Hi Alan, Yes, that was the initial idea. However, $RAD_CHECK{User-Password}, at least according to my log file doesn't exist:
rad_recv: Access-Request packet from host 192.168.2.80:36905, id=35, length=194 User-Name = "[EMAIL PROTECTED]" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010e3139322e3136382e322e3830 Digest-Attributes = 0x022a34363966346236616264653232346338613638653136613561373935323739366466303763633861 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "08c1ee69ba91e6c3ef604a6173e2dfa2" Service-Type = IAPP-Register Sip-Uri-User = "101" NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070719' rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070719 modcall[authorize]: module "auth_log" returns ok for request 3 users: Matched entry DEFAULT at line 51 modcall[authorize]: module "files" returns ok for request 3 modcall[authorize]: module "digest" returns ok for request 3 perl_pool: item 0x94fefb0 asigned new request. Handled so far: 1 found interpetator at address 0x94fefb0 rlm_perl: RAD_REQUEST: Client-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: Digest-Response = 08c1ee69ba91e6c3ef604a6173e2dfa2 rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED] rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: NAS-Port = 5060 rlm_perl: RAD_REQUEST: Sip-Uri-User = 101 rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x95bd5c0) rlm_perl: RAD_CHECK: Auth-Type = perl rlm_perl: Added pair Auth-Type = perl perl_pool total/active/spare [32/0/32] Unreserve perl at address 0x94fefb0 modcall[authorize]: module "perl" returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type Perl auth: type "perl" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 perl_pool: item 0x95fede0 asigned new request. Handled so far: 1 found interpetator at address 0x95fede0 rlm_perl: RAD_REQUEST: Client-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: Digest-Response = 08c1ee69ba91e6c3ef604a6173e2dfa2 rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED] rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: NAS-Port = 5060 rlm_perl: RAD_REQUEST: Sip-Uri-User = 101 rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x96bd3f0) rlm_perl: RAD_CHECK: Auth-Type = perl rlm_perl: Added pair Auth-Type = perl perl_pool total/active/spare [32/0/32] Unreserve perl at address 0x95fede0 modcall[authenticate]: module "perl" returns ok for request 3 modcall: leaving group authenticate (returns ok) for request 3 Login OK: [EMAIL PROTECTED]/<no User-Password attribute>] (from client 192.168.2.80 port 5060) Sending Access-Accept of id 35 to 192.168.2.80 port 36905 Finished request 3 Going to the next request Aparently, the only thing that RAD_CHECK contains has inside is Auth-Type. Regards, Z2L ----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Tuesday, July 24, 2007 5:47:36 PM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question FreeRadius-ML wrote: > Now I understand you better, and I agree, that would constitute a much more > scalable method. In that case, I return to my previous question, do you have a > working rlm_perl script that does this, as I would like to see how this works. If you can write Perl code to get the clear-text password from the TCP server, then it's trivial. 1) get the password from the TCP server 2) $RAD_CHECK{User-Password} = "password" The whole *point* of the server design is to make everything as trivial as possible. As I've said before, tell the server what the clear text password is, and the server will figure out the rest. Re-implementing any authentication protocol that is already in FreeRADIUS is pointless and a waste of time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html