At 02:27 PM 1/9/2002 -0500, [EMAIL PROTECTED] wrote:
>Paulo Angelo <[EMAIL PROTECTED]> wrote:
> > I'm having some problems with Free Radius 0.4 when I try to
> > execute a external program (a shell script).
> >
> > I've created a user in users file like:
> >
> >
> > pa Auth-Type := Local, Password == "pa"
> > Service-Type = Framed-User,
> > Exec-Program = "/root/sh %u %f",
>...
> > I can connect using this user, but it execute the program
> > ("/root/sh") like :
> >
> > /root/sh pa ?.?.?.?
>
> That's becasue the Framed-IP-Address does not exist yet. You've got
>to add it to the request, to send it to portslave.
>
> If portslave picks an IP address to use out of it's local pool, then
>it is IMPOSSIBLE to discover the Framed-IP-Address during the
>authentication part of RADIUS.
Not quite, per the RFC, it is possible and allowed for the NAS to send
this in an Access-Request, as a hint. However, I do not know of any NAS
that actually do this, so Alan is correct that there is no way to
determine this during the Authentication stage of RADIUS.
So, long story short, you can't do that with radius because you've got
the cart before the horse.
-Chris
--
\\\|||/// \ Chris Parker - Manager, Development Engineering
\ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED]
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Without C we would have 'obol', 'basi', and 'pasal'
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
