RE: rlm_perl not working
Thanks for your replies. I want to resolve the Invalid Accounting Packet problem, so I start to write a perl function preacct like this : sub preacct { # For debugging purposes only print start preacct ***\n; print Dumper(%RAD_REQUEST);print now update request ***\n; $RAD_REQUEST{'Acct-Status-Type'} = 7; print returning from preacct ***\n; return RLM_MODULE_UPDATED; } And modify my preacct using perl. I entered correctly into this procedure, but I didn't know how to update NAS-IP-Address using Packet-Src-IP-Address into the perl sub. Is there somewhere some documentation to have all var in one webpage ? If someone has an example on how to update $RAD_REQUEST{'NAS-IP-Address'} using rlm_perl is welcome ;) Regards Fabien VINCENT -Message d'origine- De : freeradius-users-bounces+fabien.vincent=coreye...@lists.freeradius.org [mailto:freeradius-users-bounces+fabien.vincent=coreye.fr@lists.freeradius.o rg] De la part de Alan Buxey Envoyé : mardi 18 octobre 2011 21:31 À : FreeRadius users mailing list Objet : Re: rlm_perl not working Hi, Of course ! But to simplify documentation, I've put all in one file radiusd.conf except sql requests / config That's a terrible idea. I was going to say the same thing. the old old server used to use a single file for config...that was actually a nasty thing. it now calls seperate moduleswhich all have nice notes/comments in them already. redacting that to a single flat file is horribleeven worse, it makes looking at the difference between your server config and the next release available config - eg new options etc almost impossible. NAS-IP-Address = 127.1.1.1 F5-Acct = Oct 18 17:18:59 local/lb2b notice mcpd[4820]: 01070417:5: AUDIT - user radtest - transaction #40213784-2 - object 0 - modify { pool_member { pool_member_pool_name \.. WARNING: Empty section. Using default return values. +- entering group accounting {...} Invalid Accounting Packet rlm_perl prints that out if there is no Acct-Status-Type attribute in the packet - ie its not really a nice valid accounting packet. this looks like auditing packets being sent... they might need to fix their code? And one more question, can I replace it dynamically with, for example, rlm_perl using the IP address from sender host (here 10.10.10.12 ?). replace what? the NAS-IP-Address? yes - you can swap it with eg the Packet-Src-IP-Address alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ce message a ete verifie par MailScanner. smime.p7s Description: S/MIME cryptographic signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_perl not working
Sorry, fixed, a mistake in my radiusd.conf (lost in brackets ;) De : freeradius-users-bounces+fabien.vincent=coreye...@lists.freeradius.org [mailto:freeradius-users-bounces+fabien.vincent=coreye.fr@lists.freeradius.o rg] De la part de Vincent, Fabien Envoyé : mardi 18 octobre 2011 15:53 À : FreeRadius users mailing list Objet : rlm_perl not working Hi all, As you reply yesterday to my question, I have another one which is very embarrassing : I have the following packages installed on CentOS box : freeradius2.x86_64 freeradius2-mysql.x86_64 freeradius2-ldap.x86_64 freeradius2-perl.x86_64 freeradius2-utils.x86_64 I want to make some transformations on my accounting section but this doesnt work when I put the perl in accounting section. Radius stop working : /usr/sbin/radiusd -X conns: 0x25e9760 Module: Checking authorize {...} for more modules to load Module: Checking accounting {...} for more modules to load /etc/raddb/radiusd.conf[267]: Failed to find module perl. /etc/raddb/radiusd.conf[263]: Errors parsing accounting section. Ive found a lot of problems looking on my Google friend, but I didnt understand with a simple : accounting { # sql # comment perl } Using the simple configuration for modules found here: http://wiki.freeradius.org/Rlm_perl Does not work Any ideas ? Thanks in advance for your help Regards, Fabien VINCENT smime.p7s Description: S/MIME cryptographic signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working
Hi, Sorry, fixed, a mistake in my radiusd.conf … (lost in brackets ;) my concern would be that you dont need to touch radiusd.conf at all to use the rlm_perl module - hope you werent following some old document - you just need to edit the modules/perl file and then put 'perl' into the required part of your virtual server (or use a named instance if you want to call it a different name) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_perl not working
