[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] A Filter script in C
From: |
Erik DUH Olson |
Subject: |
Re: [Help-gnu-radius] A Filter script in C |
Date: |
Wed, 5 Oct 2005 13:57:08 -0400 |
Ah yes, you are correct. Here is some additional info for implementing this
program
(btw Thank you for everything Sergey!)
I was looking for the easiest way to setup and maintain a user list, allow
members to access dial-up internet from home, and prevent abuse. Radius
has so many features and capabilities, but all I wanted was to simply
authenticate users by their caller-ID against a couple of simple text files
and log what happens. This is really just an extension of a small sample in
the docs, and boiling down what took me about 8 hours to learn (from
absolute scratch!) into three simple parts :
Program is compiled and named "pf1"
-------------------------- in file: "users" --------------------------
DEFAULT Auth-Type = Local,
Simultaneous-Use = 1,
Strip-User-Name = Yes,
User-Password = mermaid
Service-Type = Framed-User,
Framed-Protocol = PPP,
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip 66.77.41.0/24",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in drop tcp srcport = 80",
Ascend-Data-Filter = "ip in forward",
Exec-Program-Wait = "/usr/local/etc/raddb/pf1 %C{Calling-Station-Id}
%C{User-Name}",
Session-Timeout=9999
--------------------------and appended to file:
"config"-----------------------------
filters {
filter check_clid{
exec-path "/usr/local/etc/raddb/pf1";
error-log "/usr/local/etc/raddb/protel_filter.log";
auth {
input-format "%C{Calling-Station-Id} %C{User-Name}";
wait-reply yes;
};
};
};
----- Original Message -----
From: "Sergey Poznyakoff" <address@hidden>
To: "Erik DUH Olson" <address@hidden>
Cc: <address@hidden>
Sent: Wednesday, October 05, 2005 3:53 PM
Subject: Re: [Help-gnu-radius] A Filter script in C
> Erik DUH Olson <address@hidden> wrote:
>
> > FYI - for anyone who might find this useful:
> >
> > Here is a simple filter that I wrote in standard C language.
>
> Thanks for all users of GNU Radius, Eric. Only a minor technical detail:
> this seems to be an external authentication program, not a filter. That
> is, it should be run via Exec-Program-Wait attribute, shouldn't it?
>
> Regards,
> Sergey
>
>
>
> _______________________________________________
> Help-gnu-radius mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-gnu-radius
>
Re: [Help-gnu-radius] Filter script using PHP, Bill Neely, 2005/10/05