Re: rlm_python
On 08/20/2013 02:27 PM, stefan.pae...@diamond.ac.uk wrote: Hello all, I'm currently attempting to use rlm_python to query LDAP (with python-ldap) and then return an XML string in a VSA (SAML-AAA-Assertion). However, when I try to load it, I get the dreaded undefined symbol: PyExc_SystemError error. This is on Ubuntu 12 with, I know, I know, FreeRADIUS 2.1.10. Python-LDAP was Well... as Alan says, upgrade. Particularly if you know. However - embedding python is a pain in the arse. Various versions have issues with the module.so not linking to libpython.so, and not pulling in all the symbols it should. See: http://bugs.python.org/issue4434 ...and try not to despair at the (ahem) confusion of the python dev, and the various mouth-breathers who suggest static linking :o( Try ldd blah/_ldap.so and see if it links to libpython.so. If not, that's your problem, and there isn't much you can do about it because python is broken on your system. The OP in the bug above seems to think it's fixed for him in Python 2.5, but TBH I suspect distro-specific build-time options, rather than any change to the python runtime. built on the local machine for the newest version (although the existing version in the Ubuntu repository has the same problem). Freeradius_samlldap exists in the correct path for Python eggs, and Just to point out that this is of course not the issue. It's one of the modules that this tries to pull in. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_python
12 with, I know, I know, FreeRADIUS 2.1.10. Python-LDAP was Well... as Alan says, upgrade. Particularly if you know. There is no 'out of the box' version for upgrade on Ubuntu 12 at this point short of having to compile it ourselves, that is (situation is similar to CentOS 6 where the last release is 2.1.12). But that's a discussion best had with the Ubuntu folks. However - embedding python is a pain in the arse. Various versions have issues with the module.so not linking to libpython.so, and not pulling in all the symbols it should. See: http://bugs.python.org/issue4434 ...and try not to despair at the (ahem) confusion of the python dev, and the various mouth-breathers who suggest static linking :o( Try ldd blah/_ldap.so and see if it links to libpython.so. If not, that's your problem, and there isn't much you can do about it because python is broken on your system. I shall check that again (when I bring the box up for that magical third try). But if it's not, that again is probably an Ubuntu-specific issue, and we'll probably raise it with the Python-LDAP folks. The OP in the bug above seems to think it's fixed for him in Python 2.5, but TBH I suspect distro-specific build-time options, rather than any change to the python runtime. Indeed. In the meanwhile I've decided to work around it by using ldap.attrmap with a load of Tmp-String-* entries and hoping to feed those into a standard (non-C-linked) Python module for assembly into a compliant XML string. :-) Thanks for the heads-up. Stefan -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python
On Wed, Aug 21, 2013 at 09:19:35AM +, stefan.pae...@diamond.ac.uk wrote: Well... as Alan says, upgrade. Particularly if you know. There is no 'out of the box' version for upgrade on Ubuntu 12 at this point short of having to compile it ourselves, that is Building your own packages on Debian/Ubuntu is trivial. There's really no excuse not to run the latest code. See: http://wiki.freeradius.org/building/Build#Building-Debian-packages Building from git is just about as easy (I think easier - you save the step of downloading a tarball); I wrote it up a while back: http://notes.asd.me.uk/2012/01/27/compiling_freeradius_from_git_on_debian/ Note these both give you packages - so you can easily uninstall etc as required, or roll back to the distribution ones. Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_python
Building your own packages on Debian/Ubuntu is trivial. There's really no excuse not to run the latest code. Matthew, I agree with you, but not when the policy is to only use what is published on vendor (i.e. Ubuntu) repositories. But, like I say, that's not a discussion appropriate for the list, but rather one to be held with Ubuntu :-) Stefan -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python
Hello all, I'm currently attempting to use rlm_python to query LDAP (with python-ldap) and then return an XML string in a VSA (SAML-AAA-Assertion). However, when I try to load it, I get the dreaded undefined symbol: PyExc_SystemError error. This is on Ubuntu 12 with, I know, I know, FreeRADIUS 2.1.10. Python-LDAP was built on the local machine for the newest version (although the existing version in the Ubuntu repository has the same problem). Freeradius_samlldap exists in the correct path for Python eggs, and this is the PYTHONPATH (when I print it with Python): /usr/local/lib/python2.7/dist-packages/pysaml2-0.4.2-py2.7.egg,/usr/local/lib/python2.7/dist-packages/repoze.who-1.0.18-py2.7.egg,/usr/local/lib/python2.7/dist-packages/zope.interface-4.0.5-py2.7-linux-x86_64.egg,/usr/local/lib/python2.7/dist-packages/Paste-1.7.5.1-py2.7.egg,/usr/local/lib/python2.7/dist-packages/httplib2-0.8-py2.7.egg,/usr/local/lib/python2.7/dist-packages/decorator-3.4.0-py2.7.egg,/usr/local/lib/python2.7/dist-packages/freeradius_samlldap-0.0.1-py2.7.egg,/usr/local/lib/python2.7/dist-packages/python_ldap-2.4.13-py2.7-linux-x86_64.egg,/etc/freeradius/modules,/usr/local/lib/python2.7/dist-packages,/usr/lib/python2.7,/usr/lib/python2.7/plat-linux2,/usr/lib/python2.7/lib-tk,/usr/lib/python2.7/lib-old,/usr/lib/python2.7/lib-dynload,/usr/lib/python2.7/dist-packages,/usr/lib/pymodules/python2.7 From what I understand, using ldd -r will list several unresolved imports, but that is supposedly correct? Or is that horribly wrong? The usual debug log is below: FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Sep 24 2012 at 17:58:57 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/saml including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/umbrella_ldap including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius
Re: rlm_python
stefan.pae...@diamond.ac.uk wrote: Hello all, I'm currently attempting to use rlm_python to query LDAP (with python-ldap) and then return an XML string in a VSA (SAML-AAA-Assertion). However, when I try to load it, I get the dreaded undefined symbol: PyExc_SystemError error. This is on Ubuntu 12 with, I know, I know, FreeRADIUS 2.1.10. Upgrade. Recent versions of FreeRADIUS have many fixes. Try the v2.x.x branch from github. It has even more python fixes. There's just no reason for us to debug a problem in 2.1.10. It's years out of date, and we *know* that newer versions have fixes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: share information between authorize and authenticate sections (rlm_perl rlm_python)
Hi, in perl, i could write some new attributes in RAD_CHECK ??, then authenticate() will access them. in python, attributes are read only, so i cannot use them to pass information to authenticate(). A simple database, like redis, could be a solution by adding info with the id of the request (with Message-Authenticator as key)? we use and update private internal FreeRADIUS attributes alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: share information between authorize and authenticate sections (rlm_perl rlm_python)
On 12/12/12 22:04, laurent.fe...@free.fr wrote:
Hello,
If someone can advise me...
How to share information between the authorize() function and the
authenticate() function within a perl or python script ?
Just set an attribute:
authorize {
update request {
Tmp-String-0 := %{some:expansion}
}
...
}
authenticate {
Auth-Type XXX {
if (Tmp-String-0 == a) {
module_a
}
else {
module_b
}
}
}
...re-work as appropriate for your use-case.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: share information between authorize and authenticate sections (rlm_perl rlm_python)
Yes, just found this attribute. Thanks. Works well with Perl :), but not with
Python :(
- Mail original -
De: Phil Mayers p.may...@imperial.ac.uk
À: freeradius-users@lists.freeradius.org
Envoyé: Jeudi 13 Décembre 2012 13:05:23
Objet: Re: share information between authorize and authenticate sections
(rlm_perl rlm_python)
On 12/12/12 22:04, laurent.fe...@free.fr wrote:
Hello,
If someone can advise me...
How to share information between the authorize() function and the
authenticate() function within a perl or python script ?
Just set an attribute:
authorize {
update request {
Tmp-String-0 := %{some:expansion}
}
...
}
authenticate {
Auth-Type XXX {
if (Tmp-String-0 == a) {
module_a
}
else {
module_b
}
}
}
...re-work as appropriate for your use-case.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
share information between authorize and authenticate sections (rlm_perl rlm_python)
Hello, If someone can advise me... How to share information between the authorize() function and the authenticate() function within a perl or python script ? For example, i get some information from a database in authorize() that will reuse it in authenticate()? I could resubmit the sql request again, but it is clearly not efficient. in perl, i could write some new attributes in RAD_CHECK ??, then authenticate() will access them. in python, attributes are read only, so i cannot use them to pass information to authenticate(). A simple database, like redis, could be a solution by adding info with the id of the request (with Message-Authenticator as key)? If someone has an idea, it is very welcome... Regards, Laurent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python: no %RAD_REQUEST equivalent
Yes i confirm you cannot change the request's attributes with rlm_python. With rlm_perl you can (by using the environment variable RAD_REQUEST). I wanted to modify the username. So the only solution would be to modify and update the rlm_python code source. But it is too hard for me... regards, Laurent - Mail original - De: Alan DeKok al...@deployingradius.com À: FreeRadius users mailing list freeradius-users@lists.freeradius.org Envoyé: Mardi 25 Septembre 2012 15:25:53 Objet: Re: rlm_python: no %RAD_REQUEST equivalent laurent.fe...@free.fr wrote: The tuple is a read only object. So, i cannot modify the request attributes with rlm_python. You already said that. I gave you a solution: fix the code. Alan Dekok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python: no %RAD_REQUEST equivalent
Hi, Thanks for your reply. The tuple is a read only object. So, i cannot modify the request attributes with rlm_python. Unfortunately, this module is more limited than the perl one. i have to continue with this one... Regards, Laurent - Mail original - De: Alan DeKok al...@deployingradius.com À: FreeRadius users mailing list freeradius-users@lists.freeradius.org Envoyé: Lundi 24 Septembre 2012 18:06:03 Objet: Re: rlm_python: no %RAD_REQUEST equivalent laurent.fe...@free.fr wrote: in the 'authorize(p)' function, p is the read only tuple of the request. I cannot update the request here. Hmm... you should be able to update it. If you can't, the code should be changed. Moreover, if i change the tuple config in the authorize function , how i can retrieve it in the authentication function? You get passed the tuple again. It's just a list of attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python: no %RAD_REQUEST equivalent
laurent.fe...@free.fr wrote: The tuple is a read only object. So, i cannot modify the request attributes with rlm_python. You already said that. I gave you a solution: fix the code. Alan Dekok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python: no %RAD_REQUEST equivalent
Hello, I have a perl module that changes the username during the authorization phase (retrieve from a oracle database) by modifying the user-name attribute in the RAD_REQUEST dictionary. This update is global and can be used by the authentication phase (still handled by the perl script). I try to switch from perl to python as i'm more comfortable. Everything is ok except i don't know how to modify on the fly the user-name. in the 'authorize(p)' function, p is the read only tuple of the request. I cannot update the request here. The return of the function is (RLM_MODULE_something, tuple4reply, tuple4config). I still cannot change here. Moreover, if i change the tuple config in the authorize function , how i can retrieve it in the authentication function? Maybe i miss something as i'm a beginner on FR. Regards, Laurent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python: no %RAD_REQUEST equivalent
laurent.fe...@free.fr wrote: in the 'authorize(p)' function, p is the read only tuple of the request. I cannot update the request here. Hmm... you should be able to update it. If you can't, the code should be changed. Moreover, if i change the tuple config in the authorize function , how i can retrieve it in the authentication function? You get passed the tuple again. It's just a list of attributes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accessing nas ip with rlm_python and rlm_perl
Hello: Is it at all possible to access this information within these modules? I am trying to code different behavior in my code based on IP. Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accessing nas ip with rlm_python and rlm_perl
On 25 Jul 2012, at 14:57, Carl Pierre wrote: Hello: Is it at all possible to access this information within these modules? I am trying to code different behavior in my code based on IP. NAS-IP-Address yes, Client-IP-Address maybe not, i'd have to check the code… Are you definitely trying to access the NAS-IP-Address? -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python configTuple question
On 05/30/2012 06:43 AM, PENZ Robert wrote: replyTuble are the attributes which are send to the requesting NAS, but I couldn't find out what configTuple is exactly. I currently only pass an () and it works. Is it the same as update control and setting variables in the normal config files? Yes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python configTuple question
Hi!
The python functions should return (return, replyTuple, configTuple).
return is one of the following constants
#RLM_MODULE_REJECT = 0 # /* immediately reject the request */
#RLM_MODULE_FAIL = 1 # /* module failed, don't reply */
#RLM_MODULE_OK = 2 # /* the module is OK, continue */
#RLM_MODULE_HANDLED = 3 # /* the module handled the request, so stop. */
#RLM_MODULE_INVALID = 4 # /* the module considers the request invalid. */
#RLM_MODULE_USERLOCK = 5 # /* reject the request (user is locked out) */
#RLM_MODULE_NOTFOUND = 6 # /* user not found */
#RLM_MODULE_NOOP = 7 # /* module succeeded without doing anything */
#RLM_MODULE_UPDATED = 8 # /* OK (pairs modified) */
#RLM_MODULE_NUMCODES = 9 # /* How many return codes there are */
replyTuble are the attributes which are send to the requesting NAS, but I
couldn't find out what configTuple is exactly. I currently only pass an () and
it works. Is it the same as update control and setting variables in the
normal config files?
