Ok, debug logs and config files are attached. It looks like the problem could be with rlm_perl. as the proxying happens correctly if we disable the perl module completely. However, even with no logic happening in the perl script, additional \'s are added to the attributes.
Please see the attached log of a login attempt for Username: "murray/A\" Password: "A\" which is eventually proxied as User-Name = "A\\\\\\\\" User-Password = "A\\\\\\\\" Thanks, Murray On Fri, Sep 3, 2010 at 3:33 PM, Alan DeKok <[email protected]> wrote: > > Murray Long wrote: > > I am running the latest version provided by Ubuntu, 2.1.8+dfsg-1ubuntu1 > > Is this not considered recent? > > I will try 2.1.9 from the freeradius site and see how that goes. > > Well.. it works in the current 2.1.x branch. > > How about posting debug logs? > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
perl_module.pm
Description: Perl program
radiusd.conf
Description: Binary data
FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan 5 2010 at 02:49:11
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
main {
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log sectiong {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
log_stripped_names = no
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
realm murray {
authhost = 10.0.0.101:1812
accthost = 10.0.0.101:1813
secret = secret
}
realm NULL {
}
realm default {
}
realm default {
} # realm default
radiusd: #### Loading Clients ####
client 0.0.0.0/0 {
require_message_authenticator = no
secret = "secret"
shortname = "swak"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
}
radiusd: #### Loading Virtual Servers ####
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_perl
Module: Instantiating perl
perl {
module = "/etc/freeradius/perl_module.pm"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_post_auth = "post_auth"
func_recv_coa = "recv_coa"
func_send_coa = "send_coa"
}
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "crypt"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating realm_prefix
realm realm_prefix {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile = "/var/log/freeradius/radacct/%{NAS-Identifier}/%Y-%m-%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 1812
}
listen {
type = "acct"
ipaddr = *
port = 1813
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Status-Server packet from host 127.0.0.1 port 38491, id=0, length=38
Message-Authenticator = 0xc44a740cab44e7f179b72fcef5b04aed
Sending Access-Accept of id 0 to 127.0.0.1 port 38491
Finished request 0.
Cleaning up request 0 ID 0 with timestamp +16
Going to the next request
Ready to process requests.
rad_recv: Status-Server packet from host 127.0.0.1 port 38491, id=0, length=38
Message-Authenticator = 0x6f208540d294d5a4c81edf6f6baf2b36
Sending Accounting-Response of id 0 to 127.0.0.1 port 38491
Finished request 1.
Cleaning up request 1 ID 0 with timestamp +26
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.29 port 54090, id=129, length=327
ChilliSpot-Version = "1.2.3-rc1"
User-Name = "murray/A\\\\"
User-Password = "A\\\\"
NAS-IP-Address = 101.208.222.1
Service-Type = Login-User
Framed-IP-Address = 101.208.222.2
Calling-Station-Id = "00-24-21-45-69-7F"
Called-Station-Id = "00-15-6D-AD-D0-DE"
NAS-Identifier = "skyrove_wifi_0915"
Acct-Session-Id = "4c810c4200000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Skyrove Dev Stelio"
WISPr-Location-Name = "Skyrove_Dev_Stelio"
WISPr-Logoff-URL = "http://101.208.222.1:3990/logoff";
Message-Authenticator = 0x4fa2dae1e65a1a48ac2ceda85d60839a
+- entering group authorize {...}
++[preprocess] returns ok
++[control] returns ok
[realm_prefix] Looking up realm "murray" for User-Name = "murray/A\\"
[realm_prefix] Found realm "murray"
[realm_prefix] Adding Stripped-User-Name = "A\\"
[realm_prefix] Adding Realm = "murray"
[realm_prefix] Proxying request from user A\\ to realm murray
[realm_prefix] Preparing to proxy authentication request to realm "murray"
++[realm_prefix] returns updated
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair WISPr-Logoff-URL = http://101.208.222.1:3990/logoff
rlm_perl: Added pair Acct-Session-Id = 4c810c4200000001
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair Called-Station-Id = 00-15-6D-AD-D0-DE
rlm_perl: Added pair Message-Authenticator = 0x4fa2dae1e65a1a48ac2ceda85d60839a
rlm_perl: Added pair Realm = murray
rlm_perl: Added pair NAS-IP-Address = 101.208.222.1
rlm_perl: Added pair ChilliSpot-Version = 1.2.3-rc1
rlm_perl: Added pair Calling-Station-Id = 00-24-21-45-69-7F
rlm_perl: Added pair WISPr-Location-ID = isocc=,cc=,ac=,network=Coova,Skyrove Dev Stelio
rlm_perl: Added pair User-Name = murray/A\\\\
rlm_perl: Added pair User-Password = A\\\\
rlm_perl: Added pair NAS-Identifier = skyrove_wifi_0915
rlm_perl: Added pair Framed-IP-Address = 101.208.222.2
rlm_perl: Added pair Stripped-User-Name = A\\\\
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair WISPr-Location-Name = Skyrove_Dev_Stelio
rlm_perl: Added pair Auth-Type = Perl
rlm_perl: Added pair Proxy-To-Realm = murray
++[perl] returns noop
++[chap] returns noop
[detail] expand: /var/log/freeradius/radacct/%{NAS-Identifier}/%Y-%m-%d -> /var/log/freeradius/radacct/skyrove_wifi_0915/2010-09-03
[detail] /var/log/freeradius/radacct/%{NAS-Identifier}/%Y-%m-%d expands to /var/log/freeradius/radacct/skyrove_wifi_0915/2010-09-03
[detail] expand: %t -> Fri Sep 3 17:01:21 2010
++[detail] returns ok
WARNING: Empty section. Using default return values.
