Re: [Help-gnu-radius] A Filter script in C

help-gnu-radius

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] A Filter script in C

From:	Erik DUH Olson
Subject:	Re: [Help-gnu-radius] A Filter script in C
Date:	Wed, 5 Oct 2005 13:57:08 -0400

Ah yes, you are correct.  Here is some additional info for implementing this
program

(btw Thank you for everything Sergey!)

I was looking for the easiest way to setup and maintain a user list, allow
members to access dial-up internet from home, and prevent abuse.   Radius
has so many features and capabilities, but all I wanted was to simply
authenticate users by their caller-ID against a couple of simple text files
and log what happens.  This is really just an extension of a small sample in
the docs, and boiling down what took me about 8 hours to learn (from
absolute scratch!) into three simple parts :

Program is compiled and named "pf1"

-------------------------- in file: "users" --------------------------

DEFAULT Auth-Type = Local,
                Simultaneous-Use = 1,
   Strip-User-Name = Yes,
   User-Password = mermaid
        Service-Type = Framed-User,
                Framed-Protocol = PPP,
          Ascend-Data-Filter = "ip in forward tcp est",
          Ascend-Data-Filter = "ip in forward dstip 66.77.41.0/24",
          Ascend-Data-Filter = "ip in drop tcp dstport = 25",
          Ascend-Data-Filter = "ip in drop tcp srcport = 80",
          Ascend-Data-Filter = "ip in forward",
   Exec-Program-Wait = "/usr/local/etc/raddb/pf1 %C{Calling-Station-Id}
%C{User-Name}",
          Session-Timeout=9999


--------------------------and appended to file:
"config"-----------------------------

filters {
  filter check_clid{
   exec-path "/usr/local/etc/raddb/pf1";
   error-log "/usr/local/etc/raddb/protel_filter.log";
   auth {
        input-format "%C{Calling-Station-Id} %C{User-Name}";
        wait-reply yes;
   };
  };
};




----- Original Message ----- 
From: "Sergey Poznyakoff" <address@hidden>
To: "Erik DUH Olson" <address@hidden>
Cc: <address@hidden>
Sent: Wednesday, October 05, 2005 3:53 PM
Subject: Re: [Help-gnu-radius] A Filter script in C


> Erik DUH Olson <address@hidden> wrote:
>
> > FYI - for anyone who might find this useful:
> >
> > Here is a simple filter that I wrote in standard C language.
>
> Thanks for all users of GNU Radius, Eric. Only a minor technical detail:
> this seems to be an external authentication program, not a filter. That
> is, it should be run via Exec-Program-Wait attribute, shouldn't it?
>
> Regards,
> Sergey
>
>
>
> _______________________________________________
> Help-gnu-radius mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-gnu-radius
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnu-radius] Filter script using PHP, Bill Neely, 2005/10/04
- Re: [Help-gnu-radius] Filter script using PHP, Sergey Poznyakoff, 2005/10/05
  - Re: [Help-gnu-radius] Filter script using PHP, Morten Winther, 2005/10/05
    - Re: [Help-gnu-radius] Filter script using PHP, Sergey Poznyakoff, 2005/10/05
    - [Help-gnu-radius] A Filter script in C, Erik DUH Olson, 2005/10/05
    - Re: [Help-gnu-radius] A Filter script in C, Sergey Poznyakoff, 2005/10/05
    - Re: [Help-gnu-radius] A Filter script in C, Erik DUH Olson <=
  - Re: [Help-gnu-radius] Filter script using PHP, Bill Neely, 2005/10/05

Prev by Date: Re: [Help-gnu-radius] Filter script using PHP
Next by Date: [Help-gnu-radius] Proxying
Previous by thread: Re: [Help-gnu-radius] A Filter script in C
Next by thread: Re: [Help-gnu-radius] Filter script using PHP
Index(es):
- Date
- Thread