Previous: Running an External Program, Up: Exec-Program-Wait [Contents][Index]
If the value of Exec-Program-Wait attribute begins with ‘|’,
radiusd strips this character from the value and uses the
resulting string
as a name of the predefined external filter. Such filter must be
declared in raddb/config (see filters statement).
Let the users file contain the following entry:
DEFAULT Auth-Type = System,
Simultaneous-Use = 1
Exec-Program-Wait = "|myfilter"
and let the raddb/config contain the following 6:
filters {
filter myfilter {
exec-path "/usr/libexec/myfilter";
error-log "myfilter.log";
auth {
input-format "%C{User-Name}
%C{Calling-Station-Id}";
wait-reply yes;
};
};
};
Then, upon successful authentication, the program
/usr/libexec/myfilter will be invoked, if it hasn’t already been
started for this thread. Any output it sends to its standard error
will be redirected to the file myfilter.log in the current
logging directory. A string consisting of the user’s login name and
his calling station ID followed by a newline will be sent to the
program.
The following is a sample /usr/libexec/myfilter written
in the shell:
#! /bin/sh
DB=/var/db/userlist
while read NAME CLID
do
if grep "$1:$2" $DB; then
echo "0 Service-Type = Login, Session-Timeout = 1200"
else
echo "1 Reply-Message = \
\"You are not authorized to log in\""
fi
done
In this example the input-format statement has been
split on two lines to fit the page width. It must occupy a single line
in the real configuration file.