Re: Using Exec-Program = program %f
Paulo Angelo [EMAIL PROTECTED] wrote: I'm having some problems with Free Radius 0.4 when I try to execute a external program (a shell script). I've created a user in users file like: pa Auth-Type := Local, Password == pa Service-Type = Framed-User, Exec-Program = /root/sh %u %f, ... I can connect using this user, but it execute the program (/root/sh) like : /root/sh pa ?.?.?.? That's becasue the Framed-IP-Address does not exist yet. You've got to add it to the request, to send it to portslave. If portslave picks an IP address to use out of it's local pool, then it is IMPOSSIBLE to discover the Framed-IP-Address during the authentication part of RADIUS. You then MUST use the 'acct_users' file. See the latest CVS snapshot, in 'scripts/exec-program-wait' for some examples. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Exec-Program = program %f
At 02:27 PM 1/9/2002 -0500, [EMAIL PROTECTED] wrote: Paulo Angelo [EMAIL PROTECTED] wrote: I'm having some problems with Free Radius 0.4 when I try to execute a external program (a shell script). I've created a user in users file like: pa Auth-Type := Local, Password == pa Service-Type = Framed-User, Exec-Program = /root/sh %u %f, ... I can connect using this user, but it execute the program (/root/sh) like : /root/sh pa ?.?.?.? That's becasue the Framed-IP-Address does not exist yet. You've got to add it to the request, to send it to portslave. If portslave picks an IP address to use out of it's local pool, then it is IMPOSSIBLE to discover the Framed-IP-Address during the authentication part of RADIUS. Not quite, per the RFC, it is possible and allowed for the NAS to send this in an Access-Request, as a hint. However, I do not know of any NAS that actually do this, so Alan is correct that there is no way to determine this during the Authentication stage of RADIUS. So, long story short, you can't do that with radius because you've got the cart before the horse. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Exec-Program = program %f
But, using portslave-1.2.0pre12-8cl on a Linux box, it can't get the Framed IP address from the user, I don't know if the problem is with the Portslave or with the configuration or cause Free Radius really can't get the IP address. Not *quite* on-topic here, but I believe that's a bit of an older version. Instead of the linuxrouter site you probably picked it up from, try sourceforge - http://www.sourceforge.net/projects/portslave/ I found the older versions had some odd conventions for configuration, while the newer has better documentation and simpler conventions in its configuration. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Exec-Program = program %f
On Wed, 9 Jan 2002, Chris Parker wrote: Not quite, per the RFC, it is possible and allowed for the NAS to send this in an Access-Request, as a hint. However, I do not know of any NAS that actually do this, so Alan is correct that there is no way to determine this during the Authentication stage of RADIUS. So, long story short, you can't do that with radius because you've got the cart before the horse. -Chris Well, actually you can do it with cisco. See http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtrattr8.htm -- kkalev - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html