Hello MAN -
All of the attributes in the current radius request are passed to the external command on standard input, and the results are returned on standard output. Please refer to section 6.26 in the Radiator manual ("doc/ref.html"). If you want to add any parameters to be passed to the external program you should add them as attributes to the current request before calling the AuthBy EXTERNAL clause.
You should also look at the source code in the file "Radius/AuthEXTERNAL.pm" to see exactly what happens.
regards
Hugh
On Friday, Oct 3, 2003, at 11:22 Australia/Melbourne, Man Meng Fei wrote:
Hi Mke and Hugh May i know how should i pass the parameter into the perl script when i execute <AUTH EXTERNAL> and how can get the result after execute the perl script ?
Thank
MAN
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Man Meng Fei Sent: Thursday, October 02, 2003 1:58 PM To: 'Mike McCauley'; 'Hugh Irvine' Cc: [EMAIL PROTECTED] Subject: RE: (RADIATOR) Question in <AuthBy EXTERNAL>
Hi Do i need to pass any parameter to testcommand.pl ?
MAN
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike McCauley Sent: Thursday, October 02, 2003 12:36 PM To: Hugh Irvine; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Question in <AuthBy EXTERNAL>
Hi Hugh,
If you look at godies/external.cfg, you will see he needs something like
this:
Command c:/perl/bin/perl ./goodies/testcommand.pl
DOS does not know how to interpret #!/usr/bin/perl so it cant run C:\Perl\bin\testcommand.pl without some cluues.
Cheers.
On Thu, 2 Oct 2003 12:23 pm, Hugh Irvine wrote:Hello Man Meng Fei -
I suspect that Radiator is not able to run the external command.
What happens when you run the following in a MS-DOS window:
C:\Perl\bin\testcommand.pl
There is probably something wrong with either the path or the contents
of the file.No
regards
Hugh
On Thursday, Oct 2, 2003, at 03:56 Australia/Melbourne, Man Meng Fei
wrote:Hi Currently i am using a sample configuration (external.cfg) and perl script (testcommand.pl) which can be retrieved from goodies directory to understand the implementation of <AuthBy EXTERNAL>. But after i executed it, i can't get the expected test result. I got<AuthByReply at Radius client. I hope someone can help me to make this<165><206>RiJ<208><139><245><129>@<170><136><23>s<24><23>EXTERNAL> sample working.
Lastly i attached Radius Configration file which i used for the testing and Radius Server and Radius Client's output result
Man Meng Fei
----------radius.cfg----------- # external.cfg # # Example Radiator configuration file. # This very simple file will allow you to get started with # EXTERNAL authentication. # # There is an example external program called testcommand.pl # in the goodies directory, whichthe example below uses. It # will accept the request if the username is "fred" otherwise reject # it. # # So if you run Radiator with this config file, then do # radpwtst -noacct -trace -user fred # you will see something like: # sending Access-Request... # OK # Code: Access-Accept # Identifier: 109 # Authentic: <12>_B<215><2>=<149><140>kBM<130><221><10>.S # Attributes: # Reply-Message = "you are fred" # # # And if you do: # radpwtst -noacct -trace -user someoneelse # you will see something like: # sending Access-Request... # Rejected # Code: Access-Reject # Identifier: 70 # Authentic:# Attributes: # Reply-Message = "you are NOT fred, you are 'someoneelse'" # Reply-Message = "Request Denied"
# # You should consider this file to be a starting point only # $Id: external.cfg,v 1.3 2003/09/22 23:30:56 mikem Exp $
Foreground LogStdout LogDir c:/Program Files/Radiator DbDir c:/Program Files/Radiator
Trace 4
# You will probably want to change this to suit your site. <Client DEFAULT> Secret mysecret DupInterval 0 </Client>
<Realm DEFAULT> <AuthBy EXTERNAL> # For NT, you might want something like this Command C:\Perl\bin\testcommand.pl
# For Unix, maybe something like this # #Command ./goodies/testcommand.pl
# This will cause the User-Password # to be decrypted before being passed to the # external program DecryptPassword
# You might prefer use this to tell AuthBy EXTERNAL # to get the result from the first line of the # output. The permitted values are ACCEPT, REJECT # IGNORE CHALLENGE or REJECT_IMMEDIATE. ON Win98 # its the only way to get it to work. # We recommend you use this method ResultInOutput </AuthBy> </Realm>
-------Radius Server Output--------------------------
Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\man\Desktop>PERL c:\perl\bin\radiusd Thu Oct 2 01:16:58 2003: DEBUG: Finished reading configuration file 'C:\Program Files\Radiator\radius.cfg' This Radiator license will expire on 2004-02-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your evaluation period, contact [EMAIL PROTECTED]
Thu Oct 2 01:16:58 2003: DEBUG: Reading dictionary file 'c:/Program
0.0.0.0:1646Files/Radia tor/dictionary' Thu Oct 2 01:16:58 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Thu Oct 2 01:16:58 2003: DEBUG: Creating accounting portmanThu Oct 2 01:16:58 2003: NOTICE: Server started: Radiator 3.7 onfirst(EVALUATIO N) Thu Oct 2 01:18:52 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3006 .... Code: Access-Request Identifier: 67 Authentic: 1234567890123456 Attributes: User-Name = "mikem" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
Thu Oct 2 01:18:52 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Oct 2 01:18:52 2003: DEBUG: Deleting session for mikem, 203.63.154.1, 1234 Thu Oct 2 01:18:52 2003: DEBUG: Running command: C:\Perl\bin\testcommand.pl Thu Oct 2 01:25:09 2003: ERR: ResultInOutput is enabled, but the<30>Z<190><154>(<20><153><30><10>c<24><237><243><176>V<236>line of from the E XTRNAL command is an unknown result code Thu Oct 2 01:25:09 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 3006 .... Code: Accounting-Request Identifier: 68 Authentic:Attributes: User-Name = "mikem" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Acct-Delay-Time = 0
Thu Oct 2 01:25:09 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Oct 2 01:25:09 2003: DEBUG: Adding session for
mikem, 203.63.154.1, 1234 Thu Oct 2 01:25:09 2003: DEBUG: Running command: C:\Perl\bin\testcommand.pl
-------Radius Client Output-------------------------- Microsoft Windows 2000 [Version 5.00.2195] (C) Copyright 1985-2000 Microsoft Corp.
C:\Documents and Settings\man\Desktop>perl c:\perl\bin\radpwtst -user mikem -password fred
sending Access-Request... No reply sending Accounting-Request Start... No reply sending Accounting-Request Stop... No reply
C:\Documents and Settings\man\Desktop>
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.