I think I found the issue. One of the value pairs being returned used a name
not defined in the dictionary file. The new name is similar leading me to
suspect the old name was deprecated and eventually replaced with a more clear
name.
Thanks all!
-craig
- Original Message -
From: Craig Campbell
To: FreeRadius users mailing list
Sent: Friday, November 12, 2010 6:24 AM
Subject: Output from Exec-Program-Wait in users file
Hi,
am migrating from an ancient radius install to FreeRADIUS Version 2.1.8
The system uses a custom authentication binary which we access from the users
file via,
DEFAULT NAS-IP-Address == 192.168.1.100, Auth-Type := Accept,
Simultaneous-Use := 1
Exec-Program-Wait = /usr/local/sbin/auth -X -U -u 5882626 --
%{User-Name} %{User-Password} %{%{Called-Station-Id}:-Missing}
%{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing}
%{%{NAS-Port-Type}:-Missing} %{Vendor-Specific} ,
Fall-Through = no
On the old version, the output from the EXEC was sent back in the Accept
packet..
Now is looks like the stdout form the Exec-Program-Wait is not being send
back but either dropped or misplaced.
++[sql] returns ok
+- entering group post-auth {...}
Exec-Program output: Framed-Compression=Van-Jacobsen-TCP-IP
Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0
Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800
Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER
ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
Exec-Program-Wait: plaintext: Framed-Compression=Van-Jacobsen-TCP-IP
Framed-Routing=None Framed-MTU=1500 Framed-IP-Netmask=255.255.255.0
Framed-Protocol=PPP Service-Type=Framed-User Idle-Timeout=1800
Session-Timeout=86400 ERX-Virtual-Router=SOMEROUTER
ERX-Ingress-Policy-Name=COMFORT_UP ERX-Egress-Policy-Name=COMFORT_DOWN
Exec-Program: returned: 0
++[exec] returns noop
Sending Access-Accept of id 248 to 192.168.1.100 port 5
Finished request 0.
Is there a way to direct the output from the Exec-Program into the Accept
packet?
As far as we can tell, we are sending back and empty Accept packet. The
values are calculated by the auth binary, so hard coding them would be very
difficult.
It's after 1am here, so I hope this won't seem obvious in the morning.
Any hints would be greatly appreciated.
Thanks so much,
-craig
--
Craig Campbell
craig.campb...@ccraft.ca
CampbellCraft Consulting Inc
2 Kenny Court
Whitby, Ontario
Canada
L1R 2L8
905 922-2789
__ Information from ESET Smart Security, version of virus signature
database 5612 (2010) __
The message was checked by ESET Smart Security.
http://www.eset.com
__ Information from ESET Smart Security, version of virus signature
database 5614 (20101112) __
The message was checked by ESET Smart Security.
http://www.eset.com
__ Information from ESET Smart Security, version of virus signature
database 5614 (20101112) __
The message was checked by ESET Smart Security.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html