What I would like to do is to provide a variable which can be used in the
config file after calling the python module to compare it against
%{TLS-Client-Cert-Subject} as I don't see a possible to get this variable in
the python module to do the compare there. Thx for your help.
Mit freundlichen Grüßen
Robert Penz
--
Dipl.Inf. Robert Penz
DVT - Daten-Verarbeitung-Tirol GmbH
Adamgasse 22, 6020 Innsbruck
Tel: +43 (0)512 508 3334 / Fax: +43 (0)512 508 3355
E-Mail: robert.p...@tirol.gv.at
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to specify python modules used by rlm_python?
Hi, I'm trying to use rlm_python to intergrate with my own authentication backend, but there's so little document about rlm_python. I even cannot find how to specify the path to the python module. radiusd.py living in PYTHONPATH - EXPORT PYTHONPATH=$location alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to specify python modules used by rlm_python?
Hi everyone,
I'm trying to use rlm_python to intergrate with my own authentication
backend, but there's so little document about rlm_python. I even cannot find
how to specify the path to the python module.
Can anybody give me a hint?
Module: Instantiating module python from file
/etc/freeradius/modules/python
python_init done
python {
mod_instantiate = radiusd_test
func_instantiate = instantiate
mod_authorize = radiusd_test
func_authorize = authorize
mod_accounting = radiusd_test
func_accounting = accounting
mod_pre_proxy = radiusd_test
func_pre_proxy = pre_proxy
mod_post_proxy = radiusd_test
func_post_proxy = post_proxy
mod_post_auth = radiusd_test
func_post_auth = post_auth
mod_recv_coa = radiusd_test
func_recv_coa = recv_coa
mod_send_coa = radiusd_test
func_send_coa = send_coa
mod_detach = radiusd_test
func_detach = detach
}
rlm_python:python_load_function: module 'radiusd_test' is not found
rlm_python:EXCEPT:type 'exceptions.ImportError': No module named
radiusd_test
rlm_python:python_load_function: failed to import python function
'radiusd_test.instantiate'
/etc/freeradius/modules/python[1]: Instantiation failed for module python
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and the Tunnel-Private-Group-Id attribute
Just to close out this thread with a solution... Turns out that neither rlm_python nor freeradius were the problem. They are working perfectly. The problem was my idiot wireless administrator! Once I beat the password out of him and properly configured the wireless switch, everything started working! Sorry for the hassle. Bob On Thu, Feb 10, 2011 at 8:47 PM, Brett Littrell blittr...@musd.org wrote: Hi Bob, I do have this running successfully with eDir. I am guessing you are using the eDir Radius schema extensions? Also, if you are using Cisco equipment, you have to send the vlan name, not the ID. Not sure if other switches require the ID. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Thursday, February 10, 2011 at 1:24 AM, in message AANLkTi=wzuimz+65y3-qzvzdpcvdwp8f4fhht-b+-...@mail.gmail.com, Bob Brandt b...@brandt.ie wrote: Not sure if there isn't another forum or mailing list for rlm_python specifically, but... I have been using freeradius for a while now with great results, thanks! We are using a very simple configuration to authenticate users against LDAP (eDirectory) and that part works great! I am trying to add a component that will return the necessary attributes to allow for dynamic VLANs I was able to get this working using the /etc/raddb/users file, however do to the size of the organization, this is very messy. I have started using python to extract this information from another database and return the information. All my testing seems to indicate it should work, but it is not. I believe the problem is in how rlm_python returns the Tunnel-Private-Group-Id attribute. My users file (which works) looks like this: # Generic LDAP return attributes DEFAULT Auth-Type == LDAP Class = Staff, Service-Type = Login, Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 99, Fall-Through = Yes brandtb Reply-Message += You are a member of the IT Group, Class := CACS:0/ebf42/ac8c8e6/administrator, Tunnel-Private-Group-ID := 150, Alcatel-Lucent-Asa-Access = all, Fall-Through = No Below are the two snipets of the debugs. The first is from the old(working) system which uses the users file and the second is from the new system using the rlm_python module: Sending Access-Challenge of id 172 to 10.200.113.99 port 18699 Class := 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72 Service-Type = Login-User Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Tunnel-Private-Group-Id:0 := 150 Reply-Message += You are a member of the IT Group EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0xc146d1a4c144c80f46bec9bc87d3208b Finished request 0. - Sending Access-Challenge of id 130 to 10.200.113.99 port 18673 Reply-Message = You are a member of the IT Group Tunnel-Type:0 = VLAN Class = 0x4f5057537461 Class = 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72 Tunnel-Medium-Type:0 = IEEE-802 Service-Type = Login-User Tunnel-Private-Group-Id:0 = 150 EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0x8cd4aac48cd6b3a6430ea766ccfa9b91 Finished request 0. The debug output looks for the most part identical! Now, initially when using the users file, I had the same problem I am having now, where the wireless access point was getting the attributes but was not putting me in the correct VLAN. The problem turned out that I was passing a string to the Tunnel-Private-Group-Id attribute instead of an integer. Once I removed the quotes from the VLAN ID everything was working perfectly. Thinking that the problem was that within Python I was storing the Tunnel-Private-Group-Id attribute as a string I changed it to an integer, however I got immediately got the error: return tuple must be (str,str) I don't know who to get around this and I have not been able to find too many examples of how to use the rlm_python module. Any help would be greatly appreciated. Thanks Bob Brandt -- What's the point of having a rapier wit if I can't use it to stab people? - Jeph Jacques - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- What's the point of having a rapier wit if I can't use it to stab people? - Jeph Jacques - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python and the Tunnel-Private-Group-Id attribute
Not sure if there isn't another forum or mailing list for rlm_python specifically, but... I have been using freeradius for a while now with great results, thanks! We are using a very simple configuration to authenticate users against LDAP (eDirectory) and that part works great! I am trying to add a component that will return the necessary attributes to allow for dynamic VLANs I was able to get this working using the /etc/raddb/users file, however do to the size of the organization, this is very messy. I have started using python to extract this information from another database and return the information. All my testing seems to indicate it should work, but it is not. I believe the problem is in how rlm_python returns the Tunnel-Private-Group-Id attribute. My users file (which works) looks like this: # Generic LDAP return attributes DEFAULT Auth-Type == LDAP Class = Staff, Service-Type = Login, Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 99, Fall-Through = Yes brandtb Reply-Message += You are a member of the IT Group, Class := CACS:0/ebf42/ac8c8e6/administrator, Tunnel-Private-Group-ID := 150, Alcatel-Lucent-Asa-Access = all, Fall-Through = No Below are the two snipets of the debugs. The first is from the old(working) system which uses the users file and the second is from the new system using the rlm_python module: Sending Access-Challenge of id 172 to 10.200.113.99 port 18699 Class := 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72 Service-Type = Login-User Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Tunnel-Private-Group-Id:0 := 150 Reply-Message += You are a member of the IT Group EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0xc146d1a4c144c80f46bec9bc87d3208b Finished request 0. - Sending Access-Challenge of id 130 to 10.200.113.99 port 18673 Reply-Message = You are a member of the IT Group Tunnel-Type:0 = VLAN Class = 0x4f5057537461 Class = 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72 Tunnel-Medium-Type:0 = IEEE-802 Service-Type = Login-User Tunnel-Private-Group-Id:0 = 150 EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0x8cd4aac48cd6b3a6430ea766ccfa9b91 Finished request 0. The debug output looks for the most part identical! Now, initially when using the users file, I had the same problem I am having now, where the wireless access point was getting the attributes but was not putting me in the correct VLAN. The problem turned out that I was passing a string to the Tunnel-Private-Group-Id attribute instead of an integer. Once I removed the quotes from the VLAN ID everything was working perfectly. Thinking that the problem was that within Python I was storing the Tunnel-Private-Group-Id attribute as a string I changed it to an integer, however I got immediately got the error: return tuple must be (str,str) I don't know who to get around this and I have not been able to find too many examples of how to use the rlm_python module. Any help would be greatly appreciated. Thanks Bob Brandt -- What's the point of having a rapier wit if I can't use it to stab people? - Jeph Jacques - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and the Tunnel-Private-Group-Id attribute
Bob Brandt wrote: All my testing seems to indicate it should work, but it is not. I believe the problem is in how rlm_python returns the Tunnel-Private-Group-Id attribute. As a string. The server core parses it into whatever is necessary. Date, IP address, etc. Below are the two snipets of the debugs. The first is from the old(working) system which uses the users file and the second is from the new system using the rlm_python module: ... Tunnel-Private-Group-Id:0 := 150 ... Tunnel-Private-Group-Id:0 = 150 ... The debug output looks for the most part identical! Yup. Now, initially when using the users file, I had the same problem I am having now, where the wireless access point was getting the attributes but was not putting me in the correct VLAN. The problem turned out that I was passing a string to the Tunnel-Private-Group-Id attribute instead of an integer. Once I removed the quotes from the VLAN ID everything was working perfectly. Hmm... I don't see why. The attribute is defined to be a string. Using quotes or not shouldn't make any difference. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and the Tunnel-Private-Group-Id attribute
My only observation right now is that there is a colon (:=)in the debug of the working server. Would that make any difference? On Thu, Feb 10, 2011 at 11:09 AM, Alan DeKok al...@deployingradius.com wrote: Below are the two snipets of the debugs. The first is from the old(working) system which uses the users file and the second is from the new system using the rlm_python module: ... Tunnel-Private-Group-Id:0 := 150 ... Tunnel-Private-Group-Id:0 = 150 ... The debug output looks for the most part identical! Yup. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and the Tunnel-Private-Group-Id attribute
Hi Bob, I do have this running successfully with eDir. I am guessing you are using the eDir Radius schema extensions? Also, if you are using Cisco equipment, you have to send the vlan name, not the ID. Not sure if other switches require the ID. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Thursday, February 10, 2011 at 1:24 AM, in message AANLkTi=wzuimz+65y3-qzvzdpcvdwp8f4fhht-b+-...@mail.gmail.com, Bob Brandt b...@brandt.ie wrote: Not sure if there isn't another forum or mailing list for rlm_python specifically, but... I have been using freeradius for a while now with great results, thanks! We are using a very simple configuration to authenticate users against LDAP (eDirectory) and that part works great! I am trying to add a component that will return the necessary attributes to allow for dynamic VLANs I was able to get this working using the /etc/raddb/users file, however do to the size of the organization, this is very messy. I have started using python to extract this information from another database and return the information. All my testing seems to indicate it should work, but it is not. I believe the problem is in how rlm_python returns the Tunnel-Private-Group-Id attribute. My users file (which works) looks like this: # Generic LDAP return attributes DEFAULT Auth-Type == LDAP Class = Staff, Service-Type = Login, Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 99, Fall-Through = Yes brandtb Reply-Message += You are a member of the IT Group, Class := CACS:0/ebf42/ac8c8e6/administrator, Tunnel-Private-Group-ID := 150, Alcatel-Lucent-Asa-Access = all, Fall-Through = No Below are the two snipets of the debugs. The first is from the old(working) system which uses the users file and the second is from the new system using the rlm_python module: Sending Access-Challenge of id 172 to 10.200.113.99 port 18699 Class := 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72 Service-Type = Login-User Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Tunnel-Private-Group-Id:0 := 150 Reply-Message += You are a member of the IT Group EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0xc146d1a4c144c80f46bec9bc87d3208b Finished request 0. - Sending Access-Challenge of id 130 to 10.200.113.99 port 18673 Reply-Message = You are a member of the IT Group Tunnel-Type:0 = VLAN Class = 0x4f5057537461 Class = 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72 Tunnel-Medium-Type:0 = IEEE-802 Service-Type = Login-User Tunnel-Private-Group-Id:0 = 150 EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0x8cd4aac48cd6b3a6430ea766ccfa9b91 Finished request 0. The debug output looks for the most part identical! Now, initially when using the users file, I had the same problem I am having now, where the wireless access point was getting the attributes but was not putting me in the correct VLAN. The problem turned out that I was passing a string to the Tunnel-Private-Group-Id attribute instead of an integer. Once I removed the quotes from the VLAN ID everything was working perfectly. Thinking that the problem was that within Python I was storing the Tunnel-Private-Group-Id attribute as a string I changed it to an integer, however I got immediately got the error: return tuple must be (str,str) I don't know who to get around this and I have not been able to find too many examples of how to use the rlm_python module. Any help would be greatly appreciated. Thanks Bob Brandt -- What's the point of having a rapier wit if I can't use it to stab people? - Jeph Jacques - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and the Tunnel-Private-Group-Id attribute
