I know I might be facing an impossible mission. What I do want is radiusd to write down every mac received in an Acces-Request, for later on deny access to those MAC.
I know the policies file is written in unlang, bad news are that radiusd does not have any write permissions on any of the conf files...
Anyway, was anyone capable of WRITTING to a file in the POLICY PROCESSING of FreeRADIUS?
What I want to achieve would be something like this:
raddb/sites-available/default
authorize {
rewrite_calling_station_id
unauthorized_macs
if(ok) {
reject
}
else {
update control {
Auth-Type := Accept
}
GET MAC FROM CALLIN_STATION_ID ATTRIBUTE
WRITE THIS F***ING MAC TO unauthorized_macs FILE
}
}
Thanks to Arran, I could solve this the following way:
authorize {
rewrite_calling_station_id
authMac
if(ok) {
reject
}
else {
linelog
update control {
Auth-Type := Accept
}
}
}
Where linelog is configured as follows: raddb/mods-enabled/linelog
linelog {
filename = /path/to/hell/authMac
format = "%{Calling-Station-ID}"
}
update request {
Tmp-String-0 := `echo "%{Calling-Station-ID}" >> "/path/to/f___ing_unauthorized_macs_file"`
}
There's also the linelog module which would be better in >= v3.0.x as it implements internal locking (in addition to flock) to prevent line interleaving.
See /etc/raddb/mods-available/linelog for examples.