Re: your mail
I am too much a newbie to understand what you are suggesting. Should I replace: return RLM_MODULE_OK with: return RLM_MODULE_UPDATED in the perl script? On Tue, Oct 9, 2012 at 11:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Return rlm_module_updated alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
file /etc/raddb/sites-enabled/default
+- entering group perl {...}
rlm_perl: Added pair User-Name = 21197904090320
rlm_perl: Added pair User-Password = 1533
rlm_perl: Added pair NAS-IP-Address = 192.168.251.93
rlm_perl: Added pair Reply-Message = Denied access by RADIUS
rlm_perl: Added pair Auth-Type = perl
++[perl] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - 21197904090320
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 18 to 192.168.251.93 port 38262
Reply-Message = Denied access by RADIUS
Waking up in 4.9 seconds.
Cleaning up request 0 ID 18 with timestamp +11
Ready to process requests.
I feel we are closer.
Any Ideas on the Denied access by RADIUS
Thanks Andrew
On Wed, Oct 10, 2012 at 10:40 AM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 10/10/12 18:30, Andrew Precht wrote:
Found Auth-Type = perl
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group perl {...}
rlm_perl: perl_embed:: module = /etc/raddb/sjpl.pl , func =
authenticate exit status= Undefined subroutine main::get called at
/etc/raddb/sjpl.pl line 92.
Pretty clear - you've got a bug in the perl script. Fix it. You need a
func_authenticate in your perl script, and it needs to *work*. Fix the
code on line 92 of the script.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Well I'm back...
I have changed the module line in /etc/raddb/modules/perl, from:
module = ${confdir}/example.pl
to: module = /etc/raddb/sjpl.pl
Also, in the perl file I have uncommented the line: func_authenticate
= authenticate
Next, in /etc/raddb/sites-enabled/default I added perl to the
authenticate {} section.
The sjpl.pl file is from the original example.pl file with all code
removed from between the lines:
# Function to handle authenticate, and
# Function to handle detach
Then this code is put in its place:
sub authenticate {
my $logfile = /dev/null;
my $date = `/bin/date`;
chomp $date;
my $url = http://catalog.sjlibrary.org:4500/PATRONAPI/; .
$RAD_REQUEST{'User-Name'} . / . $RAD_REQUEST{'User-Password'} .
/pintest;
my $output = get($url);
if ($output =~ /RETCOD=0/) {
`echo $date : SUCCESS $RAD_REQUEST{'User-Name'} -
$RAD_REQUEST{'User-Password'} $logfile`;
$RAD_REPLY{'Reply-Message'} = Success;
return RLM_MODULE_OK;
} else {
`echo $date : FAIL $RAD_REQUEST{'User-Name'} -
$RAD_REQUEST{'User-Password'} $logfile`;
$RAD_REPLY{'Reply-Message'} = Denied access by RADIUS;
return RLM_MODULE_REJECT;
}
}
However, when I try a test, I get rejected.
Here is my debug output:
[root@sjplradius mlkadmin]# radiusd -X
FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on
Oct 3 2012 at 01:22:51
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/rad_recv:
Access-Request packet from host 192.168.251.93 port 50827, id=0,
length=54
User-Name = 21197904090320
User-Password = 1533
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
rlm_perl: Added pair User-Name = 21197904090320
rlm_perl: Added pair User-Password = 1533
++[perl] returns ok
[no subject]
Hi users,
I've setup a new virtual FR 2.1.12 server on centos6. I have got the
new server setup per
the docs at freeradius.org. Radtest locally and NtradPing remotely are working.
Now, I need FR to use a Perl script to authenticate against a proprietary DB.
I have put in a bit of time researching how to use the Perl module.
But, as a newbie to FR I can't seem to find any step-by-step
documentation to use the Perl module.
Could someone point me to such documentation?
Here is the script that the old FR 1.13-1.6.el5 was using, I need this
to run on the new FR server.
sub authenticate {
my $logfile = /dev/null;
my $date = `/bin/date`;
chomp $date;
my $url = http://ProprietaryServer.PropritartyIssue.Bad:4500/PATRONAPI/;
. $RAD_REQUEST{'User-Name'} . / . $RAD_REQUEST{'User-Password'} .
/pintest;
my $output = get($url);
# For debugging purposes only
# log_request_attributes;
if ($output =~ /RETCOD=0/) {
`echo $date : SUCCESS $RAD_REQUEST{'User-Name'} -
$RAD_REQUEST{'User-Password'} $logfile`;
$RAD_REPLY{'Reply-Message'} = Success;
return RLM_MODULE_OK;
} else {
`echo $date : FAIL $RAD_REQUEST{'User-Name'} -
$RAD_REQUEST{'User-Password'} $logfile`;
$RAD_REPLY{'Reply-Message'} = Denied access by RADIUS;
return RLM_MODULE_REJECT;
}
}
Any help is appreciated...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Thanks Alan,
I'm off for the weekend, I will give this a try on Tuesday.
On Fri, Oct 5, 2012 at 3:04 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I've setup a new virtual FR 2.1.12 server on centos6. I have got the
new server setup per
the docs at freeradius.org. Radtest locally and NtradPing remotely are
working.
Now, I need FR to use a Perl script to authenticate against a proprietary DB.
I have put in a bit of time researching how to use the Perl module.
But, as a newbie to FR I can't seem to find any step-by-step
documentation to use the Perl module.
Could someone point me to such documentation?
edit the perl module
$RADDB/modules/perl
ensure that your script is named in the 'module' line
and that its enabled in the required functions...in
this case in authenticate (so uncomment the authenticate line)
then add
'perl' to the authenticate {} section of the virtual server
you are usingthat would likely be sites-enabled/default
or sites-enabled/inner-tunnel with a default untouched config.
alan, on a friday night with some vin rouge in hand
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rebuilding a FR server
Hi users,
I'm attempting to setup a new virtual FR server on centos6, to replace
an aging FR 1.13-1.6.el5 server. I have got the new server setup per
the docs at freeradius.org.
I've run the simple test using radtest locally and I get an
Access-Accept. Also, using NTradPing remotely I get an Access-Accept.
So, I think I've got the basic freeradius and firewall setup
correctly.
Now the hard part... I have no documentation or knowledge base for the
old FR setup. It is used to authenticate WiFi users against a
proprietary system using a Sybase DB. From what I can tell, it's using
a perl script to talk to the db.
I say this because of two lines in the radiusd.conf. One is:
Auth-Type Perl { perl } and the other is: perl { module =
/etc/raddb/sjsu.pl }
My question is: Is it as easy as adding the same two lines to my new
FR 2.1.12 radiusd.conf and copying over the sjsu.pl to get it to use
the perl script?
Please advise, thanks for any help...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