Sorry, Reading a little deeper into the email, I do not have it the way you set it up. I use eDir for all the DVlan attributes and have Radius query when the user logs in. Most of the assignments are done via Radius profiles in eDir. The Cisco thing I know is the case however, was pulling my hair out using the ID before and found you had to use the name. Hope you get the perl side to work. Thanks Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Thursday, February 10, 2011 at 12:47 PM, in message 4d53de6b02690002d...@internetemail.musd.org, Brett Littrell blittr...@musd.org wrote: Hi Bob, I do have this running successfully with eDir. I am guessing you are using the eDir Radius schema extensions? Also, if you are using Cisco equipment, you have to send the vlan name, not the ID. Not sure if other switches require the ID. Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE On Thursday, February 10, 2011 at 1:24 AM, in message AANLkTi=wzuimz+65y3-qzvzdpcvdwp8f4fhht-b+-...@mail.gmail.com, Bob Brandt b...@brandt.ie wrote: Not sure if there isn't another forum or mailing list for rlm_python specifically, but... I have been using freeradius for a while now with great results, thanks! We are using a very simple configuration to authenticate users against LDAP (eDirectory) and that part works great! I am trying to add a component that will return the necessary attributes to allow for dynamic VLANs I was able to get this working using the /etc/raddb/users file, however do to the size of the organization, this is very messy. I have started using python to extract this information from another database and return the information. All my testing seems to indicate it should work, but it is not. I believe the problem is in how rlm_python returns the Tunnel-Private-Group-Id attribute. My users file (which works) looks like this: # Generic LDAP return attributes DEFAULT Auth-Type == LDAP Class = Staff, Service-Type = Login, Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 99, Fall-Through = Yes brandtb Reply-Message += You are a member of the IT Group, Class := CACS:0/ebf42/ac8c8e6/administrator, Tunnel-Private-Group-ID := 150, Alcatel-Lucent-Asa-Access = all, Fall-Through = No Below are the two snipets of the debugs. The first is from the old(working) system which uses the users file and the second is from the new system using the rlm_python module: Sending Access-Challenge of id 172 to 10.200.113.99 port 18699 Class := 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72 Service-Type = Login-User Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Tunnel-Private-Group-Id:0 := 150 Reply-Message += You are a member of the IT Group EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0xc146d1a4c144c80f46bec9bc87d3208b Finished request 0. - Sending Access-Challenge of id 130 to 10.200.113.99 port 18673 Reply-Message = You are a member of the IT Group Tunnel-Type:0 = VLAN Class = 0x4f5057537461 Class = 0x434143533a302f65626634322f616338633865362f61646d696e6973747261746f72 Tunnel-Medium-Type:0 = IEEE-802 Service-Type = Login-User Tunnel-Private-Group-Id:0 = 150 EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0x8cd4aac48cd6b3a6430ea766ccfa9b91 Finished request 0. The debug output looks for the most part identical! Now, initially when using the users file, I had the same problem I am having now, where the wireless access point was getting the attributes but was not putting me in the correct VLAN. The problem turned out that I was passing a string to the Tunnel-Private-Group-Id attribute instead of an integer. Once I removed the quotes from the VLAN ID everything was working perfectly. Thinking that the problem was that within Python I was storing the Tunnel-Private-Group-Id attribute as a string I changed it to an integer, however I got immediately got the error: return tuple must be (str,str) I don't know who to get around this and I have not been able to find too many examples of how to use the rlm_python module. Any help would be greatly appreciated. Thanks Bob Brandt -- What's the point of having a rapier wit if I can't use it to stab people? - Jeph Jacques - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and dynload problem
Josip Rodin wrote: I had just written the clean rebuild instructions here, but then I realized what might be wrong - configure.in says: AC_CHECK_FUNC(lt_dladvise_init, AC_DEFINE(HAVE_HAVE_LT_DLADVISE_INIT, [], [Do we have the lt_dladvise_init function])) ~~ The underlined part sounds like a copywaste error that never could have worked properly in the first place... Alan? Fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python and dynload problem
Hi and happy new year to everyone,
In april I wrote the message below about python modules not being able to load
dynamic libraries on Debian Lenny. Alan DeKok answered that he would try to
fix this in version 2.1.9, and I was very pleased to read the following message
in version 2.1.9's Changelog:
Update configure script for rlm_python to avoid dynamic linking problems on
some platforms.
I did not have time to test this ever since, but I just did, and unfortunately,
I still have the same problem on Debian Lenny, using the latest FreeRADIUS
backport for Lenny (it is based on FreeRADIUS 2.1.10, the Debian package is
labelled 2.1.10+dfsg-2~bpo50+1). Is this a problem that I should report to
the package's maintainer for Debian (did he forget some compilation option?),
or is it something that should be fixed within FreeRADIUS itself?
Here's FreeRADIUS's debug output:
[...]
Module: Linked to module rlm_python
Module: Instantiating module python_test from file
/etc/freeradius/modules/python
python_init done
python python_test {
mod_instantiate = test_freeradius
func_instantiate = instantiate
mod_authorize = test_freeradius
func_authorize = authorize
mod_authenticate = test_freeradius
func_authenticate = authenticate
mod_accounting = test_freeradius
func_accounting = accounting
mod_checksimul = test_freeradius
func_checksimul = checksimul
mod_pre_proxy = test_freeradius
func_pre_proxy = pre_proxy
mod_post_proxy = test_freeradius
func_post_proxy = post_proxy
mod_post_auth = test_freeradius
func_post_auth = post_auth
mod_recv_coa = test_freeradius
func_recv_coa = recv_coa
mod_send_coa = test_freeradius
func_send_coa = send_coa
mod_detach = test_freeradius
func_detach = detach
}
rlm_python:python_load_function: module 'test_freeradius' is not found
rlm_python:EXCEPT:type 'exceptions.ImportError':
/usr/lib/python2.5/lib-dynload/math.so: undefined symbol: PyExc_ValueError
rlm_python:python_load_function: failed to import python function
'test_freeradius.instantiate'
/etc/freeradius/modules/python[69]: Instantiation failed for module
python_test
/etc/freeradius/sites-enabled/default[205]: Failed to load module python_test.
/etc/freeradius/sites-enabled/default[62]: Errors parsing authorize section.
The python code looks like this:
import radiusd
import math
def get_radius_attribute(attribute, p):
for attr, val in p:
if attr==attribute:
return val
def instantiate(p):
radiusd.radlog(radiusd.L_DBG, '*** python: instantiate ***')
return radiusd.RLM_MODULE_OK
[...] # all other functions are exactly similar
Everything works fine if I just remove the line import math.
Thank you very much for your help,
Aurélien Geron
Le 27 avr. 2010 à 01:56, Aurélien Geron a écrit :
Hi,
I came across a bug when rlm_python executes python code that tries to load a
dynamic (shared) module. This bug seems to have been discussed 2 or 3 times
on this list, but no really satisfying solution appears to have been found so
far (as far as I know), so I thought I might raise the subject again and
perhaps try to contribute in finding a solution.
In short, I think the solution to this problem is explained here, but I don't
know how to implement it in freeRADIUS :
http://docs.python.org/release/2.5.2/ext/link-reqs.html
Here is my setup :
- running a perfectly standard Debian Lenny (2.6.26-2-amd64)
- installed the latest freeradius package from the lenny-backports
(2.1.8+dfsg-1~bpo50+1)
- the python debian package is the one installed with Debian Lenny (2.5.2-3)
Here is my config:
--
###
# /etc/freeradius/modules/python
###
python python_test {
mod_instantiate = radiusd_test
func_instantiate = instantiate
}
###
# /etc/freeradius/radiusd.conf
###
...
instantiate {
python_test
}
...
###
# /usr/lib/python2.5/site-packages/radiusd_test.py
###
def instantiate(p):
radiusd.radlog(radiusd.L_DBG, THIS WORKS)
import random # this crashes
radiusd.radlog(radiusd.L_DBG, THIS IS NEVER REACHED !)
--
Here is the output of freeradius -X :
--
FreeRADIUS Version 2.1.8, for host x86_64-pc-linux-gnu, built on Apr 26 2010
at 21:49:28
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
...
Module: Linked to module rlm_python
Module: Instantiating python_test
python_init done
python python_test
Re: rlm_python and dynload problem
On Thu, Jan 06, 2011 at 11:26:44AM +0100, Aurélien Geron wrote: Hi and happy new year to everyone, In april I wrote the message below about python modules not being able to load dynamic libraries on Debian Lenny. I did not have time to test this ever since, but I just did, and unfortunately, I still have the same problem on Debian Lenny, using the latest FreeRADIUS backport for Lenny (it is based on FreeRADIUS 2.1.10, the Debian package is labelled 2.1.10+dfsg-2~bpo50+1). - running a perfectly standard Debian Lenny (2.6.26-2-amd64) - installed the latest freeradius package from the lenny-backports (2.1.8+dfsg-1~bpo50+1) Can you verify that your exact freeradius packages used now - do indeed link to libltdl7 and use the new code? Generic amd64 packages should be fine, but do check just in case... Perhaps also use ltrace to find the symbol lookup function used? You need to see some lt_dladvise_*() and/or lt_dlopenadvise() mentioned. (Assuming the cause for this is http://bugs.debian.org/416266 ) -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and dynload problem
Hi Josip, Here are a few commands that I just launched on my server: #uname -a Linux maggie 2.6.26-2-amd64 #1 SMP Thu Nov 25 04:30:55 UTC 2010 x86_64 GNU/Linux #dpkg -l | grep libltdl ii libltdl31.5.26-4+lenny1A system independent dlopen wrapper for GNU ii libltdl72.2.6b-2~bpo50+1 A system independent dlopen wrapper for GNU #dpkg -l | grep freeradius ii freeradius 2.1.10+dfsg-2~bpo50+1 a high-performance and highly configurable R ii freeradius-common 2.1.10+dfsg-2~bpo50+1 FreeRADIUS common files ii freeradius-ldap 2.1.10+dfsg-2~bpo50+1 LDAP module for FreeRADIUS server ii freeradius-mysql2.1.10+dfsg-2~bpo50+1 MySQL module for FreeRADIUS server ii freeradius-utils2.1.10+dfsg-2~bpo50+1 FreeRADIUS client utilities ii libfreeradius2 2.1.10+dfsg-2~bpo50+1 FreeRADIUS shared library #ldd /usr/sbin/freeradius linux-vdso.so.1 = (0x7fff701db000) libfreeradius-radius-2.1.10.so = /usr/lib/freeradius/libfreeradius-radius-2.1.10.so (0x7f1018ce1000) libnsl.so.1 = /lib/libnsl.so.1 (0x7f1018ac9000) libresolv.so.2 = /lib/libresolv.so.2 (0x7f10188b5000) libpthread.so.0 = /lib/libpthread.so.0 (0x7f1018699000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x7f1018461000) libltdl.so.7 = /usr/lib/libltdl.so.7 (0x7f1018258000) libssl.so.0.9.8 = /usr/lib/libssl.so.0.9.8 (0x7f1018006000) libcrypto.so.0.9.8 = /usr/lib/libcrypto.so.0.9.8 (0x7f1017c6b000) libc.so.6 = /lib/libc.so.6 (0x7f1017918000) /lib64/ld-linux-x86-64.so.2 (0x7f1018f03000) libdl.so.2 = /lib/libdl.so.2 (0x7f1017714000) libz.so.1 = /usr/lib/libz.so.1 (0x7f10174fd000) = FreeRADIUS seems to rely on libltdl.so.7, as expected. #ls -la /usr/lib/libltdl.so.7* lrwxrwxrwx 1 root root16 2010-12-29 17:41 /usr/lib/libltdl.so.7 - libltdl.so.7.2.1 -rw-r--r-- 1 root root 36408 2010-08-13 13:51 /usr/lib/libltdl.so.7.2.1 #ltrace -S -o freeradius.ltrace -C freeradius -X #tail freeradius.ltrace ... write resumed ) = 96 vsnprintf(, 4414891, \377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377..., 0x435dac) = 45 vsnprintf(\001\200\255\373\351\177, 4396650, \377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377..., 0x43166a) = 81 write(1, /etc/freeradius/modules/python[6..., 82 unfinished ... SYS_write(1, /etc/freeradius/modules/python[6..., 82) = 82 ... write resumed ) = 82 free(0xfd4930) = void exit(1 unfinished ... SYS_exit_group(1 no return ... +++ exited (status 1) +++ #grep -i advise freeradius.ltrace = [no output] Apparently, the string advise is nowhere in ltrace's output. #grep lt_dl freeradius.ltrace lt_dlpreload_default(0x4303c0, 0x1bbe030, 1, 0x1be15d0, 4) = 0 lt_dlinit(0x4303c0, 0x1bbe030, 1, 0x1be15d0, 4) = 0 lt_dlsetsearchpath(0x1bea110, 0x7f27c34d4086, 0, 0x, 0) = 0 lt_dlopenext(0x7fff94d3d210, 0x7fff94d3d000, 0, 0x7fff94d3d219, 0x2525252525252525 unfinished ... ... lt_dlopenext resumed ) = 0x1cffe10 lt_dlsym(0x1cffe10, 0x7fff94d3d110, 0x2d2d2d2d2d2d2d2d, 0x2d2d2d2d2d6d002d, 0xfefefefefefefeff) = 0x7f27c2771f40 lt_dlopenext(0x7fff94d3d210, 0x1d004a6, 0, 0x, 0x2525252525252525 unfinished ... ... lt_dlopenext resumed ) = 0x1d00970 lt_dlsym(0x1d00970, 0x7fff94d3d110, 0x2d2d2d2d2d2d2d2d, 0x2d2d2d2d2d6d002d, 0xfefefefefefefeff) = 0x7f27c256f360 lt_dlopenext(0x7fff94d3d210, 0x1d00fd7, 0, 0x, 0x2525252525252525 unfinished ... ... lt_dlopenext resumed ) = 0x1d01730 lt_dlsym(0x1d01730, 0x7fff94d3d110, 0xfeff6d6e68736071, 0x6e6f69746172, 0xfefefefefefefeff) = 0x7f27c236c3a0 lt_dlopenext(0x7fff94d3d210, 0x1d00fd4, 0, 0x, 0x2525252525252525 unfinished ... ... lt_dlopenext resumed ) = 0x1d020b0 lt_dlsym(0x1d020b0, 0x7fff94d3d110, 0xfefeff646c68736d, 0x656d69746e, 0xfefefefefefefeff) = 0x7f27c216a580 lt_dlopenext(0x7fff94d3d210, 0x1d02744, 0, 0x, 0x2525252525252525 unfinished ... ... lt_dlopenext resumed )
