On Sat, Jan 29, 2011 at 06:10:49PM +0200, Alexander Shikoff wrote: > On Sat, Jan 29, 2011 at 03:18:18PM +0100, Alan DeKok wrote: > > Alexander Shikoff wrote: > > > I have two virtual servers and I need to process events in these servers > > > with different perl scripts. Is there a way to configure separate > > > rlm_perl instances for each virtual server? Thanks. > > > > raddb/modules/perl1: > > > > perl perl1 { > > ... > > } > > > > raddb/modules/perl2: > > > > perl perl2 { > > ... > > } > > > > And then use "perl1" and "perl2" instead of "perl. > > > > Alan DeKok. > > Ok, I tried this way: > > raddb/modules/ISG_DHCP: > perl ISG_DHCP { > module = ${confdir}/dhcp.pl > } > > raddb/modules/ISG_Auth: > perl ISG_Auth { > module = ${confdir}/dhcp-authorization.pl > } > > Then I add these modules to virtual servers: > raddb/sites-enabled/dhcp: > server dhcp { > [...] > dhcp DHCP-Discover { > ISG_DHCP > reply_log > ok > } > } > > raddb/sites-enabled/auth: > server dhcp-authorization { > [...] > listen { > type = auth > ipaddr = x.x.x.x > port = 11812 > } > > authorize { > ISG_Auth > } > } > > But when freeradius receives DHCP packet it processes it with > dhcp-authorization.pl > script but not with dhcp.pl. Why?
More debugging information. I've written a two simple Perl scripts for each virtual server: ------------------------------------------------------------------- # dhcp.pl use strict; use vars qw/%RAD_REQUEST %RAD_REPLY %RAD_CHECK/; sub authenticate { &radiusd::radlog(L_INFO, "-dhcp.pl- : authenticate"); } sub authorize { &radiusd::radlog(L_INFO, "-dhcp.pl- : authorize"); } sub post_auth { &radiusd::radlog(L_INFO, "-dhcp.pl- : post_auth"); } ------------------------------------------------------------------- # authorization.pl use strict; use vars qw/%RAD_REQUEST %RAD_REPLY %RAD_CHECK/; sub authenticate { &radiusd::radlog(L_INFO, "-authorization.pl- : authenticate"); } sub authorize { &radiusd::radlog(L_INFO, "-authorization.pl- : authorize"); } sub post_auth { &radiusd::radlog(L_INFO, "-authorization.pl- : post_auth"); } ------------------------------------------------------------------- Then I refer them in modules: raddb/modules/ISG_DHCP: perl ISG_DHCP { module = ${confdir}/dhcp.pl } raddb/modules/ISG_Auth: perl ISG_Auth { module = ${confdir}/authorization.pl } radiusd after startup reads configuration in a right way: # radiusd -X [...] server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp modules { Module: Checking dhcp DHCP-Discover {...} for more modules to load Module: Linked to module rlm_perl Module: Instantiating module "ISG_DHCP" from file /usr/local/etc/raddb/modules/ISG_DHCP perl ISG_DHCP { module = "/usr/local/etc/raddb/dhcp.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_post_auth = "post_auth" func_recv_coa = "recv_coa" func_send_coa = "send_coa" } [...] server dhcp-authorization { # from file /usr/local/etc/raddb/sites-enabled/dhcp-authorization.conf modules { Module: Checking authorize {...} for more modules to load Module: Instantiating module "ISG_Auth" from file /usr/local/etc/raddb/modules/ISG_Auth perl ISG_Auth { module = "/usr/local/etc/raddb/authorization.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_post_auth = "post_auth" func_recv_coa = "recv_coa" func_send_coa = "send_coa" } } # modules Now radiusd receives a DHCP packet and: Received DHCP-Discover of id fcb1c6c0 from 193.200.84.232:67 to 193.200.85.245:67 [...] server dhcp { Trying sub-section dhcp DHCP-Discover {...} +- entering group DHCP-Discover {...} rlm_perl: -authorization.pl- : post_auth ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ... it calls authorization.pl instead of dhcp.pl. -- MINO-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html