Of course ! But to simplify documentation, I've put all in one file radiusd.conf except sql requests / config Another question with Perl / Accounting : I want to made accounting on my F5 LTM / GTM. But the F5 uses something special, because all Audit logs are forwarded to the Radius using syslog-ng. The consequence is that the Accounting-Request is coming with the following format : Ready to process requests. rad_recv: Accounting-Request packet from host 10.10.10.12 port 47931, id=4, length=235 NAS-IP-Address = 127.1.1.1 F5-Acct = Oct 18 17:18:59 local/lb2b notice mcpd[4820]: 01070417:5: AUDIT - user radtest - transaction #40213784-2 - object 0 - modify { pool_member { pool_member_pool_name \.. WARNING: Empty section. Using default return values. +- entering group accounting {...} Invalid Accounting Packet ++[perl] returns invalid Finished request 0. Did you know if it's normal that the accounting section reject the accounting packet and say Invalid Accounting Packet ... Is it due to NAS-IP-Address attribute ? And one more question, can I replace it dynamically with, for example, rlm_perl using the IP address from sender host (here 10.10.10.12 ?). Thanks in advance for your helps ! Fabien VINCENT Ingénieur Réseaux Sécurité / ASSR Produits -Message d'origine- De : freeradius-users-bounces+fabien.vincent=coreye...@lists.freeradius.org [mailto:freeradius-users-bounces+fabien.vincent=coreye...@lists.freeradius.org] De la part de Alan Buxey Envoyé : mardi 18 octobre 2011 16:54 À : FreeRadius users mailing list Objet : Re: rlm_perl not working Hi, Sorry, fixed, a mistake in my radiusd.conf … (lost in brackets ;) my concern would be that you dont need to touch radiusd.conf at all to use the rlm_perl module - hope you werent following some old document - you just need to edit the modules/perl file and then put 'perl' into the required part of your virtual server (or use a named instance if you want to call it a different name) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ce message a ete verifie par MailScanner. smime.p7s Description: S/MIME cryptographic signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working
Vincent, Fabien wrote: Of course ! But to simplify documentation, I've put all in one file radiusd.conf except sql requests / config That's a terrible idea. You can't get the server to work the way you want, but you're willing to completely change it's configuration? That makes no sense. Another question with Perl / Accounting : I want to made accounting on my F5 LTM / GTM. But the F5 uses something special, because all Audit logs are forwarded to the Radius using syslog-ng. The consequence is that the Accounting-Request is coming with the following format : Ready to process requests. rad_recv: Accounting-Request packet from host 10.10.10.12 port 47931, id=4, length=235 NAS-IP-Address = 127.1.1.1 F5-Acct = Oct 18 17:18:59 local/lb2b notice mcpd[4820]: 01070417:5: AUDIT - user radtest - transaction #40213784-2 - object 0 - modify { pool_member { pool_member_pool_name \.. WARNING: Empty section. Using default return values. +- entering group accounting {...} Invalid Accounting Packet That message is generated by the Perl module. ++[perl] returns invalid Finished request 0. Did you know if it's normal that the accounting section reject the accounting packet and say Invalid Accounting Packet ... Is it due to NAS-IP-Address attribute ? No idea... look at the rlm_perl source. And one more question, can I replace it dynamically with, for example, rlm_perl using the IP address from sender host (here 10.10.10.12 ?). Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working
Hi, Of course ! But to simplify documentation, I've put all in one file radiusd.conf except sql requests / config That's a terrible idea. I was going to say the same thing. the old old server used to use a single file for config...that was actually a nasty thing. it now calls seperate moduleswhich all have nice notes/comments in them already. redacting that to a single flat file is horribleeven worse, it makes looking at the difference between your server config and the next release available config - eg new options etc almost impossible. NAS-IP-Address = 127.1.1.1 F5-Acct = Oct 18 17:18:59 local/lb2b notice mcpd[4820]: 01070417:5: AUDIT - user radtest - transaction #40213784-2 - object 0 - modify { pool_member { pool_member_pool_name \.. WARNING: Empty section. Using default return values. +- entering group accounting {...} Invalid Accounting Packet rlm_perl prints that out if there is no Acct-Status-Type attribute in the packet - ie its not really a nice valid accounting packet. this looks like auditing packets being sent... they might need to fix their code? And one more question, can I replace it dynamically with, for example, rlm_perl using the IP address from sender host (here 10.10.10.12 ?). replace what? the NAS-IP-Address? yes - you can swap it with eg the Packet-Src-IP-Address alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working as expected on 2.0.5