Re: rlm_python and dynload problem
Hi, The workaround described in http://bugs.debian.org/416266 for perl works for python too, I just tried it: LD_PRELOAD=/usr/lib/libpython2.5.so.1 freeradius -X = works fine Thanks a lot, Aurélien Geron Le 6 janv. 2011 à 14:44, Josip Rodin a écrit : On Thu, Jan 06, 2011 at 11:26:44AM +0100, Aurélien Geron wrote: Hi and happy new year to everyone, In april I wrote the message below about python modules not being able to load dynamic libraries on Debian Lenny. I did not have time to test this ever since, but I just did, and unfortunately, I still have the same problem on Debian Lenny, using the latest FreeRADIUS backport for Lenny (it is based on FreeRADIUS 2.1.10, the Debian package is labelled 2.1.10+dfsg-2~bpo50+1). - running a perfectly standard Debian Lenny (2.6.26-2-amd64) - installed the latest freeradius package from the lenny-backports (2.1.8+dfsg-1~bpo50+1) Can you verify that your exact freeradius packages used now - do indeed link to libltdl7 and use the new code? Generic amd64 packages should be fine, but do check just in case... Perhaps also use ltrace to find the symbol lookup function used? You need to see some lt_dladvise_*() and/or lt_dlopenadvise() mentioned. (Assuming the cause for this is http://bugs.debian.org/416266 ) -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and dynload problem
On Thu, Jan 06, 2011 at 03:46:07PM +0100, Aurélien Geron wrote: libltdl.so.7 = /usr/lib/libltdl.so.7 (0x7f1018258000) = FreeRADIUS seems to rely on libltdl.so.7, as expected. #grep -i advise freeradius.ltrace = [no output] Apparently, the string advise is nowhere in ltrace's output. #grep lt_dl freeradius.ltrace lt_dlsetsearchpath(0x1bea110, 0x7f27c34d4086, 0, 0x, 0) = 0 lt_dlopenext(0x7fff94d3d210, 0x7fff94d3d000, 0, 0x7fff94d3d219, 0x2525252525252525 unfinished ... ... lt_dlopenext resumed ) = 0x1cffe10 lt_dlsym(0x1cffe10, 0x7fff94d3d110, 0x2d2d2d2d2d2d2d2d, 0x2d2d2d2d2d6d002d, 0xfefefefefefefeff) = 0x7f27c2771f40 lt_dlopenext(0x7fff94d3d210, 0x1d004a6, 0, 0x, 0x2525252525252525 unfinished ... I hope this answers your questions. Yep. Somehow, during the build of this package, HAVE_LT_DLADVISE_INIT wasn't defined after all, so the fr_dlopenext() evaluated into a library call for simple but insufficient lt_dlopenext(), rather than the less simple but proper lt_dlopenadvise() and friends. So apparently I something went wrong while I was building that backport. (I checked the binary, too.) I had just written the clean rebuild instructions here, but then I realized what might be wrong - configure.in says: AC_CHECK_FUNC(lt_dladvise_init, AC_DEFINE(HAVE_HAVE_LT_DLADVISE_INIT, [], [Do we have the lt_dladvise_init function])) ~~ The underlined part sounds like a copywaste error that never could have worked properly in the first place... Alan? -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and dynload problem
Aurélien Geron wrote: Basically, if I understand correctly, his idea is to have the python fellows declare the proper dependencies in every *.so file, so that the libpython2.5.so.1 file gets loaded automatically when the math module (or any other dynamic module) gets loaded. Maybe that's the ideal solution, I really don't know. But it seems to me that we should try to fix freeRADIUS so that it works around this bug before python dependencies are fixed (it make take a while or even never happen). So I thing the only short-medium-term solution is to use LINKFORSHARED linker options. Thanks for reading this huge message. I hope we can beat this bug. OK. I'll see about putting that fix into 2.1.9. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and dynload problem
Alan DeKok wrote: Aurélien Geron wrote: Basically, if I understand correctly, his idea is to have the python fellows declare the proper dependencies in every *.so file, so that the libpython2.5.so.1 file gets loaded automatically when the math module (or any other dynamic module) gets loaded. Maybe that's the ideal solution, I really don't know. But it seems to me that we should try to fix freeRADIUS so that it works around this bug before python dependencies are fixed (it make take a while or even never happen). So I thing the only short-medium-term solution is to use LINKFORSHARED linker options. Thanks for reading this huge message. I hope we can beat this bug. OK. I'll see about putting that fix into 2.1.9. Alan DeKok. That's great, thanks a lot Alan. If I can be of any help (for example, for testing), please let me know. Aurélien Geron - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python and dynload problem
Hi,
I came across a bug when rlm_python executes python code that tries to load a
dynamic (shared) module. This bug seems to have been discussed 2 or 3 times on
this list, but no really satisfying solution appears to have been found so far
(as far as I know), so I thought I might raise the subject again and perhaps
try to contribute in finding a solution.
In short, I think the solution to this problem is explained here, but I don't
know how to implement it in freeRADIUS :
http://docs.python.org/release/2.5.2/ext/link-reqs.html
Here is my setup :
- running a perfectly standard Debian Lenny (2.6.26-2-amd64)
- installed the latest freeradius package from the lenny-backports
(2.1.8+dfsg-1~bpo50+1)
- the python debian package is the one installed with Debian Lenny (2.5.2-3)
Here is my config:
--
###
# /etc/freeradius/modules/python
###
python python_test {
mod_instantiate = radiusd_test
func_instantiate = instantiate
}
###
# /etc/freeradius/radiusd.conf
###
...
instantiate {
python_test
}
...
###
# /usr/lib/python2.5/site-packages/radiusd_test.py
###
def instantiate(p):
radiusd.radlog(radiusd.L_DBG, THIS WORKS)
import random # this crashes
radiusd.radlog(radiusd.L_DBG, THIS IS NEVER REACHED !)
--
Here is the output of freeradius -X :
--
FreeRADIUS Version 2.1.8, for host x86_64-pc-linux-gnu, built on Apr 26 2010 at
21:49:28
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
...
Module: Linked to module rlm_python
Module: Instantiating python_test
python_init done
python python_test {
mod_instantiate = radiusd_test
func_instantiate = instantiate
}
THIS WORKS
rlm_python:EXCEPT:type 'exceptions.ImportError':
/usr/lib/python2.5/lib-dynload/math.so: undefined symbol: PyExc_ValueError
/etc/freeradius/modules/python[24]: Instantiation failed for module
python_test
--
The module is properly loaded, the instantiate function gets called, and the
first log message is output. In fact, any 100% pure python code works fine.
The bug happens when a python module gets loaded dynamically : importing any
module located in /usr/lib/python2.5/lib-dynload/*.so will crash.
From what I understand, here's what happens:
1) rlm_python was built against libpython2.5.a, but for optimization purposes,
the linker stripped out all the symbols that were not used by rlm_python itself
(including, for example, PyExc_ValueError). This behavior is
platform-dependent, which probably explains why everything works fine on
centos, for example.
2) when the radiusd_test module runs, it tries to import the random module,
which itself tries to import the math module, which is in lib-dynload, and
gets loaded dynamically.
3) unfortunately, python fails to load that module because it uses the
PyExc_ValueError symbol and it does not know where it is defined (it is located
in /usr/lib/libpython2.5.so.1, but unfortunately, the math module does not
know that.
As I said, I believe that the solution to this problem is clearly explained
here: http://docs.python.org/release/2.5.2/ext/link-reqs.html
As it's just a few paragraphs, I'll quote it here, for your convenience:
--
While the configure script shipped with the Python sources will correctly build
Python to export the symbols needed by dynamically linked extensions, this is
not automatically inherited by applications which embed the Python library
statically, at least on Unix. This is an issue when the application is linked
to the static runtime library (libpython.a) and needs to load dynamic
extensions (implemented as.so files).
The problem is that some entry points are defined by the Python runtime solely
for extension modules to use. If the embedding application does not use any of
these entry points, some linkers will not include those entries in the symbol
table of the finished executable. Some additional options are needed to inform
the linker not to remove these symbols.
Determining the right options to use for any given platform can be quite
difficult, but fortunately the Python configuration already has those values.
To retrieve them from an installed Python interpreter, start an interactive
interpreter and have a short session like this:
import distutils.sysconfig
distutils.sysconfig.get_config_var('LINKFORSHARED')
'-Xlinker -export-dynamic'
The contents of the string presented will be the options that should be used.
If the string is empty, there's no need
rlm_python and post-auth manipulation.
Good day Freeradius users,
I am trying to use the rlm_python module to do additional actions after an
user has been authenticated. To learn, I'm using the radiusd_test.py which
is in the python path. I haven't found an indication that says it is
impossible to do, correct me if I'm wrong off-course.
I did the following ( by the way, i made sure rlm_python was compiled with
the server ) :
Created a python module under modules :
python {
mod_instantiate = radiusd_test
func_instantiate = instantiate
mod_authorize = radiusd_test
func_authorize = authorize
mod_accounting = radiusd_test
func_accounting = accounting
mod_preproxy = radiusd_test
func_preproxy = preproxy
mod_postproxy = radiusd_test
func_postproxy = postproxy
mod_postauth = radiusd_test
func_postauth = postauth
mod_detach = radiusd_test
func_detach = detach
}
Added python in the site-enabled/default post-auth section
Now, in the radiusd -X log, I can see the following :
Module: Instantiating python
python_init done
python {
mod_instantiate = radiusd_test
func_instantiate = instantiate
mod_authorize = radiusd_test
func_authorize = authorize
mod_accounting = radiusd_test
func_accounting = accounting
mod_detach = radiusd_test
func_detach = detach
}
*** instantiate ***
*Ok, i'm missing the postauth, why ?* The radiusd_test.py file has a
postauth function which I think should be linked by my python modules
declaration.
Finnaly, in the log, I have the following :
/usr/local/etc/raddb/sites-enabled/default[422]: python modules aren't
allowed in 'post-auth' sections -- they have no such method.
/usr/local/etc/raddb/sites-enabled/default[380]: Errors parsing post-auth
section.
Is this caused because I can't use python modules in post-auth sections, or
I can't use THAT python module because it is missing the post-auth method ?
Feel free to point me in the right documentation section that I MUST have
missed.
--
Philippe-Alexandre Lemelin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and post-auth manipulation.
phil lemelin wrote: /usr/local/etc/raddb/sites-enabled/default[422]: python modules aren't allowed in 'post-auth' sections -- they have no such method. /usr/local/etc/raddb/sites-enabled/default[380]: Errors parsing post-auth section. Is this caused because I can't use python modules in post-auth sections, or I can't use THAT python module because it is missing the post-auth method ? It's because you're using an old version of the server. i.e. 1.x, not 2.x. Feel free to point me in the right documentation section that I MUST have missed. Feel free to submit documentation for a recent version of the server. The reason many responses here say this IS documented is because the common issues *are* documented. The uncommon issues often aren't. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and post-auth manipulation.
Hi, It's because you're using an old version of the server. i.e. 1.x, not 2.x. sites-enabled/default etc in 1.1.x? I cant recall seeing that config :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and post-auth manipulation.
