Alan, thanks for your previous reply.
I am now using exec to call a script from post-auth on Access-Accept. In
this script, I examine the various attributes and call my other scripts
depending on their values.
But I am not entirely satisfied with this model; it seems to me that I
am not using freeradius all the way here, instead I am bailing out to my
own script asap and do everything myself!
Here is what I am trying to accomplish:
NAS -> (Local radiusserver / passwd module) -> (Remote radiusserver /
sql-database)
Some of my access codes are dealt with by the Local radius-server,
others by the Remote radiusserver (proxy/realm).
Depending on where the actual authentication took place, I need to run 1
or 2 scripts on the *local* server (not on the remote server):
=> script S1, S2 or S3 depending the granted service
=> possibly script P1 or P2 for payment.
The nicest way to do this I think is if I can inject some
'Exec'-attributes into the reply chain, but they should always be
executed on the *Local* Server, never on the Remote Server. In this way
I could just attach e.g. Exec-Program=S2 and Exec-Program=P2 to the
reply chain on the remote server.
Unfortunately, this doesn't work, because an Exec-Program attribute
attached by the Remote Server gets executed on the Remote Server, and
not on the Local Server.
Is there an elegant solution in freeradius for this kind of problem? Or
should I go ahead and implement the 'exec'-module solution in the
'post-auth' on the Local Server?
Thanks for your advice!
Z.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- rlm_passwd + Exec-Program Zoilo
- Re: rlm_passwd + Exec-Program Alan DeKok
- Re: rlm_passwd + Exec-Program Zoilo
- Re: rlm_passwd + Exec-Program Zoilo
- Re: rlm_passwd + Exec-Program Alan DeKok
