To answer my own question, I found that using the return code RLM_MODULE_OK triggers the server to respond back with Access-Accept. If I used RLM_MODULE_HANDLED instead, the response packet type was set to what I expected it to be. This makes sense since I expect the client to exchange several messages with me before I finally trigger the Access-Accept message.
On Mon, Feb 18, 2013 at 9:00 AM, Walter Goulet <[email protected]> wrote: > Hi, > > Looking through archives for this exact question, I see a post from 2008 ( > http://www.mail-archive.com/[email protected]/msg47423.html) > where this exact question was previously asked. > > Here is my server version info: > radiusd: FreeRADIUS Version 2.2.0, for host x86_64-unknown-linux-gnu, > built on Feb 17 2013 at 03:34:41 > > Here's my code: > > # Construct HTTP request > > my $authresult = > &authamis($RAD_REQUEST{'User-Name'},$RAD_REQUEST{'User-Password'}); > &radiusd::radlog(L_DBG, "Result after authamis call -> > $authresult"); > > if($authresult eq "true") { > $RAD_CHECK{'Response-Packet-Type'} = "Access-Challenge"; > $RAD_REPLY{'Reply-Message'} = "authentication successful"; > for (keys %RAD_REPLY) { > &radiusd::radlog(L_DBG, "RAD_REPLY: $_ = > $RAD_REPLY{$_}"); > } > for (keys %RAD_CHECK) { > &radiusd::radlog(L_DBG, "RAD_CHECK: $_ = > $RAD_CHECK{$_}"); > } > for (keys %RAD_CONFIG) { > &radiusd::radlog(L_DBG, "RAD_CONFIG: $_ = > $RAD_CONFIG{$_}"); > } > return RLM_MODULE_OK > } > else { > $RAD_REPLY{'Reply-Message'} = "authentication failure"; > return RLM_MODULE_REJECT; > } > > Here is the relevant debug output: > > Found Auth-Type = perl > # Executing group from file > /opt/app/freeradius/etc/raddb/sites-enabled/default > +- entering group perl {...} > rlm_perl: RAD_REQUEST: User-Name = test > rlm_perl: RAD_REQUEST: User-Password = 42594190 > rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.65.1 > rlm_perl: AMIS request: > http://amis.jdt.com:8080/auth/authenticate/test/42594190 > rlm_perl: Result after authamis call -> true > rlm_perl: RAD_REPLY: Reply-Message = authentication successful > rlm_perl: RAD_CHECK: Response-Packet-Type = Access-Challenge > rlm_perl: RAD_CHECK: Auth-Type = perl > rlm_perl: RAD_CONFIG: Auth-Type = perl > rlm_perl: Added pair User-Name = test > rlm_perl: Added pair User-Password = 42594190 > rlm_perl: Added pair NAS-IP-Address = 192.168.65.1 > rlm_perl: Added pair Reply-Message = authentication successful > rlm_perl: Added pair Response-Packet-Type = Access-Challenge > rlm_perl: Added pair Auth-Type = perl > ++[perl] returns ok > # Executing section post-auth from file > /opt/app/freeradius/etc/raddb/sites-enabled/default > +- entering group post-auth {...} > ++[exec] returns noop > Sending Access-Accept of id 81 to 192.168.65.1 port 53504 > Reply-Message = "authentication successful" > Finished request 0. > Going to the next request > > Clearly the Access-Challenge setting is not being honored by the server. > Is there another attribute that must be set to configure the response type? > > Thanks, > Walter >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
