Hello Alan,
> Yes. It does. But you are compiling some random external flavour.
> Download the source from freeradius.org and report what happens
yes, you're right and I just noticed that the freeradius git tree
contains a Debian folder which build packages which not only compile,
now I try to migrate my configuration, but the hints no longer work. My
configuration is pretty simple:
(freeradius) [/etc/freeradius] cat sites-available/smsotp
server default {
listen {
ipaddr = *
type = auth
}
authenticate {
perl
}
authorize {
update control {
Auth-Type := perl
}
preprocess
}
preacct {
preprocess
acct_unique
}
accounting {
}
session {
}
}
(freeradius) [/etc/freeradius] cat hints
DEFAULT User-Name =~ "^v104\\\\([^@]+)"
User-Name := "%{1}@V104.GMVL.DE"
DEFAULT User-Name =~ "^([^@]+)@v104.gmvl.de"
User-Name := "%{1}@V104.GMVL.DE"
(freeradius) [/etc/freeradius] cat clients.conf
client 10.104.1.0 {
secret = testing123
shortname = netscaler
}
client 127.0.0.1 {
secret = testing123
shortname = cs-01
}
In freeradius-2.2.0 the v104\Administrator got rewritten in
[email protected] but with the curren version it does not work. Any
idea what I'm doing wrong?
(freeradius) [/etc/freeradius] freeradius -X
freeradius: FreeRADIUS Version 3.0.0 (git #adfdfe7), for host
x86_64-pc-linux-gnu, built on Jul 21 2013 at 17:07:13
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including dictionary file /etc/freeradius/dictionary
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/mods-enabled/
including configuration file /etc/freeradius/mods-enabled/preprocess
including configuration file /etc/freeradius/mods-enabled/perl
including files in directory /etc/freeradius/policy.d/
including configuration file /etc/freeradius/policy.d/dhcp
including configuration file /etc/freeradius/policy.d/control
including configuration file /etc/freeradius/policy.d/accounting
including configuration file /etc/freeradius/policy.d/cui
including configuration file /etc/freeradius/policy.d/eap
including configuration file /etc/freeradius/policy.d/operator-name
including configuration file /etc/freeradius/policy.d/canonicalization
including configuration file /etc/freeradius/policy.d/filter
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/smsotp
main {
security {
allow_core_dumps = no
}
}
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client 10.104.1.0 {
require_message_authenticator = no
secret = "testing123"
shortname = "netscaler"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 127.0.0.1 {
require_message_authenticator = no
secret = "testing123"
shortname = "cs-01"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
radiusd: #### Instantiating modules ####
instantiate {
}
modules {
# Loaded module rlm_preprocess
# Instantiating module "preprocess" from file
/etc/freeradius/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
hints = "/etc/freeradius/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
reading pairlist file /etc/freeradius/mods-config/preprocess/hints
# Loaded module rlm_perl
# Instantiating module "perl" from file /etc/freeradius/mods-enabled/perl
perl {
filename = "/etc/freeradius/smsotp_krb5_3strikes.pl"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_post_auth = "post_auth"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_recv_coa = "recv_coa"
func_send_coa = "send_coa"
}
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/radiusd.conf
} # server
server default { # from file /etc/freeradius/sites-enabled/smsotp
# Creating Auth-Type = perl
# Loading authenticate {...}
# Loading authorize {...}
# Loading preacct {...}
# Loading virtual module acct_unique
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
Listening on auth address * port 1812 as server default
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.104.1.0 port 52437, id=174,
length=58
User-Name = 'v104\\Administrator'
User-Password = 'Pa$$w0rd'
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/smsotp
(0) group authorize {
(0) - entering group authorize {...}
(0) update control {
(0) Auth-Type := perl
(0) } # update control = notfound
(0) [preprocess] = ok
(0) Found Auth-Type = perl
(0) # Executing group from file /etc/freeradius/sites-enabled/smsotp
(0) group authenticate {
(0) - entering group authenticate {...}
rlm_perl: authenticate: user unknown in database
rlm_perl: Added pair User-Name = v104\\Administrator
rlm_perl: Added pair User-Password = Pa$$w0rd
rlm_perl: Added pair NAS-IP-Address = 10.104.1.0
rlm_perl: Added pair Auth-Type = perl
(0) [perl] = reject
(0) Failed to authenticate the user.
(0) Using Post-Auth-Type Reject
(0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform
requested action.
(0) Finished request 0.
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) Sending delayed reject
Sending Access-Reject of id 174 from 10.104.252.162 port 1812 to 10.104.1.0
port 52437
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 174 with timestamp +7
Ready to process requests.
Cheers,
Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
