问题
Can someone give me a hint, how to modify Freeradius to read other attributes from an external script.
I have this
update control {
Auth-Type := `/usr/bin/php -f /web/auth.php '%{NAS-Identifier} %{Calling-Station-Id}'`
}
But the reply right now can be only Access or Reject , but I would like to set also some attributes more like a bandwidth limitation to this user like
output
Accept
WISPr-Bandwidth-Max-Up: xxx
WISPr-Bandwidth-Max-Down: xxx
WISPr-Redirection-URL: http://google.com
I can achieve this ?
System: Ubuntu 14.04
radiusd: FreeRADIUS Version 2.2.5, for host x86_64-unknown-linux-gnu, built on Aug 6 2014 at 15:08:48
update
How about preacct
and accounting
section ? I see that once router is rebooted it must keep Calling Station in "mind" and re-authenticate it once it will boot.
It is possible to add
accounting {
exec
update control {
Auth-Type := "%{reply:Auth-Type}"
}
...
}
there?
回答1:
Hm, that's not valid syntax for version 2. You need to modify raddb/modules/exec
and call it in the authorize section.
Version 2
For the exec module configuration you want:
wait = yes
program = "/usr/bin/php -f /web/auth.php '%{NAS-Identifier} %{Calling-Station-Id}'"
output_pairs = reply
Then in authorize:
authorize {
exec
update control {
Auth-Type := "%{reply:Auth-Type}"
}
...
}
Then modify your script output to be:
Auth-Type = Accept
WISPr-Bandwidth-Max-Up = xxx
WISPr-Bandwidth-Max-Down = xxx
WISPr-Redirection-URL = http://google.com
Version 3
Version 3 supports attribute assignment similar to what you've posted, but it'd be:
update {
control: += `/usr/bin/php -f /web/auth.php '%{NAS-Identifier} %{Calling-Station-Id}'`
}
Then modify your script output to be:
Auth-Type = Accept
reply:WISPr-Bandwidth-Max-Up = xxx
reply:WISPr-Bandwidth-Max-Down = xxx
reply:WISPr-Redirection-URL = http://google.com
来源:https://stackoverflow.com/questions/26442693/freeradius-reading-attributes-while-executing-external-script