[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ] Running an External Program

The command line can reference any attributes from both check and reply pairlists using attribute macros see section Macro Substitution.

Before the execution of the program, radiusd switches to uid and gid of the user daemon and the group daemon. You can override these defaults by setting the variable exec-program-user in the configuration file to a proper value. See section The option statement.

The daemon will wait until the program terminates. The return value of its execution determines whether the entry matches. If the program exits with a nonzero code, then the match fails. If it exits with a zero code, the match succeeds. In this case the standard output of the program is read and parsed as if it were a pairlist. The attributes thus obtained are added to the entry's reply attributes.


Suppose the ‘users’ file contains the following entry:

DEFAULT Auth-Type = System,
                Simultaneous-Use = 1
        Exec-Program-Wait = "/usr/local/sbin/telauth \
                             %C{User-Name} \

Then, upon successful matching, the program ‘/usr/local/sbin/telauth’ will be executed. It will get as its arguments the values of the User-Name and Calling-Station-Id attributes from the request pairs.

The ‘/usr/local/sbin/telauth’ can, for example, contain the following:

#! /bin/sh


if grep "$1:$2" $DB; then
    echo "Service-Type = Login,"
    echo "Session-Timeout = 1200"
    exit 0
    echo "Reply-Message = \
          \"You are not authorized to log in\""
    exit 1

It is assumed that ‘/var/db/userlist’ contains a list of username:caller-id pairs for those users that are authorized to use login service.

This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.