Hi, Created a python module under modules : so long as you are using FR 2.1.x then you shouldnt need to do that - just simply edit experimental.conf to make sure the python stuff is active and then edit radiusd.conf to make sure that experimental.conf is included (you did compile FR with experimental modules enabled?) then you should be able to call python in the postauth section alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and post-auth manipulation.
Gents,
so long as you are using FR 2.1.x then you shouldnt
need to do that - just simply edit experimental.conf
to make sure the python stuff is active and then edit
radiusd.conf to make sure that experimental.conf is included
(you did compile FR with experimental modules enabled?)
then you should be able to call python in the postauth section
I'm running FR 2.1.4.
My configure was :
./configure --with-experimental-modules
I deleted my python under modules.
I did, in the radiusd.conf file :
$INCLUDE experimental.conf
I can see the following line in the log :
including configuration file /usr/local/etc/raddb/experimental.conf
And I left it has it was, so in it, I have :
python {
mod_instantiate = radiusd_test
func_instantiate = instantiate
mod_authorize = radiusd_test
func_authorize = authorize
mod_accounting = radiusd_test
func_accounting = accounting
mod_preproxy = radiusd_test
func_preproxy = preproxy
mod_postproxy = radiusd_test
func_postproxy = postproxy
mod_postauth = radiusd_test
func_postauth = postauth
mod_detach = radiusd_test
func_detach = detach
}
Now, I restarted the server and I have the following. Note that to make sure
I was in the right section, I added the following lines in the post-auth
section of the site-enabled/default file :
The echo_NAS_Info is a test I made copying the echo module under the
modules folder
echo_NAS_Info
python
The result :
Module: Checking post-auth {...} for more modules to load
Module: Instantiating echo_NAS_Info
exec echo_NAS_Info {
wait = yes
program = /bin/echo %{User-Name}, %{NAS-IP-Address}, %{NAS-Port}
input_pairs = request
output_pairs = reply
shell_escape = yes
}
/usr/local/etc/raddb/sites-enabled/default[422]: Failed to find module
python.
/usr/local/etc/raddb/sites-enabled/default[380]: Errors parsing post-auth
section.
}
Now it looks like I have a configuration error and not a python module
error. Do I have to add more than
I replaced python with example in the default file and I have the same
result for example
I verified my /usr/local/lib/ and I have the :
rlm_example* files
rlm_python* files
Seeing that echo_NAS_Info loads, i suspect there is something else that has
to be done in order to activate de experimental modules/config.
When you say, simply edit experimental.conf, should I change something in
it, or by default it should be ok ? The only thing I did is modifiy the
radiusd.conf file to add the include line. The python section of the
experimental.conf file is uncommented by default.
--
Philippe-Alexandre Lemelin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and post-auth manipulation.
Alan Buxey wrote: Hi, It's because you're using an old version of the server. i.e. 1.x, not 2.x. sites-enabled/default etc in 1.1.x? I cant recall seeing that config :-) The post-auth section has been in rlm_python for a long time. Whether it's 1.x, or 2.0.x, or a 8 month-old version of 2.1.x, is less relevant. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and post-auth manipulation.
Hi, I'm running FR 2.1.4. hmm, i've had a quick skim through the code and it looks like pre 2.1.7 didnt have some of the hooks etc needed to be run in that section - why play with older version - give 2.1.7 a go...if you're compiling from source you may as well run the latest /best version alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and post-auth manipulation.
Alan,
Thank you for you time.
I downloaded, compiled and installed the 2.1.7 version.
I replaced my /usr/local/raddb folder by the 2.1.7 raddb folder and used
that to make sure my config didnt conflict.
I only modified radiusd.conf to add experimental.conf and added python in
the post-auth section of site-enabled/default
[r...@someserver freeradius-server-2.1.7]# /usr/local/sbin/radiusd -X
FreeRADIUS Version 2.1.7, for host x86_64-unknown-linux-gnu, built on Oct
21 2009 at 15:24:29
--*snip*--
including configuration file /usr/local/etc/raddb/experimental.conf
--*snip*--
Module: Checking post-auth {...} for more modules to load
Module: Instantiating echo_NAS_Info
exec echo_NAS_Info {
wait = yes
program = /bin/echo %{User-Name}, %{NAS-IP-Address}, %{NAS-Port}
input_pairs = request
output_pairs = reply
shell_escape = yes
}
/usr/local/etc/raddb/sites-enabled/default[423]: Failed to find module
python.
/usr/local/etc/raddb/sites-enabled/default[380]: Errors parsing post-auth
section.
Is there anything else I should do ?
--
Philippe-Alexandre Lemelin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and post-auth manipulation.
I went back to creating a python module in the modules folder and the
post-auth is now working.
There is something missing in the experimental.conf to have it work with
that method. I prefer creating a python module anyway. Looks like there is a
bug in 2.1.4 and rlm_python where the post-auth cannot work.
The key for me here was to update to 2.1.7
Thank you.
On Wed, Oct 21, 2009 at 3:37 PM, phil lemelin phil.leme...@gmail.comwrote:
Alan,
Thank you for you time.
I downloaded, compiled and installed the 2.1.7 version.
I replaced my /usr/local/raddb folder by the 2.1.7 raddb folder and used
that to make sure my config didnt conflict.
I only modified radiusd.conf to add experimental.conf and added python in
the post-auth section of site-enabled/default
[r...@someserver freeradius-server-2.1.7]# /usr/local/sbin/radiusd -X
FreeRADIUS Version 2.1.7, for host x86_64-unknown-linux-gnu, built on Oct
21 2009 at 15:24:29
--*snip*--
including configuration file /usr/local/etc/raddb/experimental.conf
--*snip*--
Module: Checking post-auth {...} for more modules to load
Module: Instantiating echo_NAS_Info
exec echo_NAS_Info {
wait = yes
program = /bin/echo %{User-Name}, %{NAS-IP-Address}, %{NAS-Port}
input_pairs = request
output_pairs = reply
shell_escape = yes
}
/usr/local/etc/raddb/sites-enabled/default[423]: Failed to find module
python.
/usr/local/etc/raddb/sites-enabled/default[380]: Errors parsing post-auth
section.
Is there anything else I should do ?
--
Philippe-Alexandre Lemelin
--
Philippe-Alexandre Lemelin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python and post-auth manipulation.
Hi, The key for me here was to update to 2.1.7 2.1.7 and to call the python in the modules/* section alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ubuntu / debian rlm_python issues using mysqldb module
radutmp
Wed Jul 8 12:10:51 2009 : Debug: radutmp {
Wed Jul 8 12:10:51 2009 : Debug: filename =
/var/log/freeradius/radutmp
Wed Jul 8 12:10:51 2009 : Debug: username = %{User-Name}
Wed Jul 8 12:10:51 2009 : Debug: case_sensitive = yes
Wed Jul 8 12:10:51 2009 : Debug: check_with_nas = yes
Wed Jul 8 12:10:51 2009 : Debug: perm = 384
Wed Jul 8 12:10:51 2009 : Debug: callerid = yes
Wed Jul 8 12:10:51 2009 : Debug: }
Wed Jul 8 12:10:51 2009 : Debug: Module: Checking post-proxy {...} for
more modules to load
Wed Jul 8 12:10:51 2009 : Debug: Module: Checking post-auth {...} for
more modules to load
Wed Jul 8 12:10:51 2009 : Debug: (Loaded rlm_attr_filter, checking
if it's valid)
Wed Jul 8 12:10:51 2009 : Debug: Module: Linked to module rlm_attr_filter
Wed Jul 8 12:10:51 2009 : Debug: Module: Instantiating
attr_filter.access_reject
Wed Jul 8 12:10:51 2009 : Debug: attr_filter attr_filter.access_reject {
Wed Jul 8 12:10:51 2009 : Debug: attrsfile =
/etc/freeradius/attrs.access_reject
Wed Jul 8 12:10:51 2009 : Debug: key = %{User-Name}
Wed Jul 8 12:10:51 2009 : Debug: }
Wed Jul 8 12:10:51 2009 : Debug: } # modules
Wed Jul 8 12:10:51 2009 : Debug: } # server
Wed Jul 8 12:10:51 2009 : Debug: server {
Wed Jul 8 12:10:51 2009 : Debug: modules {
Wed Jul 8 12:10:51 2009 : Debug: Module: Checking authenticate {...}
for more modules to load
Wed Jul 8 12:10:51 2009 : Debug: (Loaded rlm_python, checking if
it's valid)
Wed Jul 8 12:10:51 2009 : Debug: Module: Linked to module rlm_python
Wed Jul 8 12:10:51 2009 : Debug: Module: Instantiating python
Wed Jul 8 12:10:51 2009 : Debug: python_init done
Wed Jul 8 12:10:51 2009 : Debug: python {
Wed Jul 8 12:10:51 2009 : Debug: mod_instantiate = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_instantiate = instantiate
Wed Jul 8 12:10:51 2009 : Debug: mod_authorize = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_authorize = authorize
Wed Jul 8 12:10:51 2009 : Debug: mod_authenticate = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_authenticate = authenticate
Wed Jul 8 12:10:51 2009 : Debug: mod_preacct = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_preacct = accounting
Wed Jul 8 12:10:51 2009 : Debug: mod_detach = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_detach = detach
Wed Jul 8 12:10:51 2009 : Debug: }
Wed Jul 8 12:10:51 2009 : Error: rlm_python:python_load_function:
module 'radiusd_test' is not found
Wed Jul 8 12:10:51 2009 : Error: rlm_python:EXCEPT:type
'exceptions.ImportError': /var/lib/python-support/python2.6/_mysql.so:
undefined symbol: PyExc_ImportError
Wed Jul 8 12:10:51 2009 : Error: rlm_python:python_load_function:
failed to import python function 'radiusd_test.instantiate'
Wed Jul 8 12:10:51 2009 : Error: /etc/freeradius/modules/python[1]:
Instantiation failed for module python
Wed Jul 8 12:10:51 2009 : Error:
/etc/freeradius/sites-enabled/iburst-prepaid[30]: Failed to find module
python.
Wed Jul 8 12:10:51 2009 : Error:
/etc/freeradius/sites-enabled/iburst-prepaid[30]: Failed to parse
python entry.
Wed Jul 8 12:10:51 2009 : Error: Errors initializing modules
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ubuntu / debian rlm_python issues using mysqldb module
I am sure i'm not the only person experiencing this problem. It seems
when using the python module to handle auth/acct.
If you include the MySQLdb module in the python script freeradius then
dies and is unable to load the pythong module.
I am using the latest stable freeradius version 2.1.6, built for ubuntu
as per http://wiki.freeradius.org/Build using fakeroot.
The python script being used is the prepaid.py script renamed to
radiusd_test.py in the example below.
...
Wed Jul 8 12:10:51 2009 : Debug: Module: Instantiating python
Wed Jul 8 12:10:51 2009 : Debug: python_init done
Wed Jul 8 12:10:51 2009 : Debug: python {
Wed Jul 8 12:10:51 2009 : Debug: mod_instantiate = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_instantiate = instantiate
Wed Jul 8 12:10:51 2009 : Debug: mod_authorize = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_authorize = authorize
Wed Jul 8 12:10:51 2009 : Debug: mod_authenticate = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_authenticate = authenticate
Wed Jul 8 12:10:51 2009 : Debug: mod_preacct = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_preacct = accounting
Wed Jul 8 12:10:51 2009 : Debug: mod_detach = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_detach = detach
Wed Jul 8 12:10:51 2009 : Debug: }
Wed Jul 8 12:10:51 2009 : Error: rlm_python:python_load_function:
module 'radiusd_test' is not found
Are you sure radius user has permissions on radiusd_test.py?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ubuntu / debian rlm_python issues using mysqldb module
Yeah sure does,
If I remove the line import MySQLdb it works fine.
It seems to definanetly have a issue with this module. I've also tried
sqlobject as a module and I get the same problem.
Thanks,
Mike
Ivan Kalik wrote:
I am sure i'm not the only person experiencing this problem. It seems
when using the python module to handle auth/acct.
If you include the MySQLdb module in the python script freeradius then
dies and is unable to load the pythong module.
I am using the latest stable freeradius version 2.1.6, built for ubuntu
as per http://wiki.freeradius.org/Build using fakeroot.
The python script being used is the prepaid.py script renamed to
radiusd_test.py in the example below.
...