Sending Access-Request of id 102 to 10.0.0.101 port 1812
NAS-Port-Type = Wireless-802.11
WISPr-Logoff-URL = "http://101.208.222.1:3990/logoff";
Acct-Session-Id = "4c810c4200000001"
Service-Type = Login-User
Called-Station-Id = "00-15-6D-AD-D0-DE"
Message-Authenticator = 0x00000000000000000000000000000000
NAS-IP-Address = 101.208.222.1
ChilliSpot-Version = "1.2.3-rc1"
Calling-Station-Id = "00-24-21-45-69-7F"
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Skyrove Dev Stelio"
User-Name = "A\\\\\\\\"
User-Password = "A\\\\\\\\"
NAS-Identifier = "skyrove_wifi_0915"
Framed-IP-Address = 101.208.222.2
NAS-Port = 1
WISPr-Location-Name = "Skyrove_Dev_Stelio"
Proxy-State = 0x313239
Proxying request 2 to home server 10.0.0.101 port 1812
Sending Access-Request of id 102 to 10.0.0.101 port 1812
NAS-Port-Type = Wireless-802.11
WISPr-Logoff-URL = "http://101.208.222.1:3990/logoff";
Acct-Session-Id = "4c810c4200000001"
Service-Type = Login-User
Called-Station-Id = "00-15-6D-AD-D0-DE"
Message-Authenticator = 0x00000000000000000000000000000000
NAS-IP-Address = 101.208.222.1
ChilliSpot-Version = "1.2.3-rc1"
Calling-Station-Id = "00-24-21-45-69-7F"
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Skyrove Dev Stelio"
User-Name = "A\\\\\\\\"
User-Password = "A\\\\\\\\"
NAS-Identifier = "skyrove_wifi_0915"
Framed-IP-Address = 101.208.222.2
NAS-Port = 1
WISPr-Location-Name = "Skyrove_Dev_Stelio"
Proxy-State = 0x313239
Going to the next request
Waking up in 0.9 seconds.
Waking up in 13.0 seconds.
rad_recv: Status-Server packet from host 127.0.0.1 port 38491, id=0, length=38
Message-Authenticator = 0x9a6927a170719138534506de6f9ceaf5
Sending Access-Accept of id 0 to 127.0.0.1 port 38491
Finished request 3.
Cleaning up request 3 ID 0 with timestamp +44
Going to the next request
Waking up in 2.6 seconds.
Marking home server 10.0.0.101 port 1812 as zombie (it looks like it is dead).
Waking up in 1.4 seconds.
rad_recv: Access-Request packet from host 10.0.0.29 port 54090, id=129, length=327
Discarding duplicate request from client swak port 54090 - ID: 129 due to unfinished request 2
Waking up in 0.5 seconds.
Waking up in 2.2 seconds.
Waking up in 3.3 seconds.
Waking up in 5.0 seconds.
rad_recv: Status-Server packet from host 127.0.0.1 port 38491, id=0, length=38
Message-Authenticator = 0x9a4ce8b3ee8f4e743ac881682598d259
Sending Accounting-Response of id 0 to 127.0.0.1 port 38491
Finished request 4.
Cleaning up request 4 ID 0 with timestamp +56
Going to the next request
Waking up in 2.8 seconds.
Waking up in 7.5 seconds.
rad_recv: Access-Request packet from host 10.0.0.29 port 54090, id=129, length=327
Discarding duplicate request from client swak port 54090 - ID: 129 due to unfinished request 2
Waking up in 3.7 seconds.
Cleaning up request 2 ID 129 with timestamp +32
Ready to process requests.
rad_recv: Status-Server packet from host 127.0.0.1 port 38491, id=0, length=38
Message-Authenticator = 0xf3bba31a5e777dfc65342219a8f952a5
Sending Access-Accept of id 0 to 127.0.0.1 port 38491
Finished request 5.
