RE: rlm_perl not working
Thanks for your replies.
I want to resolve the Invalid Accounting Packet problem, so I start to write
a perl function preacct like this :
sub preacct {
# For debugging purposes only
print start preacct ***\n;
print Dumper(%RAD_REQUEST);print now update request ***\n;
$RAD_REQUEST{'Acct-Status-Type'} = 7;
print returning from preacct ***\n;
return RLM_MODULE_UPDATED;
}
And modify my preacct using perl.
I entered correctly into this procedure, but I didn't know how to update
NAS-IP-Address using Packet-Src-IP-Address into the perl sub.
Is there somewhere some documentation to have all var in one webpage ?
If someone has an example on how to update $RAD_REQUEST{'NAS-IP-Address'}
using rlm_perl is welcome ;)
Regards
Fabien VINCENT
-Message d'origine-
De : freeradius-users-bounces+fabien.vincent=coreye...@lists.freeradius.org
[mailto:freeradius-users-bounces+fabien.vincent=coreye.fr@lists.freeradius.o
rg] De la part de Alan Buxey
Envoyé : mardi 18 octobre 2011 21:31
À : FreeRadius users mailing list
Objet : Re: rlm_perl not working
Hi,
Of course ! But to simplify documentation, I've put all in one file
radiusd.conf except sql requests / config
That's a terrible idea.
I was going to say the same thing. the old old server used to use a single
file for config...that
was actually a nasty thing. it now calls seperate moduleswhich all have
nice notes/comments
in them already. redacting that to a single flat file is horribleeven
worse, it makes looking
at the difference between your server config and the next release available
config - eg new options
etc almost impossible.
NAS-IP-Address = 127.1.1.1
F5-Acct = Oct 18 17:18:59 local/lb2b notice mcpd[4820]:
01070417:5: AUDIT - user radtest - transaction #40213784-2 - object 0 -
modify { pool_member { pool_member_pool_name \..
WARNING: Empty section. Using default return values.
+- entering group accounting {...}
Invalid Accounting Packet
rlm_perl prints that out if there is no Acct-Status-Type attribute in the
packet - ie
its not really a nice valid accounting packet. this looks like auditing
packets being sent...
they might need to fix their code?
And one more question, can I replace it dynamically with, for example,
rlm_perl using the IP address from sender host (here 10.10.10.12 ?).
replace what? the NAS-IP-Address? yes - you can swap it with eg the
Packet-Src-IP-Address
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Ce message a ete verifie par MailScanner.
smime.p7s
Description: S/MIME cryptographic signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_perl not working
Sorry, fixed, a mistake in my radiusd.conf
(lost in brackets ;)
De : freeradius-users-bounces+fabien.vincent=coreye...@lists.freeradius.org
[mailto:freeradius-users-bounces+fabien.vincent=coreye.fr@lists.freeradius.o
rg] De la part de Vincent, Fabien
Envoyé : mardi 18 octobre 2011 15:53
À : FreeRadius users mailing list
Objet : rlm_perl not working
Hi all,
As you reply yesterday to my question, I have another one which is very
embarrassing :
I have the following packages installed on CentOS box :
freeradius2.x86_64
freeradius2-mysql.x86_64
freeradius2-ldap.x86_64
freeradius2-perl.x86_64
freeradius2-utils.x86_64
I want to make some transformations on my accounting section but this
doesnt work when I put the perl in accounting section. Radius stop
working :
/usr/sbin/radiusd -X
conns: 0x25e9760
Module: Checking authorize {...} for more modules to load
Module: Checking accounting {...} for more modules to load
/etc/raddb/radiusd.conf[267]: Failed to find module perl.
/etc/raddb/radiusd.conf[263]: Errors parsing accounting section.
Ive found a lot of problems looking on my Google friend, but I didnt
understand with a simple :
accounting {
# sql # comment
perl
}
Using the simple configuration for modules found here:
http://wiki.freeradius.org/Rlm_perl
Does not work
Any ideas ?
