1

I am using Freeradius v3 for my project, and I am executing an external php script to do some checks in the authorization section. What I am trying to achieve is to get multiple attribute-value pairs from the script like:

Auth-Type (control) : value
Reply-Message (reply) : value
...

So, for example, i would like to receive and Auth-Type = Accept plus a Reply-Message from the script.

I used this post: FreeRadius Reading attributes while executing external script as reference, and I tried to do as suggested but it isn't working.

Here is some code to explain what I'm doing:

1 - Authorize section 

    authorize{
            update{
                control: += `/usr/bin/php -f /path/to/script/test.php '%{User-Name}'`
            }
    ....

2 - Php script (echo section) 

            echo "Auth-Type = Accept,\n";
            echo "reply:WISPr-Redirection-URL = http://google.com,\n";
            echo "reply:Reply-Message = 'hello world'\n";

3 - Php output (as suggested from the linked post)

Auth-Type = Accept
reply:WISPr-Redirection-URL = http://google.com
reply:Reply-Message = 'hello world'

4 - Freeradius output

Proxying to virtual server test-server
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/test-server
(0)   authorize {
(0)     update {
(0)       Executing: /usr/bin/php -f /path/to/script/test.php '%{User-Name}':
(0)       EXPAND %{User-Name}
(0)          --> alice
(0)       ERROR: Failed parsing output from: /usr/bin/php -f /home/saiv/radius_script/test.php '%{User-Name}': Expecting operator
(0)       ERROR: Program returned code (0) and output 'Auth-Type = Accept, reply:WISPr-Redirection-URL = http://google.com, reply:Reply-Message = 'hello world''
(0)     } # update = fail
(0)   } # authorize = fail

If I remove the "reply:Reply-Message ..." and put only "Reply-Message:..." the output is accepted by freeradius but the Reply-Message avp goes under "control" and this is not correct.

(0)       Program returned code (0) and output 'Auth-Type = Accept, WISPr-Redirection-URL = http://google.com, Reply-Message = 'hello world''
(0)       control::Auth-Type = Accept
(0)       control::WISPr-Redirection-URL = http://google.com
(0)       control::Reply-Message = hello world

Can someone tell me what I am missing? Any help would be appreciated.

Community
  • 1
  • 1
JesperSG
  • 31
  • 5
  • Added a GitHub issue for you: https://github.com/FreeRADIUS/freeradius-server/issues/1860 It's not really a code bug... It's because the exec code uses a very old (v1.0.x) code path which needs to be removed. Unfortunately there's no v3.0.x API that provides equivalent functionality, so one will need to be rewritten. – Arran Cudbard-Bell Nov 25 '16 at 22:18

0 Answers0