Eric Martell wrote: Also I followed everything in http://wiki.freeradius.org/Rlm_perl You should add the Auth-Type text to the authenticate section of both raddb/sites-available/default, and raddb/sites-available/inner-tunnel. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl not working as expected on 2.0.5
You haven't got Auth-Type Perl { perl } in authentication section of inner-tunnel virtual server. You probably added it just to default one. In default configuration users file is common for all virtual servers. Ivan Kalik Kalik Informatika ISP Dana 11/8/2008, Henry [EMAIL PROTECTED] piše: Greetings, I'm busy trying out Freeradius 2.0.5 before upgrading from 1.1.0, and so far everything looks good. I would like to try out rlm_perl since it presents some interesting possibilities, but am having a spot of bother. I followed the howto here: http://wiki.freeradius.org/Rlm_perl rlm_perl isn't event loaded/instantiated unless I add 'perl' to the instantiate section of radiusd.conf. Even if I do, however, I keep getting this error: Parse error (check) for entry DEFAULT: Unknown value Perl for attribute Auth-Type Any pointers on what I'm missing/doing wrong would be appreciated. Thanks Henry Here's the debug: Mon Aug 11 15:58:53 2008 : Info: FreeRADIUS Version 2.0.5, for host i686-pc-linux-gnu, built on Aug 8 2008 at 18:56:21 Mon Aug 11 15:58:53 2008 : Info: Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. Mon Aug 11 15:58:53 2008 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Mon Aug 11 15:58:53 2008 : Info: PARTICULAR PURPOSE. Mon Aug 11 15:58:53 2008 : Info: You may redistribute copies of FreeRADIUS under the terms of the Mon Aug 11 15:58:53 2008 : Info: GNU General Public License v2. Mon Aug 11 15:58:53 2008 : Info: Starting - reading configuration files ... Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/radiusd.conf Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/proxy.conf Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/clients.conf Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/snmp.conf Mon Aug 11 15:58:53 2008 : Debug: including files in directory /usr/local/freeradius-2.0.5/etc/raddb/modules/ Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/policy Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/acct_unique Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/unix Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/chap Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/preprocess Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/expiration Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/mac2vlan Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/mschap Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/ippool Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/files Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/krb5 Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/passwd Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/radutmp Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/attr_rewrite Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/echo Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/etc_group Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/pap Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/realm Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/pam Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/always Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/exec Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/logintime Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/sql_log Mon Aug 11 15:58:53 2008 : Debug: including configuration file /usr/local/freeradius-2.0.5/etc/raddb/modules/smbpasswd Mon Aug 11 15:58:53 2008 : Debug: including configuration file
Re: rlm_perl not working as expected on 2.0.5
On Tue, August 12, 2008 11:08 am, Ivan Kalik wrote: You haven't got Auth-Type Perl { perl } in authentication section of inner-tunnel virtual server. You probably added it just to default one. In default configuration users file is common for all virtual servers. Excellent! Thanks, Ivan. I must have missed that requirement in the docs. Regards Henry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html