Adrian Chadd <[EMAIL PROTECTED]> wrote: > I have a radius proxy server which has a bunch of realms configured. > I would like to be able to sit a program in the > authentication/authorisation > chain somewhere which lets me auth a user via some alternate means (for > example, > match on some attribute and then set the Framed-IP-Address manually.)
*Instead* of proxying it? > * firstly, is there a way for Exec-Program-Wait to be run as part of a > DEFAULT clause > where it is able to authenticate a user? I'm not sure what you mean. Properly, the exec-program-wait should either be: a) part of the authorize section, and executed immediately upon seeing the attribute, or b) part of the post_auth section, and done after everything else. > * secondly, is there a way for Exec-Program-Wait to be run as part of a > DEFAULT clause > where anything I return from it terminates the authorization lookups > (I thought Fall-Through > was meant to do this if I specified it..) Right now, no. > * thirdly, does anyone have any other bright ideas on how I'd implement > this without having > to write a module or two? :) I've been planning on writing an 'exec' module, and getting rid of much of the current Exec-Program-Wait. That module would simplify the ability to do what you want. But that's post 0.8. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
