[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ] Using an External Filter

If the value of Exec-Program-Wait attribute begins with ‘|’, radiusd strips this character from the value and uses the resulting string as a name of the predefined external filter. Such filter must be declared in ‘raddb/config’ (see section filters statement).


Let the ‘users’ file contain the following entry:

DEFAULT Auth-Type = System,
                Simultaneous-Use = 1
        Exec-Program-Wait = "|myfilter"

and let the ‘raddb/config’ contain the following (6):

filters {
    filter myfilter {
        exec-path "/usr/libexec/myfilter";
        error-log "myfilter.log";
        auth {
            input-format "%C{User-Name}
            wait-reply yes;

Then, upon successful authentication, the program /usr/libexec/myfilter will be invoked, if it hasn't already been started for this thread. Any output it sends to its standard error will be redirected to the file ‘myfilter.log’ in the current logging directory. A string consisting of the user's login name and his calling station ID followed by a newline will be sent to the program.

The following is a sample /usr/libexec/myfilter written in the shell:

#! /bin/sh


while read NAME CLID
    if grep "$1:$2" $DB; then
        echo "0 Service-Type = Login, Session-Timeout = 1200"
        echo "1 Reply-Message = \
              \"You are not authorized to log in\""

This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.