Wed Jul 8 12:10:51 2009 : Debug: Module: Instantiating python
Wed Jul 8 12:10:51 2009 : Debug: python_init done
Wed Jul 8 12:10:51 2009 : Debug: python {
Wed Jul 8 12:10:51 2009 : Debug: mod_instantiate = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_instantiate = instantiate
Wed Jul 8 12:10:51 2009 : Debug: mod_authorize = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_authorize = authorize
Wed Jul 8 12:10:51 2009 : Debug: mod_authenticate = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_authenticate = authenticate
Wed Jul 8 12:10:51 2009 : Debug: mod_preacct = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_preacct = accounting
Wed Jul 8 12:10:51 2009 : Debug: mod_detach = radiusd_test
Wed Jul 8 12:10:51 2009 : Debug: func_detach = detach
Wed Jul 8 12:10:51 2009 : Debug: }
Wed Jul 8 12:10:51 2009 : Error: rlm_python:python_load_function:
module 'radiusd_test' is not found
Are you sure radius user has permissions on radiusd_test.py?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ubuntu / debian rlm_python issues using mysqldb module
On 07/08/2009 04:16 AM, Michael da Silva Pereira wrote: Hi All, I am sure i'm not the only person experiencing this problem. It seems when using the python module to handle auth/acct. If you include the MySQLdb module in the python script freeradius then dies and is unable to load the pythong module. I am using the latest stable freeradius version 2.1.6, built for ubuntu as per http://wiki.freeradius.org/Build using fakeroot. The python script being used is the prepaid.py script renamed to radiusd_test.py in the example below. I am using the standard scripts and config from freeradius, I found a similar article regarding this and apparently has something to do with statically linking the module ? Are there any solutions for this ? Wed Jul 8 12:10:51 2009 : Error: rlm_python:python_load_function: module 'radiusd_test' is not found Wed Jul 8 12:10:51 2009 : Error: rlm_python:EXCEPT:type 'exceptions.ImportError': /var/lib/python-support/python2.6/_mysql.so: undefined symbol: PyExc_ImportError Wed Jul 8 12:10:51 2009 : Error: rlm_python:python_load_function: failed to import python function 'radiusd_test.instantiate' Wed Jul 8 12:10:51 2009 : Error: /etc/freeradius/modules/python[1]: Instantiation failed for module python Wed Jul 8 12:10:51 2009 : Error: /etc/freeradius/sites-enabled/iburst-prepaid[30]: Failed to find module python. Wed Jul 8 12:10:51 2009 : Error: /etc/freeradius/sites-enabled/iburst-prepaid[30]: Failed to parse python entry. Wed Jul 8 12:10:51 2009 : Error: Errors initializing modules This seems to be wholey a Python problem, not a FreeRADIUS problem because you're getting a Python import error, specifically an unresolved reference to a symbol in a .so. It's probably easiest to diagnose this outside of FreeRADIUS. My first guess would be you've got something amiss in your Python setup because the missing symbol PyExc_ImportError is a common symbol which should be defined in libpython2.6.so. I'm guessing something is linked against the wrong libraries or a library path is not pointing in the right place. Here is a series of steps I would try: Fire up python from the command line by typing python, that will put you in a python interpreter shell. Then type import MySQLdb. Does the import succeed? Try the same thing with your script. Check which libraries standard python are using (note, the path name will likely be different). % ldd /usr/bin/python linux-gate.so.1 = (0x005fc000) libpython2.6.so.1.0 = /usr/lib/libpython2.6.so.1.0 (0x0361d000) libpthread.so.0 = /lib/libpthread.so.0 (0x003c2000) libdl.so.2 = /lib/libdl.so.2 (0x003bb000) libutil.so.1 = /lib/libutil.so.1 (0x001d5000) libm.so.6 = /lib/libm.so.6 (0x00391000) libc.so.6 = /lib/libc.so.6 (0x0021d000) /lib/ld-linux.so.2 (0x001f9000) On my system _mysql.so in in /usr/lib/python2.6/site-packages but on yours its in /var/lib/python-support/python2.6/_mysql.so, adjust the paths appropriately. % ldd /usr/lib/python2.6/site-packages/_mysql.so linux-gate.so.1 = (0x00acd000) libmysqlclient_r.so.16 = /usr/lib/mysql/libmysqlclient_r.so.16 (0x004c8000) libz.so.1 = /lib/libz.so.1 (0x0011) libpthread.so.0 = /lib/libpthread.so.0 (0x004ac000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x009e6000) libnsl.so.1 = /lib/libnsl.so.1 (0x00407000) libm.so.6 = /lib/libm.so.6 (0x00b6) libssl.so.8 = /usr/lib/libssl.so.8 (0x00f58000) libcrypto.so.8 = /usr/lib/libcrypto.so.8 (0x0021b000) libpython2.6.so.1.0 = /usr/lib/libpython2.6.so.1.0 (0x0063c000) libc.so.6 = /lib/libc.so.6 (0x007bc000) /lib/ld-linux.so.2 (0x001f9000) libfreebl3.so = /lib/libfreebl3.so (0x00123000) libgssapi_krb5.so.2 = /usr/lib/libgssapi_krb5.so.2 (0x0016b000) libkrb5.so.3 = /usr/lib/libkrb5.so.3 (0x00e13000) libcom_err.so.2 = /lib/libcom_err.so.2 (0x00196000) libk5crypto.so.3 = /usr/lib/libk5crypto.so.3 (0x00199000) libresolv.so.2 = /lib/libresolv.so.2 (0x00ed6000) libdl.so.2 = /lib/libdl.so.2 (0x001cc000) libutil.so.1 = /lib/libutil.so.1 (0x001d1000) libkrb5support.so.0 = /usr/lib/libkrb5support.so.0 (0x0043e000) libkeyutils.so.1 = /lib/libkeyutils.so.1 (0x00cea000) libselinux.so.1 = /lib/libselinux.so.1 (0x001d5000) This will tell you what the loader will try to resolve when you try to do the import. If you see a mismatch in the libraries or their paths then there is your culprit. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python - Unresponsive child
Hello Freeradius-users, I'm trying to use Freeradius 2.1.6 release with rlm_python (python 2.6.2) on FreeBSD. I use default radiusd_test.py bundled with rlm_python. All is fine when I start radius in debug mode with -X, however in normal forked mode next error appear: Error: WARNING: Unresponsive child for request 0, in module python component authenticate few seconds later Info: [python] Child is still stuck for request 0 Any ideas what can be wrong? How to debug this? And is rlm_python ok for commercial productional environment? What other problems I can face? Thanks. -- Mike Tkachuk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python - Unresponsive child
I'm trying to use Freeradius 2.1.6 release with rlm_python (python 2.6.2) on FreeBSD. I use default radiusd_test.py bundled with rlm_python. All is fine when I start radius in debug mode with -X, however in normal forked mode next error appear: Error: WARNING: Unresponsive child for request 0, in module python component authenticate few seconds later Info: [python] Child is still stuck for request 0 Any ideas what can be wrong? Permissions. Check if freeradius user has permissions to execute the script. I assume that you have checked that script actually works. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: rlm_python - Unresponsive child
Hello Ivan, Monday, June 22, 2009 12:20:38 PM, you wrote: IK Permissions. Check if freeradius user has permissions to execute the IK script. I assume that you have checked that script actually works. Thanks for the answer. I was testing under root user, so the permissions should not be a problem, but I checked that also - added user = root group = wheel I see that instatination code in radiusd_test.py running ok: *** instantiate *** None But authenticate just hang. Any other suggestions? -- Mike Tkachuk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: rlm_python - Unresponsive child
IK Permissions. Check if freeradius user has permissions to execute the IK script. I assume that you have checked that script actually works. Thanks for the answer. I was testing under root user, so the permissions should not be a problem, but I checked that also - added user = root group = wheel I see that instatination code in radiusd_test.py running ok: *** instantiate *** None But authenticate just hang. Any other suggestions? There is no authenticate subroutine in radiusd_test.py. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[4]: rlm_python - Unresponsive child
Hello Ivan,
As I told - all working file in freeradius debug mode (with -X), I
have problems with productional threads pool mode.
Sure there is no 'authenticate' function but 'authorize', that
function called while authentificate block executed:
python {
mod_instantiate = radiusd_test
func_instantiate = instantiate
mod_authenticate = radiusd_test
func_authenticate = authorize
mod_accounting = radiusd_test
func_accounting = accounting
mod_detach = radiusd_test
func_detach = detach
}
authorize {
files
}
authenticate {
Auth-Type Python {
python
}
}
accounting {
python
}
Monday, June 22, 2009 1:03:03 PM, you wrote:
IK Permissions. Check if freeradius user has permissions to execute the
IK script. I assume that you have checked that script actually works.
Thanks for the answer.
I was testing under root user, so the permissions should not be a
problem, but I checked that also - added
user = root
group = wheel
I see that instatination code in radiusd_test.py running ok:
*** instantiate ***
None
But authenticate just hang.
Any other suggestions?
IK There is no authenticate subroutine in radiusd_test.py.
IK Ivan Kalik
IK Kalik Informatika ISP
--
Mike Tkachuk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[4]: rlm_python - Unresponsive child
As I told - all working file in freeradius debug mode (with -X), I have problems with productional threads pool mode. When things work with radiusd -X and don't under radius user problems are permissions, SE Linux or stuff like that. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[4]: rlm_python - Unresponsive child
As I told - all working file in freeradius debug mode (with -X), I have problems with productional threads pool mode. I see the same issue with rlm_perl and my perl code. Works fine in radiusd -X, or if perl is compiled to not use threads, but as soon as I compile perl for threading and start trying to use CLONE I get all sorts of issues with unresponsive children. When I used radclient to hammer the hell out of my server the messages appeared for 10-15 seconds or so, then went away. I theorised that radius was trying to hand off work to radius/perl threads that hadn't been fully instantiated yet. On the current live system (using an older version of FreeRadius - 2.0.3 - until we have another stable development version to move to) it sometimes shows up and just never goes away until radiusd is restarted. I never managed to nail down what the issue was. I did wonder if DBI or DBD::Mysql was doing something funky in a threaded environment and hanging on database access. You may be having similar issues? Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python example?
Hi Hristo
Could you supply a quick example ?
Its always good to get working example after a problem is resolved (even
if the person is resolved by the questioner)
Mike
Hristo Trendev wrote:
The examples in src/modules/rlm_python gave me some hints and I
figured it out. Thanks anyway.
On Tue, Mar 31, 2009 at 3:43 PM, Hristo Trendev dist.li...@gmail.com wrote:
I am trying to figure out how to properly setup freeradius with
rlm_python. The module loads and scripts execute, but I seem to miss
something when I try to return value pairs to be used in the reply
packet (Access-Accept). I have tried with the following �script:
def authorize (params):
� � � �print params
� � � �return (0, ('Reply-Message', 'banned1'), ('Reply-Message', 'banned2'))
and received (when I run with -X option):
-snip-
+- entering group authorize {...}
rlm_python:authorize: tuple element 0 is not a tuple
rlm_python:authorize: tuple element 1 is not a tuple
rlm_python:authorize: tuple element 0 is not a tuple
rlm_python:authorize: tuple element 1 is not a tuple
++[python] returns reject
-snip-
I have also tried changing it to:
def authorize (params):
� � � �print params
� � � �return (0, ('Reply-Message', 'banned'))
but then I get:
-snip-
+- entering group authorize {...}
rlm_python:authorize: tuple must be (return, replyTuple, configTuple)
++[python] returns ??
-snip-
Can someone point me in the right direction? What is supposed to be
passed in configTuple? How do I return multiple value pairs at? I was
able to make it work with rlm_exec, but I'd like to use the the python
module instead.
I am using freeradius on ubuntu 8.04. installed via apt-get from
hardy-backports (2.1.0+dfsg-0ubuntu2~hardy1)
BR,
Hristo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python example?
I am trying to figure out how to properly setup freeradius with
rlm_python. The module loads and scripts execute, but I seem to miss
something when I try to return value pairs to be used in the reply
packet (Access-Accept). I have tried with the following script:
def authorize (params):
print params
return (0, ('Reply-Message', 'banned1'), ('Reply-Message', 'banned2'))
and received (when I run with -X option):
-snip-
+- entering group authorize {...}
rlm_python:authorize: tuple element 0 is not a tuple
rlm_python:authorize: tuple element 1 is not a tuple
rlm_python:authorize: tuple element 0 is not a tuple
rlm_python:authorize: tuple element 1 is not a tuple
++[python] returns reject
-snip-
I have also tried changing it to:
def authorize (params):
print params
return (0, ('Reply-Message', 'banned'))
but then I get:
-snip-
+- entering group authorize {...}
rlm_python:authorize: tuple must be (return, replyTuple, configTuple)
++[python] returns ??
-snip-
Can someone point me in the right direction? What is supposed to be
passed in configTuple? How do I return multiple value pairs at? I was
able to make it work with rlm_exec, but I'd like to use the the python
module instead.
I am using freeradius on ubuntu 8.04. installed via apt-get from
hardy-backports (2.1.0+dfsg-0ubuntu2~hardy1)
BR,
Hristo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python example?
The examples in src/modules/rlm_python gave me some hints and I
figured it out. Thanks anyway.
