Hello Alan, > Yes. It does. But you are compiling some random external flavour. > Download the source from freeradius.org and report what happens
yes, you're right and I just noticed that the freeradius git tree contains a Debian folder which build packages which not only compile, now I try to migrate my configuration, but the hints no longer work. My configuration is pretty simple: (freeradius) [/etc/freeradius] cat sites-available/smsotp server default { listen { ipaddr = * type = auth } authenticate { perl } authorize { update control { Auth-Type := perl } preprocess } preacct { preprocess acct_unique } accounting { } session { } } (freeradius) [/etc/freeradius] cat hints DEFAULT User-Name =~ "^v104\\\\([^@]+)" User-Name := "%{1}@V104.GMVL.DE" DEFAULT User-Name =~ "^([^@]+)@v104.gmvl.de" User-Name := "%{1}@V104.GMVL.DE" (freeradius) [/etc/freeradius] cat clients.conf client 10.104.1.0 { secret = testing123 shortname = netscaler } client 127.0.0.1 { secret = testing123 shortname = cs-01 } In freeradius-2.2.0 the v104\Administrator got rewritten in administra...@v104.gmvl.de but with the curren version it does not work. Any idea what I'm doing wrong? (freeradius) [/etc/freeradius] freeradius -X freeradius: FreeRADIUS Version 3.0.0 (git #adfdfe7), for host x86_64-pc-linux-gnu, built on Jul 21 2013 at 17:07:13 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including dictionary file /etc/freeradius/dictionary including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/perl including files in directory /etc/freeradius/policy.d/ including configuration file /etc/freeradius/policy.d/dhcp including configuration file /etc/freeradius/policy.d/control including configuration file /etc/freeradius/policy.d/accounting including configuration file /etc/freeradius/policy.d/cui including configuration file /etc/freeradius/policy.d/eap including configuration file /etc/freeradius/policy.d/operator-name including configuration file /etc/freeradius/policy.d/canonicalization including configuration file /etc/freeradius/policy.d/filter including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/smsotp main { security { allow_core_dumps = no } } main { name = "radiusd" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/radiusd" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no colourise = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } limit { max_connections = 16 max_requests = 0 lifetime = 0 idle_timeout = 0 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client 10.104.1.0 { require_message_authenticator = no secret = "testing123" shortname = "netscaler" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } client 127.0.0.1 { require_message_authenticator = no secret = "testing123" shortname = "cs-01" limit { max_connections = 16 lifetime = 0 idle_timeout = 30 } } radiusd: #### Instantiating modules #### instantiate { } modules { # Loaded module rlm_preprocess # Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups" hints = "/etc/freeradius/mods-config/preprocess/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups reading pairlist file /etc/freeradius/mods-config/preprocess/hints # Loaded module rlm_perl # Instantiating module "perl" from file /etc/freeradius/mods-enabled/perl perl { filename = "/etc/freeradius/smsotp_krb5_3strikes.pl" func_authorize = "authorize" func_authenticate = "authenticate" func_post_auth = "post_auth" func_accounting = "accounting" func_preacct = "preacct" func_checksimul = "checksimul" func_detach = "detach" func_xlat = "xlat" func_pre_proxy = "pre_proxy" func_post_proxy = "post_proxy" func_recv_coa = "recv_coa" func_send_coa = "send_coa" } } # modules radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf } # server server default { # from file /etc/freeradius/sites-enabled/smsotp # Creating Auth-Type = perl # Loading authenticate {...} # Loading authorize {...} # Loading preacct {...} # Loading virtual module acct_unique } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } Listening on auth address * port 1812 as server default Opening new proxy address * port 1814 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 10.104.1.0 port 52437, id=174, length=58 User-Name = 'v104\\Administrator' User-Password = 'Pa$$w0rd' (0) # Executing section authorize from file /etc/freeradius/sites-enabled/smsotp (0) group authorize { (0) - entering group authorize {...} (0) update control { (0) Auth-Type := perl (0) } # update control = notfound (0) [preprocess] = ok (0) Found Auth-Type = perl (0) # Executing group from file /etc/freeradius/sites-enabled/smsotp (0) group authenticate { (0) - entering group authenticate {...} rlm_perl: authenticate: user unknown in database rlm_perl: Added pair User-Name = v104\\Administrator rlm_perl: Added pair User-Password = Pa$$w0rd rlm_perl: Added pair NAS-IP-Address = 10.104.1.0 rlm_perl: Added pair Auth-Type = perl (0) [perl] = reject (0) Failed to authenticate the user. (0) Using Post-Auth-Type Reject (0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. (0) Finished request 0. Waking up in 0.3 seconds. Waking up in 0.6 seconds. (0) Sending delayed reject Sending Access-Reject of id 174 from 10.104.252.162 port 1812 to 10.104.1.0 port 52437 Waking up in 4.9 seconds. (0) Cleaning up request packet ID 174 with timestamp +7 Ready to process requests. Cheers, Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html