| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
If the value of Exec-Program-Wait attribute begins with ‘|’,
radiusd strips this character from the value and uses the
resulting string
as a name of the predefined external filter. Such filter must be
declared in ‘raddb/config’ (see section filters statement).
Let the ‘users’ file contain the following entry:
DEFAULT Auth-Type = System,
Simultaneous-Use = 1
Exec-Program-Wait = "|myfilter"
|
and let the ‘raddb/config’ contain the following (6):
filters {
filter myfilter {
exec-path "/usr/libexec/myfilter";
error-log "myfilter.log";
auth {
input-format "%C{User-Name}
%C{Calling-Station-Id}";
wait-reply yes;
};
};
};
|
Then, upon successful authentication, the program
/usr/libexec/myfilter will be invoked, if it hasn't already been
started for this thread. Any output it sends to its standard error
will be redirected to the file ‘myfilter.log’ in the current
logging directory. A string consisting of the user's login name and
his calling station ID followed by a newline will be sent to the
program.
The following is a sample /usr/libexec/myfilter written
in the shell:
#! /bin/sh
DB=/var/db/userlist
while read NAME CLID
do
if grep "$1:$2" $DB; then
echo "0 Service-Type = Login, Session-Timeout = 1200"
else
echo "1 Reply-Message = \
\"You are not authorized to log in\""
fi
done
|
This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.