Re: your mail
I am too much a newbie to understand what you are suggesting. Should I replace: return RLM_MODULE_OK with: return RLM_MODULE_UPDATED in the perl script? On Tue, Oct 9, 2012 at 11:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Return rlm_module_updated alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
file /etc/raddb/sites-enabled/default +- entering group perl {...} rlm_perl: Added pair User-Name = 21197904090320 rlm_perl: Added pair User-Password = 1533 rlm_perl: Added pair NAS-IP-Address = 192.168.251.93 rlm_perl: Added pair Reply-Message = Denied access by RADIUS rlm_perl: Added pair Auth-Type = perl ++[perl] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - 21197904090320 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 18 to 192.168.251.93 port 38262 Reply-Message = Denied access by RADIUS Waking up in 4.9 seconds. Cleaning up request 0 ID 18 with timestamp +11 Ready to process requests. I feel we are closer. Any Ideas on the Denied access by RADIUS Thanks Andrew On Wed, Oct 10, 2012 at 10:40 AM, Phil Mayers p.may...@imperial.ac.uk wrote: On 10/10/12 18:30, Andrew Precht wrote: Found Auth-Type = perl # Executing group from file /etc/raddb/sites-enabled/default +- entering group perl {...} rlm_perl: perl_embed:: module = /etc/raddb/sjpl.pl , func = authenticate exit status= Undefined subroutine main::get called at /etc/raddb/sjpl.pl line 92. Pretty clear - you've got a bug in the perl script. Fix it. You need a func_authenticate in your perl script, and it needs to *work*. Fix the code on line 92 of the script. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Well I'm back... I have changed the module line in /etc/raddb/modules/perl, from: module = ${confdir}/example.pl to: module = /etc/raddb/sjpl.pl Also, in the perl file I have uncommented the line: func_authenticate = authenticate Next, in /etc/raddb/sites-enabled/default I added perl to the authenticate {} section. The sjpl.pl file is from the original example.pl file with all code removed from between the lines: # Function to handle authenticate, and # Function to handle detach Then this code is put in its place: sub authenticate { my $logfile = /dev/null; my $date = `/bin/date`; chomp $date; my $url = http://catalog.sjlibrary.org:4500/PATRONAPI/; . $RAD_REQUEST{'User-Name'} . / . $RAD_REQUEST{'User-Password'} . /pintest; my $output = get($url); if ($output =~ /RETCOD=0/) { `echo $date : SUCCESS $RAD_REQUEST{'User-Name'} - $RAD_REQUEST{'User-Password'} $logfile`; $RAD_REPLY{'Reply-Message'} = Success; return RLM_MODULE_OK; } else { `echo $date : FAIL $RAD_REQUEST{'User-Name'} - $RAD_REQUEST{'User-Password'} $logfile`; $RAD_REPLY{'Reply-Message'} = Denied access by RADIUS; return RLM_MODULE_REJECT; } } However, when I try a test, I get rejected. Here is my debug output: [root@sjplradius mlkadmin]# radiusd -X FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 3 2012 at 01:22:51 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/rad_recv: Access-Request packet from host 192.168.251.93 port 50827, id=0, length=54 User-Name = 21197904090320 User-Password = 1533 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} rlm_perl: Added pair User-Name = 21197904090320 rlm_perl: Added pair User-Password = 1533 ++[perl] returns ok
[no subject]
Hi users, I've setup a new virtual FR 2.1.12 server on centos6. I have got the new server setup per the docs at freeradius.org. Radtest locally and NtradPing remotely are working. Now, I need FR to use a Perl script to authenticate against a proprietary DB. I have put in a bit of time researching how to use the Perl module. But, as a newbie to FR I can't seem to find any step-by-step documentation to use the Perl module. Could someone point me to such documentation? Here is the script that the old FR 1.13-1.6.el5 was using, I need this to run on the new FR server. sub authenticate { my $logfile = /dev/null; my $date = `/bin/date`; chomp $date; my $url = http://ProprietaryServer.PropritartyIssue.Bad:4500/PATRONAPI/; . $RAD_REQUEST{'User-Name'} . / . $RAD_REQUEST{'User-Password'} . /pintest; my $output = get($url); # For debugging purposes only # log_request_attributes; if ($output =~ /RETCOD=0/) { `echo $date : SUCCESS $RAD_REQUEST{'User-Name'} - $RAD_REQUEST{'User-Password'} $logfile`; $RAD_REPLY{'Reply-Message'} = Success; return RLM_MODULE_OK; } else { `echo $date : FAIL $RAD_REQUEST{'User-Name'} - $RAD_REQUEST{'User-Password'} $logfile`; $RAD_REPLY{'Reply-Message'} = Denied access by RADIUS; return RLM_MODULE_REJECT; } } Any help is appreciated... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Thanks Alan, I'm off for the weekend, I will give this a try on Tuesday. On Fri, Oct 5, 2012 at 3:04 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, I've setup a new virtual FR 2.1.12 server on centos6. I have got the new server setup per the docs at freeradius.org. Radtest locally and NtradPing remotely are working. Now, I need FR to use a Perl script to authenticate against a proprietary DB. I have put in a bit of time researching how to use the Perl module. But, as a newbie to FR I can't seem to find any step-by-step documentation to use the Perl module. Could someone point me to such documentation? edit the perl module $RADDB/modules/perl ensure that your script is named in the 'module' line and that its enabled in the required functions...in this case in authenticate (so uncomment the authenticate line) then add 'perl' to the authenticate {} section of the virtual server you are usingthat would likely be sites-enabled/default or sites-enabled/inner-tunnel with a default untouched config. alan, on a friday night with some vin rouge in hand - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rebuilding a FR server
Hi users, I'm attempting to setup a new virtual FR server on centos6, to replace an aging FR 1.13-1.6.el5 server. I have got the new server setup per the docs at freeradius.org. I've run the simple test using radtest locally and I get an Access-Accept. Also, using NTradPing remotely I get an Access-Accept. So, I think I've got the basic freeradius and firewall setup correctly. Now the hard part... I have no documentation or knowledge base for the old FR setup. It is used to authenticate WiFi users against a proprietary system using a Sybase DB. From what I can tell, it's using a perl script to talk to the db. I say this because of two lines in the radiusd.conf. One is: Auth-Type Perl { perl } and the other is: perl { module = /etc/raddb/sjsu.pl } My question is: Is it as easy as adding the same two lines to my new FR 2.1.12 radiusd.conf and copying over the sjsu.pl to get it to use the perl script? Please advise, thanks for any help... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html