On Tue, Mar 31, 2009 at 3:43 PM, Hristo Trendev dist.li...@gmail.com wrote:
I am trying to figure out how to properly setup freeradius with
rlm_python. The module loads and scripts execute, but I seem to miss
something when I try to return value pairs to be used in the reply
packet (Access-Accept). I have tried with the following script:
def authorize (params):
print params
return (0, ('Reply-Message', 'banned1'), ('Reply-Message', 'banned2'))
and received (when I run with -X option):
-snip-
+- entering group authorize {...}
rlm_python:authorize: tuple element 0 is not a tuple
rlm_python:authorize: tuple element 1 is not a tuple
rlm_python:authorize: tuple element 0 is not a tuple
rlm_python:authorize: tuple element 1 is not a tuple
++[python] returns reject
-snip-
I have also tried changing it to:
def authorize (params):
print params
return (0, ('Reply-Message', 'banned'))
but then I get:
-snip-
+- entering group authorize {...}
rlm_python:authorize: tuple must be (return, replyTuple, configTuple)
++[python] returns ??
-snip-
Can someone point me in the right direction? What is supposed to be
passed in configTuple? How do I return multiple value pairs at? I was
able to make it work with rlm_exec, but I'd like to use the the python
module instead.
I am using freeradius on ubuntu 8.04. installed via apt-get from
hardy-backports (2.1.0+dfsg-0ubuntu2~hardy1)
BR,
Hristo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python import error undefinde symbol
Alexander Yu. Solodukhin a...@softwarium.net писал(а) в своём письме Sat,
28 Feb 2009 22:40:35 +0200:
Hi all.
I try to use rlm_python and got import error on importing any module
that relevant on shared object.
Here an rlm_python configuration:
## cut
python {
mod_instantiate = account
func_instantiate = instantiate
mod_authorize = account
func_authorize = authorize
mod_accounting = account
func_accounting = accounting
mod_preproxy = account
func_preproxy = preproxy
mod_postproxy = account
func_postproxy = postproxy
mod_postauth = account
func_postauth = postauth
mod_detach = account
func_detach = detach
}
## end cut
account.py is radiusd_test.py from src/modules/rlm_python with one line
added on top of file:
import time
'time' is not plain python module, it is shared object found at
/usr/lib/python2.5/lib-dynload/time.so
After starting radius i got this error:
rlm_python:python_load_function: module 'account' is not found
rlm_python:EXCEPT:type 'exceptions.ImportError':
/usr/lib/python2.5/lib-dynload/time.so: undefined symbol:
PyExc_ValueError
I was examine rlm_python code, and example 'C' code from python
documentation on how to embedd python into 'C', and don't found major
differences.
This code works fine:
#include Python.h
int
main(int argc, char *argv[])
{
PyObject *pName, *pModule, *pDict, *pFunc;
PyObject *pArgs, *pValue;
int i;
if (argc 3) {
fprintf(stderr,Usage: call pythonfile funcname [args]\n);
return 1;
}
Py_Initialize();
pName = PyString_FromString(argv[1]);
/* Error checking of pName left out */
Py_INCREF(pName);
pModule = PyImport_Import(pName);
Py_DECREF(pName);
if (pModule != NULL) {
pFunc = PyObject_GetAttrString(pModule, argv[2]);
/* pFunc is a new reference */
if (pFunc PyCallable_Check(pFunc)) {
pArgs = PyTuple_New(argc - 3);
for (i = 0; i argc - 3; ++i) {
pValue = PyInt_FromLong(atoi(argv[i + 3]));
if (!pValue) {
Py_DECREF(pArgs);
Py_DECREF(pModule);
fprintf(stderr, Cannot convert argument\n);
return 1;
}
/* pValue reference stolen here: */
PyTuple_SetItem(pArgs, i, pValue);
}
pValue = PyObject_CallObject(pFunc, pArgs);
Py_DECREF(pArgs);
if (pValue != NULL) {
printf(Result of call: %ld\n, PyInt_AsLong(pValue));
Py_DECREF(pValue);
}
else {
Py_DECREF(pFunc);
Py_DECREF(pModule);
PyErr_Print();
fprintf(stderr,Call failed\n);
return 1;
}
}
else {
if (PyErr_Occurred())
PyErr_Print();
fprintf(stderr, Cannot find function \%s\\n, argv[2]);
}
Py_XDECREF(pFunc);
Py_DECREF(pModule);
}
else {
PyErr_Print();
fprintf(stderr, Failed to load \%s\\n, argv[1]);
return 1;
}
Py_Finalize();
return 0;
}
Compiled with:
gcc call.c -o call -I/usr/include/python2.5 -L/usr/lib/python2.5/config
-lpython2.5
Why this code does not through 'undefined symbol' error and rlm_python
does?
PS: I read mailing list before posting this question and saw that this
problem was found in 2007. I try newst freeradius 2.1.3 and problem
still exists.
Any feedback will be great.
gcc -shared .libs/rlm_python.o -Wl,--rpath
-Wl,/root/freeradius-server-2.1.3/src/lib/.libs -Wl,--rpath
-Wl,/usr/lib/freeradius
/root/freeradius-server-2.1.3/src/lib/.libs/libfreeradius-radius.so
-L/usr/lib/python2.5/config -ldl -lutil -lpython2.5 -lm -lnsl -lresolv
-lpthread -Wl,-export-dynamic -Wl,-O1 -Wl,-Bsymbolic-functions
-Wl,-soname -Wl,rlm_python-2.1.3.so -o .libs/rlm_python-2.1.3.so
/usr/lib/python2.5/lib-dynload/*.so
/usr/lib/python-support/python-mysqldb/python2.5/_mysql.so
solves the problem (/usr/lib/python2.5/lib-dynload/*.so
/usr/lib/python-support/python-mysqldb/python2.5/_mysql.so), but it's not
right way to fix this problem :)
--
ISP CrIS, Softwarium
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python import error undefinde symbol
Hi all.
I try to use rlm_python and got import error on importing any module that
relevant on shared object.
Here an rlm_python configuration:
## cut
python {
mod_instantiate = account
func_instantiate = instantiate
mod_authorize = account
func_authorize = authorize
mod_accounting = account
func_accounting = accounting
mod_preproxy = account
func_preproxy = preproxy
mod_postproxy = account
func_postproxy = postproxy
mod_postauth = account
func_postauth = postauth
mod_detach = account
func_detach = detach
}
## end cut
account.py is radiusd_test.py from src/modules/rlm_python with one line
added on top of file:
import time
'time' is not plain python module, it is shared object found at
/usr/lib/python2.5/lib-dynload/time.so
After starting radius i got this error:
rlm_python:python_load_function: module 'account' is not found
rlm_python:EXCEPT:type 'exceptions.ImportError':
/usr/lib/python2.5/lib-dynload/time.so: undefined symbol: PyExc_ValueError
I was examine rlm_python code, and example 'C' code from python
documentation on how to embedd python into 'C', and don't found major
differences.
This code works fine:
#include Python.h
int
main(int argc, char *argv[])
{
PyObject *pName, *pModule, *pDict, *pFunc;
PyObject *pArgs, *pValue;
int i;
if (argc 3) {
fprintf(stderr,Usage: call pythonfile funcname [args]\n);
return 1;
}
Py_Initialize();
pName = PyString_FromString(argv[1]);
/* Error checking of pName left out */
Py_INCREF(pName);
pModule = PyImport_Import(pName);
Py_DECREF(pName);
if (pModule != NULL) {
pFunc = PyObject_GetAttrString(pModule, argv[2]);
/* pFunc is a new reference */
if (pFunc PyCallable_Check(pFunc)) {
pArgs = PyTuple_New(argc - 3);
for (i = 0; i argc - 3; ++i) {
pValue = PyInt_FromLong(atoi(argv[i + 3]));
if (!pValue) {
Py_DECREF(pArgs);
Py_DECREF(pModule);
fprintf(stderr, Cannot convert argument\n);
return 1;
}
/* pValue reference stolen here: */
PyTuple_SetItem(pArgs, i, pValue);
}
pValue = PyObject_CallObject(pFunc, pArgs);
Py_DECREF(pArgs);
if (pValue != NULL) {
printf(Result of call: %ld\n, PyInt_AsLong(pValue));
Py_DECREF(pValue);
}
else {
Py_DECREF(pFunc);
Py_DECREF(pModule);
PyErr_Print();
fprintf(stderr,Call failed\n);
return 1;
}
}
else {
if (PyErr_Occurred())
PyErr_Print();
fprintf(stderr, Cannot find function \%s\\n, argv[2]);
}
Py_XDECREF(pFunc);
Py_DECREF(pModule);
}
else {
PyErr_Print();
fprintf(stderr, Failed to load \%s\\n, argv[1]);
return 1;
}
Py_Finalize();
return 0;
}
Compiled with:
gcc call.c -o call -I/usr/include/python2.5 -L/usr/lib/python2.5/config
-lpython2.5
Why this code does not through 'undefined symbol' error and rlm_python
does?
PS: I read mailing list before posting this question and saw that this
problem was found in 2007. I try newst freeradius 2.1.3 and problem still
exists.
Any feedback will be great.
--
ISP CrIS, Softwarium
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python freeradiusd 2.0.2
Hi, Python interpreter has found my script (module)!
But my radiusd_isp.pyc (.PYC) file is found with freeradius, not
radiusd_isp.py!
On Sunday 17 February 2008, Flamur Rogova wrote:
Hi,
Python interpreter can not find your script.
You can set your PYTHONPATH environmet variable to be the path where you
have radiusd_isp.py, set it in your radius startup script.
Cheers,
Flamur Rogova
export PYTHONPATH=/home/scripts
Alexander Demidoff wrote:
Hello all!
I want to use python possibilities to authorize users with
freeradius.
So, I compiled freeradius with options:
--with-experimental-modules \
--with-rlm_python
created config files and my pythom module radiusd_isp,
put it python path
freeradius -X out me:
python {
mod_instantiate = radiusd_isp
func_instantiate = instantiate
mod_authorize = radiusd_isp
func_authorize = authorize
mod_authenticate = radiusd_isp
func_authenticate = authenticate
mod_preacct = radiusd_isp
func_preacct = preacct
mod_accounting = radiusd_isp
func_accounting = accounting
mod_detach = radiusd_isp
func_detach = detach
}
exceptions.ImportError: No module named radiusd_isp
Failed to import python module radiusd_isp
/etc/freeradius/python.conf[32]: Instantiation failed for module python
/etc/freeradius/radiusd.conf[1824]: Failed to find module python.
/etc/freeradius/radiusd.conf[1793]: Errors parsing authorize section.
help me anybody, please !?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python freeradiusd 2.0.2
Hello all!
I want to use python possibilities to authorize users with
freeradius.
So, I compiled freeradius with options:
--with-experimental-modules \
--with-rlm_python
created config files and my pythom module radiusd_isp,
put it python path
freeradius -X out me:
python {
mod_instantiate = radiusd_isp
func_instantiate = instantiate
mod_authorize = radiusd_isp
func_authorize = authorize
mod_authenticate = radiusd_isp
func_authenticate = authenticate
mod_preacct = radiusd_isp
func_preacct = preacct
mod_accounting = radiusd_isp
func_accounting = accounting
mod_detach = radiusd_isp
func_detach = detach
}
exceptions.ImportError: No module named radiusd_isp
Failed to import python module radiusd_isp
/etc/freeradius/python.conf[32]: Instantiation failed for module python
/etc/freeradius/radiusd.conf[1824]: Failed to find module python.
/etc/freeradius/radiusd.conf[1793]: Errors parsing authorize section.
help me anybody, please !?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python freeradiusd 2.0.2
Hi Alexander
I think your problem is that python does not know where to find your module.
The best way of over coming this issue is to place a file in the
site-packages directory which indicates where your python code is installed.
[EMAIL PROTECTED] site-packages]# cat radiusd_test.pth
/opt/freeradius-python/
[EMAIL PROTECTED] site-packages]#
Cheers
Mike
Alexander Demidoff wrote:
Hello all!
I want to use python possibilities to authorize users with
freeradius.
So, I compiled freeradius with options:
--with-experimental-modules \
--with-rlm_python
created config files and my pythom module radiusd_isp,
put it python path
freeradius -X out me:
python {
mod_instantiate = radiusd_isp
func_instantiate = instantiate
mod_authorize = radiusd_isp
func_authorize = authorize
mod_authenticate = radiusd_isp
func_authenticate = authenticate
mod_preacct = radiusd_isp
func_preacct = preacct
mod_accounting = radiusd_isp
func_accounting = accounting
mod_detach = radiusd_isp
func_detach = detach
}
exceptions.ImportError: No module named radiusd_isp
Failed to import python module radiusd_isp
/etc/freeradius/python.conf[32]: Instantiation failed for module python
/etc/freeradius/radiusd.conf[1824]: Failed to find module python.
/etc/freeradius/radiusd.conf[1793]: Errors parsing authorize section.
help me anybody, please !?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python freeradiusd 2.0.2
Thanks Mike, I expected this suggestion ...
of course, I placed the module into /usr/lib/python2.4/site-packages/
directory ...
