Output from Exec-Program-Wait in users file

2010-11-12 Thread Craig Campbell
Hi,
am migrating from an ancient radius install to FreeRADIUS Version 2.1.8
The system uses a custom authentication binary which we access from the users 
file via,


  DEFAULT NAS-IP-Address == 192.168.1.100, Auth-Type := Accept, 
Simultaneous-Use := 1
  Exec-Program-Wait = /usr/local/sbin/auth -X -U -u 5882626 -- 
%{User-Name} %{User-Password} %{%{Called-Station-Id}:-Missing} 
%{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing} 
%{%{NAS-Port-Type}:-Missing} %{Vendor-Specific} ,
  Fall-Through = no

On the old version, the output from the EXEC was sent back in the Accept 
packet..

Now is looks like the stdout form the Exec-Program-Wait is not being send back 
but either dropped or misplaced.

  ++[sql] returns ok
  +- entering group post-auth {...}
  Exec-Program output: Framed-Compression=Van-Jacobsen-TCP-IP 
Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 
Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 
Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER 
ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
  Exec-Program-Wait: plaintext: Framed-Compression=Van-Jacobsen-TCP-IP 
Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 
Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 
Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER 
ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
  Exec-Program: returned: 0
  ++[exec] returns noop
  Sending Access-Accept of id 248 to 192.168.1.100 port 5
  Finished request 0.
Is there a way to direct the output from the Exec-Program into the Accept 
packet?  

As far as we can tell, we are sending back and empty Accept packet.  The values 
are calculated by the auth binary, so hard coding them would be very difficult.

It's after 1am here, so I hope this won't seem obvious in the morning.

Any hints would be greatly appreciated.

Thanks so much,
-craig




Craig Campbell 
craig.campb...@ccraft.ca 
CampbellCraft Consulting Inc
2 Kenny Court 
Whitby, Ontario 
Canada 
L1R 2L8 
905 922-2789 

 



__ Information from ESET Smart Security, version of virus signature 
database 5612 (2010) __

The message was checked by ESET Smart Security.

http://www.eset.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Output from Exec-Program-Wait in users file

2010-11-12 Thread Craig Campbell
I think I found the issue.  One of the value pairs being returned used a name 
not defined in the dictionary file.  The new name is similar leading me to 
suspect the old name was deprecated and eventually replaced with a more clear 
name.

Thanks all!
-craig
  - Original Message - 
  From: Craig Campbell 
  To: FreeRadius users mailing list 
  Sent: Friday, November 12, 2010 6:24 AM
  Subject: Output from Exec-Program-Wait in users file


  Hi,
  am migrating from an ancient radius install to FreeRADIUS Version 2.1.8
  The system uses a custom authentication binary which we access from the users 
file via,


DEFAULT NAS-IP-Address == 192.168.1.100, Auth-Type := Accept, 
Simultaneous-Use := 1
Exec-Program-Wait = /usr/local/sbin/auth -X -U -u 5882626 -- 
%{User-Name} %{User-Password} %{%{Called-Station-Id}:-Missing} 
%{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing} 
%{%{NAS-Port-Type}:-Missing} %{Vendor-Specific} ,
Fall-Through = no

  On the old version, the output from the EXEC was sent back in the Accept 
packet..

  Now is looks like the stdout form the Exec-Program-Wait is not being send 
back but either dropped or misplaced.

++[sql] returns ok
+- entering group post-auth {...}
Exec-Program output: Framed-Compression=Van-Jacobsen-TCP-IP 
Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 
Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 
Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER 
ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
Exec-Program-Wait: plaintext: Framed-Compression=Van-Jacobsen-TCP-IP 
Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0 
Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800 
Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER 
ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
Exec-Program: returned: 0
++[exec] returns noop
Sending Access-Accept of id 248 to 192.168.1.100 port 5
Finished request 0.
  Is there a way to direct the output from the Exec-Program into the Accept 
packet?  

  As far as we can tell, we are sending back and empty Accept packet.  The 
values are calculated by the auth binary, so hard coding them would be very 
difficult.

  It's after 1am here, so I hope this won't seem obvious in the morning.

  Any hints would be greatly appreciated.

  Thanks so much,
  -craig



--
  Craig Campbell 
  craig.campb...@ccraft.ca 
  CampbellCraft Consulting Inc
  2 Kenny Court 
  Whitby, Ontario 
  Canada 
  L1R 2L8 
  905 922-2789 

   



  __ Information from ESET Smart Security, version of virus signature 
database 5612 (2010) __

  The message was checked by ESET Smart Security.

  http://www.eset.com


  __ Information from ESET Smart Security, version of virus signature 
database 5614 (20101112) __

  The message was checked by ESET Smart Security.

  http://www.eset.com



__ Information from ESET Smart Security, version of virus signature 
database 5614 (20101112) __

The message was checked by ESET Smart Security.

http://www.eset.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html