Thanks in advance for your help
Regards,
Fabien VINCENT
smime.p7s
Description: S/MIME cryptographic signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working
Hi, Sorry, fixed, a mistake in my radiusd.conf … (lost in brackets ;) my concern would be that you dont need to touch radiusd.conf at all to use the rlm_perl module - hope you werent following some old document - you just need to edit the modules/perl file and then put 'perl' into the required part of your virtual server (or use a named instance if you want to call it a different name) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_perl not working
Of course ! But to simplify documentation, I've put all in one file
radiusd.conf except sql requests / config
Another question with Perl / Accounting :
I want to made accounting on my F5 LTM / GTM. But the F5 uses something
special, because all Audit logs are forwarded to the Radius using syslog-ng.
The consequence is that the Accounting-Request is coming with the following
format :
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.10.10.12 port 47931, id=4,
length=235
NAS-IP-Address = 127.1.1.1
F5-Acct = Oct 18 17:18:59 local/lb2b notice mcpd[4820]: 01070417:5:
AUDIT - user radtest - transaction #40213784-2 - object 0 - modify {
pool_member { pool_member_pool_name \..
WARNING: Empty section. Using default return values.
+- entering group accounting {...}
Invalid Accounting Packet
++[perl] returns invalid
Finished request 0.
Did you know if it's normal that the accounting section reject the accounting
packet and say Invalid Accounting Packet ... Is it due to NAS-IP-Address
attribute ?
And one more question, can I replace it dynamically with, for example, rlm_perl
using the IP address from sender host (here 10.10.10.12 ?).
Thanks in advance for your helps !
Fabien VINCENT
Ingénieur Réseaux Sécurité / ASSR Produits
-Message d'origine-
De : freeradius-users-bounces+fabien.vincent=coreye...@lists.freeradius.org
[mailto:freeradius-users-bounces+fabien.vincent=coreye...@lists.freeradius.org]
De la part de Alan Buxey
Envoyé : mardi 18 octobre 2011 16:54
À : FreeRadius users mailing list
Objet : Re: rlm_perl not working
Hi,
Sorry, fixed, a mistake in my radiusd.conf … (lost in brackets ;)
my concern would be that you dont need to touch radiusd.conf at all to use
the rlm_perl module - hope you werent following some old document - you just
need to edit the modules/perl file and then put 'perl' into the required part
of your virtual server (or use a named instance if you want to call it a
different
name)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Ce message a ete verifie par MailScanner.
smime.p7s
Description: S/MIME cryptographic signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working
Vincent, Fabien wrote:
Of course ! But to simplify documentation, I've put all in one file
radiusd.conf except sql requests / config
That's a terrible idea.
You can't get the server to work the way you want, but you're willing
to completely change it's configuration?
That makes no sense.
Another question with Perl / Accounting :
I want to made accounting on my F5 LTM / GTM. But the F5 uses something
special, because all Audit logs are forwarded to the Radius using
syslog-ng. The consequence is that the Accounting-Request is coming with the
following format :
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.10.10.12 port 47931, id=4,
length=235
NAS-IP-Address = 127.1.1.1
F5-Acct = Oct 18 17:18:59 local/lb2b notice mcpd[4820]: 01070417:5:
AUDIT - user radtest - transaction #40213784-2 - object 0 - modify {
pool_member { pool_member_pool_name \..
WARNING: Empty section. Using default return values.
+- entering group accounting {...}
Invalid Accounting Packet
That message is generated by the Perl module.
++[perl] returns invalid
Finished request 0.
Did you know if it's normal that the accounting section reject the accounting
packet and say Invalid Accounting Packet ... Is it due to NAS-IP-Address
attribute ?
No idea... look at the rlm_perl source.
And one more question, can I replace it dynamically with, for example,
rlm_perl using the IP address from sender host (here 10.10.10.12 ?).
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working
Hi,
Of course ! But to simplify documentation, I've put all in one file
radiusd.conf except sql requests / config
That's a terrible idea.
I was going to say the same thing. the old old server used to use a single
file for config...that
was actually a nasty thing. it now calls seperate moduleswhich all have
nice notes/comments
in them already. redacting that to a single flat file is horribleeven
worse, it makes looking
at the difference between your server config and the next release available
config - eg new options
etc almost impossible.
