Rev 4 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# -*- text -*-## $Id: 0ca6bd8d27c25bf4f84fd27f97323b8961814d77 $## This is a more general example of the execute module.## This one is called "echo".## Attribute-Name = `%{echo:/path/to/program args}`## If you wish to execute an external program in more than# one section (e.g. 'authorize', 'pre_proxy', etc), then it# is probably best to define a different instance of the# 'exec' module for every section.## The return value of the program run determines the result# of the exec instance call as follows:# (See doc/configurable_failover for details)## < 0 : fail the module failed# = 0 : ok the module succeeded# = 1 : reject the module rejected the user# = 2 : fail the module failed# = 3 : ok the module succeeded# = 4 : handled the module has done everything to handle the request# = 5 : invalid the user's configuration entry was invalid# = 6 : userlock the user was locked out# = 7 : notfound the user was not found# = 8 : noop the module did nothing# = 9 : updated the module updated information in the request# > 9 : fail the module failed#exec echo {## Wait for the program to finish.## If we do NOT wait, then the program is "fire and# forget", and any output attributes from it are ignored.## If we are looking for the program to output# attributes, and want to add those attributes to the# request, then we MUST wait for the program to# finish, and therefore set 'wait=yes'## allowed values: {no, yes}wait = yes## The name of the program to execute, and it's# arguments. Dynamic translation is done on this# field, so things like the following example will# work.#program = "/bin/echo %{User-Name}"## The attributes which are placed into the# environment variables for the program.## Allowed values are:## request attributes from the request# config attributes from the configuration items list# reply attributes from the reply# proxy-request attributes from the proxy request# proxy-reply attributes from the proxy reply## Note that some attributes may not exist at some# stages. e.g. There may be no proxy-reply# attributes if this module is used in the# 'authorize' section.#input_pairs = request## Where to place the output attributes (if any) from# the executed program. The values allowed, and the# restrictions as to availability, are the same as# for the input_pairs.#output_pairs = reply## When to execute the program. If the packet# type does NOT match what's listed here, then# the module does NOT execute the program.## For a list of allowed packet types, see# the 'dictionary' file, and look for VALUEs# of the Packet-Type attribute.## By default, the module executes on ANY packet.# Un-comment out the following line to tell the# module to execute only if an Access-Accept is# being sent to the NAS.##packet_type = Access-Accept## Should we escape the environment variables?## If this is set, all the RADIUS attributes# are capitalised and dashes replaced with# underscores. Also, RADIUS values are surrounded# with double-quotes.## That is to say: User-Name=BobUser => USER_NAME="BobUser"shell_escape = yes## How long should we wait for the program to finish?## Default is 10 seconds, which should be plenty for nearly# anything. Range is 1 to 30 seconds. You are strongly# encouraged to NOT increase this value. Decreasing can# be used to cause authentication to fail sooner when you# know it's going to fail anyway due to the time taken,# thereby saving resources.##timeout = 10}