| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Let's suppose we further modify our filter to also handle accounting requests. To discern between the authentication and accounting requests we'll prefix each authentication request with the word ‘auth’ and each accounting request with the word ‘acct’. Furthermore, the input line for accounting requests will contain a timestamp.
Now, our filter program will look as follows:
#! /bin/sh
AUTH_DB=/var/db/userlist
ACCT_DB=/var/db/acct.db
while read CODE NAME CLID DATE
do
case CODE
auth)
if grep "$1:$2" $DB; then
echo "0 Service-Type = Login, \
Session-Timeout = 1200"
else
echo "1 Reply-Message = \
\"You are not authorized to log in\""
fi
acct)
echo "$CODE $NAME $CLID $DATE" >> $ACCT_DB
done
|
Its declaration in the ‘raddb/config’ will also change:
filter check_clid {
exec-path "/usr/libexec/myfilter";
error-log "myfilter.log";
auth {
input-format "auth %C{User-Name}
%C{Calling-Station-Id}";
wait-reply yes;
};
acct {
input-format "acct %C{User-Name}
%C{Calling-Station-Id} %D";
wait-reply no;
};
};
|
(The input-format lines are split for readability. Each of them
is actually one line).
Notice wait-reply no in the acct statement. It
tells radiusd that it shouldn't wait for the response on
accounting requests from the filter.
This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.