NAS-IP-Address = 127.1.1.1
F5-Acct = Oct 18 17:18:59 local/lb2b notice mcpd[4820]:
01070417:5: AUDIT - user radtest - transaction #40213784-2 - object 0 -
modify { pool_member { pool_member_pool_name \..
WARNING: Empty section. Using default return values.
+- entering group accounting {...}
Invalid Accounting Packet
rlm_perl prints that out if there is no Acct-Status-Type attribute in the
packet - ie
its not really a nice valid accounting packet. this looks like auditing packets
being sent...
they might need to fix their code?
And one more question, can I replace it dynamically with, for example,
rlm_perl using the IP address from sender host (here 10.10.10.12 ?).
replace what? the NAS-IP-Address? yes - you can swap it with eg the
Packet-Src-IP-Address
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working as expected on 2.0.5
Eric Martell wrote: Also I followed everything in http://wiki.freeradius.org/Rlm_perl You should add the Auth-Type text to the authenticate section of both raddb/sites-available/default, and raddb/sites-available/inner-tunnel. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working as expected on 2.0.5
You haven't got
Auth-Type Perl {
perl
}
in authentication section of inner-tunnel virtual server. You probably
added it just to default one. In default configuration users file is
common for all virtual servers.
Ivan Kalik
Kalik Informatika ISP
Dana 11/8/2008, Henry [EMAIL PROTECTED] piše:
Greetings,
I'm busy trying out Freeradius 2.0.5 before upgrading from 1.1.0, and so
far everything looks good. I would like to try out rlm_perl since it
presents some interesting possibilities, but am having a spot of bother.
I followed the howto here: http://wiki.freeradius.org/Rlm_perl
rlm_perl isn't event loaded/instantiated unless I add 'perl' to the
instantiate section of radiusd.conf.
Even if I do, however, I keep getting this error:
Parse error (check) for entry DEFAULT: Unknown value Perl for attribute
Auth-Type
Any pointers on what I'm missing/doing wrong would be appreciated.
Thanks
Henry
Here's the debug:
Mon Aug 11 15:58:53 2008 : Info: FreeRADIUS Version 2.0.5, for host
i686-pc-linux-gnu, built on Aug 8 2008 at 18:56:21
Mon Aug 11 15:58:53 2008 : Info: Copyright (C) 1999-2008 The FreeRADIUS
server project and contributors.
Mon Aug 11 15:58:53 2008 : Info: There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
Mon Aug 11 15:58:53 2008 : Info: PARTICULAR PURPOSE.
Mon Aug 11 15:58:53 2008 : Info: You may redistribute copies of FreeRADIUS
under the terms of the
Mon Aug 11 15:58:53 2008 : Info: GNU General Public License v2.
Mon Aug 11 15:58:53 2008 : Info: Starting - reading configuration files ...
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/radiusd.conf
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/proxy.conf
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/clients.conf
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/snmp.conf
Mon Aug 11 15:58:53 2008 : Debug: including files in directory
/usr/local/freeradius-2.0.5/etc/raddb/modules/
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/policy
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/acct_unique
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/unix
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/chap
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/preprocess
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/expiration
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/mac2vlan
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/mschap
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/ippool
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/files
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/krb5
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/passwd
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/radutmp
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/attr_rewrite
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/echo
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/etc_group
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/pap
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/realm
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/pam
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/always
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/exec
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/logintime
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/sql_log
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
/usr/local/freeradius-2.0.5/etc/raddb/modules/smbpasswd
Mon Aug 11 15:58:53 2008 : Debug: including configuration file
Re: rlm_perl not working as expected on 2.0.5
On Tue, August 12, 2008 11:08 am, Ivan Kalik wrote:
You haven't got
Auth-Type Perl {
perl
}
in authentication section of inner-tunnel virtual server. You probably
added it just to default one. In default configuration users file is
common for all virtual servers.
Excellent! Thanks, Ivan. I must have missed that requirement in the docs.
Regards
Henry
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
