Hi Mike,
1. Please remember that the first step is the authorization. The value of
Auth-Type must be returned from this step. In my case I put files in the
"authorize" section because this module looks into the users file and gets
the Auth-Type parameter.
Check if your authorize section looks like:
authorize {
preprocess
files
}
2. A simpler "authenticate" section:
authenticate {
perl
}
3. A simpler "modules" section:
modules{
...
...
perl {
module = /usr/local/etc/raddb/voip.pl
func_accounting = accounting
func_authentication = authenticate
func_preacct = preacct
func_checksimul = checksimul
func_xlat = xlat
}
...
...
}
4. And don't forget the line in the users file.
DEFAULT Auth-Type := perl_1
Regards,
Humberto Quintana
Doxum Technologies
P.S. I know that in my previous example, the "authenticate" and "modules"
sections have extra parameters but they allow me to understand how
freeradius use different instances of the same module. Especially if you
try huntgroups :)
> Date: Tue, 17 Feb 2004 22:02:32 +0800
> From: Michael Groeneweg <[EMAIL PROTECTED]>
> Organization: IT Services, Murdoch University
> To: [EMAIL PROTECTED]
> Subject: Re: rlm_perl & Auth-Type
> Reply-To: [EMAIL PROTECTED]
>
> Alan DeKok wrote:
>
> >Mike Groeneweg <[EMAIL PROTECTED]> wrote:
> >
> >
> >>I tried making your suggested config changes, but still no luck.
> >>
> >>
> >
> > They won' work.
> >
> confirmed :-)
>
> >
> >
> >
> >>authenticate {
> >> authtype perl_1 {
> >> perl
> >> }
> >> files
> >>}
> >>
> >>
> >
> > That won't work. The "files" module doesn't do authentication.
> >
> Nor did I expect it, but it's the only bit of configuration that seems
> to make radiusd even bother to call the designated Perl module for an
> authentication request.
>
> When I leave out the 'files' part from the authenticate configuration
> section, and I attempt to do authentication against the radius server, I
> am always getting this fom the debug: ie no Auth-Type found...
>
> As per my e-mail from yesterday:
> Mon Feb 16 09:56:31 2004 : Debug: --- Walking the entire request list ---
> Mon Feb 16 09:56:31 2004 : Debug: Thread 1 handling request 0, (1
> handled so far)
> Mon Feb 16 09:56:31 2004 : Debug: Threads: total/active/spare threads =
> 5/1/4
> Mon Feb 16 09:56:31 2004 : Debug: Waking up in 5 seconds...
> User-Name = "testuser"
> User-Password = "testpasswd"
> NAS-IP-Address = 134.115.81.61
> Framed-Protocol = PPP
> Mon Feb 16 09:56:31 2004 : Debug: modcall: entering group authorize for
> request 0
> Mon Feb 16 09:56:31 2004 : Debug: modsingle[authorize]: calling perl
> (rlm_perl) for request 0
> Mon Feb 16 09:56:31 2004 : Debug: perl_pool: item 0x8117340 asigned new
> request. Handled so far: 1
> Mon Feb 16 09:56:31 2004 : Debug: found interpetator at address 0x8117340
> Mon Feb 16 09:56:31 2004 : Debug: perl_pool total/active/spare [5/0/5]
> Mon Feb 16 09:56:31 2004 : Debug: Unreserve perl at address 0x8117340
> Mon Feb 16 09:56:31 2004 : Debug: modsingle[authorize]: returned from
> perl (rlm_perl) for request 0
> Mon Feb 16 09:56:31 2004 : Debug: modcall[authorize]: module "perl"
> returns ok for request 0
> Mon Feb 16 09:56:31 2004 : Debug: modcall: group authorize returns ok
> for request 0
> Mon Feb 16 09:56:31 2004 : Debug: auth: No authenticate method
> (Auth-Type) configuration found for the request: Rejecting the user
> Mon Feb 16 09:56:31 2004 : Debug: auth: Failed to validate the user.
>
>
> >>What is the keyword 'files' doing to radiusd, that now makes radiusd
> >>look to my authentication type 'perl_1' ?
> >>
> >>
> >
> > It doesn't.
> >
> >
> Ok, but I don't understand why it does or doesn't. I would like to
> understand the logic a lot better... hence these posts.
>
> >
> >
> >>>DEFAULT Auth-Type := perl_1
> >>>
> >>>-My radiusd.conf 's relevant sections
> >>>
> >>>modules {
> >>>...
> >>>...
> >>> perl voip {
> >>>
> >>>
> >
> > But no "perl_1".
> >
>
> That's not my config, that was the other config snippet provided by
> Humberto. And as I said, I tried it, and it didn't work for me either.
>
> >>>authenticate {
> >>>
> >>> authtype perl_1 {
> >>> voip
> >>> }
> >>>
> >>>
> >
> > I don't see why all of this extra configuration is necessary.
> >
> >
> I'm not sure it's needed either. If I could get radiusd to use Perl to
> do my authentication, I wouldn't be posting here.
>
> > ALan Dekok.
> >
> Thanks for your time,
> Mike G
>
>
>
>
>
> --__--__--
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
