> OK, use the "perl" module to re-write the attribute. There is an
> "example.pl" distributed with the server that should be a good start.
>
> Alan DeKok.
I 'm trying to use the perl module to authenticate users removing white spaces
from NT-Password. This is my remove_white_spaces.pl:
use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK %RAD_CONFIG %RAD_PROXY
%RAD_PROXY_REPLY);
use Data::Dumper;
use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the
request */
use constant RLM_MODULE_FAIL=> 1;# /* module failed, don't
reply */
use constant RLM_MODULE_OK=> 2;# /* the module is OK,
continue */
use constant RLM_MODULE_HANDLED=> 3;# /* the module handled the
request, so stop. */
use constant RLM_MODULE_INVALID=> 4;# /* the module considers the
request invalid. */
use constant RLM_MODULE_USERLOCK=> 5;# /* reject the request (user
is locked out) */
use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found */
use constant RLM_MODULE_NOOP=> 7;# /* module succeeded without
doing anything */
use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */
use constant RLM_MODULE_NUMCODES=> 9;# /* How many return codes
there are */
sub hex_to_ascii ($)
{
# Convert each two-digit hex number back to an ASCII character.
(my $str = shift) =~ s/([a-fA-F0-9]{2})/chr(hex $1)/eg;
return $str;
}
sub ascii_to_hex ($)
{
## Convert each ASCII character to a two-digit hex number.
(my $str = shift) =~ s/(.|\n)/sprintf("%02lx", ord $1)/eg;
return $str;
}
# Function to handle authorize
sub authorize {
my $h_str = $RAD_CHECK{'NT-Password'};
&radiusd::radlog(1, "NT-Password (hex) ..... $h_str");
my $a_str = hex_to_ascii $h_str;
$a_str=~s/(\s)+$//;
$a_str=~s/(0x)//;
&radiusd::radlog(1, "NT-Password (ascii) ..... $a_str");
$h_str = ascii_to_hex $a_str;
$RAD_CHECK{'NT-Password'}=$h_str;
&radiusd::radlog(1, "NT-Password ..... $RAD_CHECK{'NT-Password'}");
return RLM_MODULE_OK;
}
In radiusd.conf...
perl {
module = /usr/local/radius/scripts_perl/quitar_espacios.pl
max_clones = 32
start_clones = 5
min_spare_clones = 3
max_spare_clones = 3
cleanup_delay = 5
max_request_perl_clone = 0
}
authorize {
preprocess
suffix
files
Autz-Type LDAP_UNEX_ES{
ldap_unex_es
perl
}
mschap
eap
}
The debug information is:
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap_unex_es" returns ok for request 6
perl_pool: item 0x835eb10 asigned new request. Handled so far: 3
found interpetator at address 0x835eb10
rlm_perl: NT-Password (hex) .....
0x303642313145334439343130323145314135433531433638363846324630453620202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020
rlm_perl: NT-Password (ascii) ..... 06B11E3D941021E1A5C51C6868F2F0E6
rlm_perl: NT-Password .....
3036423131453344393431303231453141354335314336383638463246304536
rlm_perl: Added pair NT-Password =
3036423131453344393431303231453141354335314336383638463246304536
rlm_perl: Added pair User-Password = 76027476
rlm_perl: Added pair Autz-Type = LDAP_UNEX_ES
rlm_perl: Added pair Simultaneous-Use = 1
rlm_perl: Added pair Auth-Type = EAP
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x835eb10
modcall[authorize]: module "perl" returns ok for request 6
modcall: leaving group LDAP_UNEX_ES (returns ok) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
rlm_mschap: Invalid NT-Password <----
rlm_mschap: Told to do MS-CHAPv2 for 02747632 with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
Login incorrect: [02747632/<no User-Password attribute>] (from client localhost
port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
...
I don't know what is the problem: NT-Password is hexadecimal? incorrect use of
perl module?...
Thank you specially to Alan
_________________________________________________________________
Llama a tus amigos de PC a PC: ¡Es GRATIS!
http://get.live.com/messenger/overview
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
