In a previous thread I described my scenario:
>My scenario is simple. When I receive an authentication request for a
>user, I want to run an external program and if everything goes OK,
>return access-accept with some attributes, otherwise I want to return
>access-reject with other attributes.
This scenario is accomplished easily using the Exec-Program-Wait
attribute in users file.
When I try to accomplish the same thing with rlm_exec, as Doug Hardie
and Alan suggested, I use configurable failover:
radiusd.conf:
exec callerid {
wait=yes
program=/space/radius/callerid.sh
input_pairs = request
output_pairs = reply
packet_type = Access-Request
}
in users I have
CLIDACTIVATE Auth-Type := Local, User-Password=="AAA", Autz-Type := CLID
and in the authorize section of radiusd.conf
Autz-Type CLID{
callerid {
fail=reject
}
}
In this case when the external script returns a non zero exit code or
fails I get an Access-Reject. However I cannot put any attributes
inside this reject packet. If my script outputs pairs and exits with a
non zero status, the pairs are not kept in the reject packet sent back
to the client. So my questions are:
- is it possible to have attributes in reject packets in rlm_exec
setups (something I can do with Exec-Program-Wait)?
- is Exec-Program-Wait deprecated and probably removed in future
versions? If so, how can I accomplish my scenario?
I need to make a decision for an imminent project.
Thanks in advance
Kostas
--
Kostas Zorbadelos
Systems Developer, Otenet SA
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
