On 09/10/12 23:32, Andrew Precht wrote:
to: module = /etc/raddb/sjpl.pl
Also, in the perl file I have uncommented the line: func_authenticate
= authenticate
Next, in /etc/raddb/sites-enabled/default I added perl to the
authenticate {} section.
Your problem is that the script is just wrong.
You're running in the "authorize" section:
Access-Request packet from host 192.168.251.93 port 50827, id=0,
length=54
User-Name = "21197904090320"
User-Password = "1533"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
rlm_perl: Added pair User-Name = 21197904090320
rlm_perl: Added pair User-Password = 1533
++[perl] returns ok
...but you're not arranging for yourself to be run in the authenticate
section:
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "21197904090320", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:
...i.e. Auth-Type is unset, so "authenticate" never runs.
There are many ways to solve this. Here's one:
authorize {
...
perl
if (ok) {
update control {
Auth-Type = perl
}
}
...
}
authenticate {
...
Auth-Type perl {
perl
}
...
}
Alternatively you could make your "perl" script set the "Auth-Type" item
in the control list. And so on.
The point is you need to set an Auth-Type, and make your "perl" script
handle it.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
