********************************************************************************************************************

This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.

For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail



More information about the Freeradius-Users mailing list