Cleaning up request 5 ID 0 with timestamp +74
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.29 port 54090, id=129, length=327
ChilliSpot-Version = "1.2.3-rc1"
User-Name = "murray/A\\\\"
User-Password = "A\\\\"
NAS-IP-Address = 101.208.222.1
Service-Type = Login-User
Framed-IP-Address = 101.208.222.2
Calling-Station-Id = "00-24-21-45-69-7F"
Called-Station-Id = "00-15-6D-AD-D0-DE"
NAS-Identifier = "skyrove_wifi_0915"
Acct-Session-Id = "4c810c4200000001"
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Skyrove Dev Stelio"
WISPr-Location-Name = "Skyrove_Dev_Stelio"
WISPr-Logoff-URL = "http://101.208.222.1:3990/logoff";
Message-Authenticator = 0x4fa2dae1e65a1a48ac2ceda85d60839a
+- entering group authorize {...}
++[preprocess] returns ok
++[control] returns ok
[realm_prefix] Looking up realm "murray" for User-Name = "murray/A\\"
[realm_prefix] Found realm "murray"
[realm_prefix] Adding Stripped-User-Name = "A\\"
[realm_prefix] Adding Realm = "murray"
[realm_prefix] Proxying request from user A\\ to realm murray
[realm_prefix] Preparing to proxy authentication request to realm "murray"
++[realm_prefix] returns updated
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair WISPr-Logoff-URL = http://101.208.222.1:3990/logoff
rlm_perl: Added pair Acct-Session-Id = 4c810c4200000001
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair Called-Station-Id = 00-15-6D-AD-D0-DE
rlm_perl: Added pair Message-Authenticator = 0x4fa2dae1e65a1a48ac2ceda85d60839a
rlm_perl: Added pair Realm = murray
rlm_perl: Added pair NAS-IP-Address = 101.208.222.1
rlm_perl: Added pair ChilliSpot-Version = 1.2.3-rc1
rlm_perl: Added pair Calling-Station-Id = 00-24-21-45-69-7F
rlm_perl: Added pair WISPr-Location-ID = isocc=,cc=,ac=,network=Coova,Skyrove Dev Stelio
rlm_perl: Added pair User-Name = murray/A\\\\
rlm_perl: Added pair User-Password = A\\\\
rlm_perl: Added pair NAS-Identifier = skyrove_wifi_0915
rlm_perl: Added pair Framed-IP-Address = 101.208.222.2
rlm_perl: Added pair Stripped-User-Name = A\\\\
rlm_perl: Added pair NAS-Port = 1
rlm_perl: Added pair WISPr-Location-Name = Skyrove_Dev_Stelio
rlm_perl: Added pair Auth-Type = Perl
rlm_perl: Added pair Proxy-To-Realm = murray
++[perl] returns noop
++[chap] returns noop
[detail] expand: /var/log/freeradius/radacct/%{NAS-Identifier}/%Y-%m-%d -> /var/log/freeradius/radacct/skyrove_wifi_0915/2010-09-03
[detail] /var/log/freeradius/radacct/%{NAS-Identifier}/%Y-%m-%d expands to /var/log/freeradius/radacct/skyrove_wifi_0915/2010-09-03
[detail] expand: %t -> Fri Sep 3 17:02:06 2010
++[detail] returns ok
WARNING: Empty section. Using default return values.
Sending Access-Request of id 112 to 10.0.0.101 port 1812
NAS-Port-Type = Wireless-802.11
WISPr-Logoff-URL = "http://101.208.222.1:3990/logoff";
Acct-Session-Id = "4c810c4200000001"
Service-Type = Login-User
Called-Station-Id = "00-15-6D-AD-D0-DE"
Message-Authenticator = 0x00000000000000000000000000000000
NAS-IP-Address = 101.208.222.1
ChilliSpot-Version = "1.2.3-rc1"
Calling-Station-Id = "00-24-21-45-69-7F"
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Skyrove Dev Stelio"
User-Name = "A\\\\\\\\"
User-Password = "A\\\\\\\\"
NAS-Identifier = "skyrove_wifi_0915"
Framed-IP-Address = 101.208.222.2
NAS-Port = 1
WISPr-Location-Name = "Skyrove_Dev_Stelio"
Proxy-State = 0x313239
Proxying request 6 to home server 10.0.0.101 port 1812
Sending Access-Request of id 112 to 10.0.0.101 port 1812
NAS-Port-Type = Wireless-802.11
WISPr-Logoff-URL = "http://101.208.222.1:3990/logoff";
Acct-Session-Id = "4c810c4200000001"
Service-Type = Login-User
Called-Station-Id = "00-15-6D-AD-D0-DE"
Message-Authenticator = 0x00000000000000000000000000000000
NAS-IP-Address = 101.208.222.1
ChilliSpot-Version = "1.2.3-rc1"
Calling-Station-Id = "00-24-21-45-69-7F"
WISPr-Location-ID = "isocc=,cc=,ac=,network=Coova,Skyrove Dev Stelio"
User-Name = "A\\\\\\\\"
User-Password = "A\\\\\\\\"
NAS-Identifier = "skyrove_wifi_0915"
Framed-IP-Address = 101.208.222.2
NAS-Port = 1
WISPr-Location-Name = "Skyrove_Dev_Stelio"
Proxy-State = 0x313239
Going to the next request
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
