In a previous thread I described my scenario: >My scenario is simple. When I receive an authentication request for a >user, I want to run an external program and if everything goes OK, >return access-accept with some attributes, otherwise I want to return >access-reject with other attributes.
This scenario is accomplished easily using the Exec-Program-Wait attribute in users file. When I try to accomplish the same thing with rlm_exec, as Doug Hardie and Alan suggested, I use configurable failover: radiusd.conf: exec callerid { wait=yes program=/space/radius/callerid.sh input_pairs = request output_pairs = reply packet_type = Access-Request } in users I have CLIDACTIVATE Auth-Type := Local, User-Password=="AAA", Autz-Type := CLID and in the authorize section of radiusd.conf Autz-Type CLID{ callerid { fail=reject } } In this case when the external script returns a non zero exit code or fails I get an Access-Reject. However I cannot put any attributes inside this reject packet. If my script outputs pairs and exits with a non zero status, the pairs are not kept in the reject packet sent back to the client. So my questions are: - is it possible to have attributes in reject packets in rlm_exec setups (something I can do with Exec-Program-Wait)? - is Exec-Program-Wait deprecated and probably removed in future versions? If so, how can I accomplish my scenario? I need to make a decision for an imminent project. Thanks in advance Kostas -- Kostas Zorbadelos Systems Developer, Otenet SA mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html