I tried to interact with python:
# python
Python 2.4.4 (#2, Jan 3 2008, 13:36:28)
[GCC 4.2.3 20071123 (prerelease) (Debian 4.2.2-4)] on linux2
Type help, copyright, credits or license for more information.
import radiusd_isp
Everything is OK!
but it didn't with freeradius :( ...
On Saturday 16 February 2008, Mike O'Connor wrote:
Hi Alexander
I think your problem is that python does not know where to find your
module.
The best way of over coming this issue is to place a file in the
site-packages directory which indicates where your python code is
installed.
[EMAIL PROTECTED] site-packages]# cat radiusd_test.pth
/opt/freeradius-python/
[EMAIL PROTECTED] site-packages]#
Cheers
Mike
Alexander Demidoff wrote:
Hello all!
I want to use python possibilities to authorize users with
freeradius.
So, I compiled freeradius with options:
--with-experimental-modules \
--with-rlm_python
created config files and my pythom module radiusd_isp,
put it python path
freeradius -X out me:
python {
mod_instantiate = radiusd_isp
func_instantiate = instantiate
mod_authorize = radiusd_isp
func_authorize = authorize
mod_authenticate = radiusd_isp
func_authenticate = authenticate
mod_preacct = radiusd_isp
func_preacct = preacct
mod_accounting = radiusd_isp
func_accounting = accounting
mod_detach = radiusd_isp
func_detach = detach
}
exceptions.ImportError: No module named radiusd_isp
Failed to import python module radiusd_isp
/etc/freeradius/python.conf[32]: Instantiation failed for module python
/etc/freeradius/radiusd.conf[1824]: Failed to find module python.
/etc/freeradius/radiusd.conf[1793]: Errors parsing authorize section.
help me anybody, please !?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python freeradiusd 2.0.2
At the end of my attempts to resolve the problem I've found out
1. Compiling options
--with-experimental-modules \
--with-rlm_python \
--with-static-modules=python
2. Befor starting of freeradius I created radiusd_isp.pyc file in the
interactive python shell
After these conditions my python module began to work with freeradius ...
So, this situation satisfies me for a while. But I am needing help to resolve
this problem in principle.
best regards,
Alexander.
On Saturday 16 February 2008, Alexander Demidoff wrote:
Thanks Mike, I expected this suggestion ...
of course, I placed the module into /usr/lib/python2.4/site-packages/
directory ...
I tried to interact with python:
# python
Python 2.4.4 (#2, Jan 3 2008, 13:36:28)
[GCC 4.2.3 20071123 (prerelease) (Debian 4.2.2-4)] on linux2
Type help, copyright, credits or license for more information.
import radiusd_isp
Everything is OK!
but it didn't with freeradius :( ...
On Saturday 16 February 2008, Mike O'Connor wrote:
Hi Alexander
I think your problem is that python does not know where to find your
module.
The best way of over coming this issue is to place a file in the
site-packages directory which indicates where your python code is
installed.
[EMAIL PROTECTED] site-packages]# cat radiusd_test.pth
/opt/freeradius-python/
[EMAIL PROTECTED] site-packages]#
Cheers
Mike
Alexander Demidoff wrote:
Hello all!
I want to use python possibilities to authorize users with
freeradius.
So, I compiled freeradius with options:
--with-experimental-modules \
--with-rlm_python
created config files and my pythom module radiusd_isp,
put it python path
freeradius -X out me:
python {
mod_instantiate = radiusd_isp
func_instantiate = instantiate
mod_authorize = radiusd_isp
func_authorize = authorize
mod_authenticate = radiusd_isp
func_authenticate = authenticate
mod_preacct = radiusd_isp
func_preacct = preacct
mod_accounting = radiusd_isp
func_accounting = accounting
mod_detach = radiusd_isp
func_detach = detach
}
exceptions.ImportError: No module named radiusd_isp
Failed to import python module radiusd_isp
/etc/freeradius/python.conf[32]: Instantiation failed for module
python /etc/freeradius/radiusd.conf[1824]: Failed to find module
python. /etc/freeradius/radiusd.conf[1793]: Errors parsing authorize
section.
help me anybody, please !?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RLM_python patch to enable postproxy - Not work need a little help
Alan DeKok wrote:
Mike O'Connor wrote:
I wrote the attached patch for Freeradius 1.1.7 to enabled calling
python in the post-proxy, it compiles but will not run when the hook is
listed in post-proxy because Freeradius complains that there is no
support for post-proxy in rlm_python.
You didn't install the new version of rlm_python. So it's still
linking to the old rlm_python, without post-proxy support.
Maybe I'm not getting your but even the lastest cvs does not have any
post-proxy or post-auth support.
module_t rlm_python = {
RLM_MODULE_INIT,
python,
RLM_TYPE_THREAD_SAFE, /* type */
python_instantiate, /* instantiation */
python_detach, /* detach */
{
python_authenticate,/* authentication */
python_authorize, /* authorization */
python_preacct, /* preaccounting */
python_accounting, /* accounting */
python_checksimul, /* checksimul */
NULL, /* pre-proxy */
NULL, /* post-proxy */
NULL/* post-auth */
},
};
My code added the post-proxy but when I tried to use it freeradius would
complain that rlm_python did not support being called from the post-auth
section of radiusd.conf.
My question is where in the source is the list of allowed call per module ?
No. The *only* interaction is in the modules.
That's what I would have thought which is why what I saw did not make
any senses. It would report finding my config section for the post-proxy
but when added to the config it would not start freeradius.
Thanks
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RLM_python patch to enable postproxy - Not work need a little help
Mike O'Connor wrote: Maybe I'm not getting your but even the lastest cvs does not have any post-proxy or post-auth support. That's not what I meant. My code added the post-proxy but when I tried to use it freeradius would complain that rlm_python did not support being called from the post-auth section of radiusd.conf. Yes... because the server is using the version of rlm_python from 1.1.7, and NOT the one you built. Go delete the one installed by 1.1.7, and MAKE SURE that the one you built is installed. That's what I would have thought which is why what I saw did not make any senses. It would report finding my config section for the post-proxy but when added to the config it would not start freeradius. Finding the config simple means that you told it to use python for post-proxy. Finding the post-proxy entry in the module structure means that the server knows the module is *capable* of post-proxy. If the server is using the OLD version of rlm_python, and not the NEW version you build, it WILL NOT find that post-proxy entry, because the module it found is not capable of post-proxy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RLM_python patch to enable postproxy - Not work need a little help
Hi Alan I think I have worked it out, some how I got my self confused during my testing. The model was there but I think each time I did not have everything configured. Thanks as always for your time Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RLM_python patch to enable postproxy - Not work need a little help
Hi Guys
I wrote the attached patch for Freeradius 1.1.7 to enabled calling
python in the post-proxy, it compiles but will not run when the hook is
listed in post-proxy because Freeradius complains that there is no
support for post-proxy in rlm_python.
My question is where in the source is the list of allowed call per module ?
Once I know this I can fix this attached and supply as a tested patch.
Thanks
Mike
--- src/modules/rlm_python/rlm_python.c.orig2007-03-06 00:45:28.0
+1030
+++ src/modules/rlm_python/rlm_python.c 2007-10-10 15:36:51.0 +0930
@@ -54,6 +54,7 @@
char*mod_authenticate;
char*mod_preacct;
char*mod_accounting;
+char*mod_post_proxy;
char*mod_checksimul;
char*mod_detach;
@@ -63,6 +64,7 @@
char*func_authenticate;
char*func_preacct;
char*func_accounting;
+char*func_post_proxy;
char*func_checksimul;
char*func_detach;
@@ -71,6 +73,7 @@
PyObject *pModule_authenticate;
PyObject *pModule_preacct;
PyObject *pModule_accounting;
+PyObject *pModule_post_proxy;
PyObject *pModule_checksimul;
PyObject *pModule_detach;
@@ -80,6 +83,7 @@
PyObject *pFunc_authenticate;
PyObject *pFunc_preacct;
PyObject *pFunc_accounting;
+PyObject *pFunc_post_proxy;
PyObject *pFunc_checksimul;
PyObject *pFunc_detach;
};
@@ -120,6 +124,11 @@
{ func_accounting, PW_TYPE_STRING_PTR,
offsetof(struct rlm_python_t, func_accounting), NULL, NULL},
+ { mod_post_proxy, PW_TYPE_STRING_PTR,
+offsetof(struct rlm_python_t, mod_post_proxy), NULL, NULL},
+ { func_post_proxy, PW_TYPE_STRING_PTR,
+offsetof(struct rlm_python_t, func_post_proxy), NULL, NULL},
+
{ mod_checksimul, PW_TYPE_STRING_PTR,
offsetof(struct rlm_python_t, mod_checksimul), NULL, NULL},
{ func_checksimul, PW_TYPE_STRING_PTR,
@@ -490,6 +499,7 @@
python_objclear(data-pFunc_authenticate);
python_objclear(data-pFunc_preacct);
python_objclear(data-pFunc_accounting);
+python_objclear(data-pFunc_post_proxy);
python_objclear(data-pFunc_checksimul);
python_objclear(data-pFunc_detach);
@@ -498,6 +508,7 @@
python_objclear(data-pModule_authenticate);
python_objclear(data-pModule_preacct);
python_objclear(data-pModule_accounting);
+python_objclear(data-pModule_post_proxy);
python_objclear(data-pModule_checksimul);
python_objclear(data-pModule_detach);
}
@@ -566,6 +577,12 @@
data-pFunc_accounting) 0)
goto failed;
+if (python_load_function(data-mod_post_proxy,
+data-func_post_proxy,
+data-pModule_post_proxy,
+data-pFunc_post_proxy) 0)
+goto failed;
+
if (python_load_function(data-mod_checksimul,
data-func_checksimul,
data-pModule_checksimul,
@@ -633,6 +650,14 @@
accounting);
}
+static int python_post_proxy(void *instance, REQUEST *request)
+{
+return python_function(
+ request,
+ ((struct rlm_python_t *)instance)-pFunc_post_proxy,
+ post-proxy);
+}
+
static int python_checksimul(void *instance, REQUEST *request)
{
return python_function(
@@ -663,7 +688,7 @@
python_accounting, /* accounting */
python_checksimul, /* checksimul */
NULL, /* pre-proxy */
- NULL, /* post-proxy */
+ python_post_proxy, /* post-proxy */
NULL/* post-auth */
},
python_detach, /* detach */
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RLM_python patch to enable postproxy - Not work need a little help
Mike O'Connor wrote: I wrote the attached patch for Freeradius 1.1.7 to enabled calling python in the post-proxy, it compiles but will not run when the hook is listed in post-proxy because Freeradius complains that there is no support for post-proxy in rlm_python. You didn't install the new version of rlm_python. So it's still linking to the old rlm_python, without post-proxy support. My question is where in the source is the list of allowed call per module ? No. The *only* interaction is in the modules. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_Python - PyExc_IOError
Mike O'Connor wrote: I decided to try freeradius-2.0.0-pre2 and its give a much clear idea of the problem. The issue seems to be that the rlm_python module is having trouble loading dynamic code. I suspect it's a shared library problem. The time.so library depends on another one that contains PyExc_IOError. However, that dependency is NOT recorded in time.so. That dependency is also NOT built into FreeRADIUS (or rlm_python), as it as no idea which Python library depends on which other Python library. I suggesting finding out out which library contains that symbol, and then re-building rlm_python to link to that library. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_Python - PyExc_IOError
Hi All I have look at this problem and I can not see how to fix it How much is it going to cost me to have someone login to a virtual machine I'll setup and fix this issue ASAP ? The fix would need to be done in such away that the standard Debian build scripts would be used and the patch sent back to the project. I'll like the patch for both 1.1.x and for current head. If someone is interested please contact me privately. Thanks Mike Alan DeKok wrote: Mike O'Connor wrote: I decided to try freeradius-2.0.0-pre2 and its give a much clear idea of the problem. The issue seems to be that the rlm_python module is having trouble loading dynamic code. I suspect it's a shared library problem. The time.so library depends on another one that contains PyExc_IOError. However, that dependency is NOT recorded in time.so. That dependency is also NOT built into FreeRADIUS (or rlm_python), as it as no idea which Python library depends on which other Python library. I suggesting finding out out which library contains that symbol, and then re-building rlm_python to link to that library. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_Python - PyExc_IOError
Hi Alan You are correct about it being an issue with time.so, because I just removed this module from my test code and added the module random instead and the freeradius loaded. Mike Alan DeKok wrote: Mike O'Connor wrote: I decided to try freeradius-2.0.0-pre2 and its give a much clear idea of the problem. The issue seems to be that the rlm_python module is having trouble loading dynamic code. I suspect it's a shared library problem. The time.so library depends on another one that contains PyExc_IOError. However, that dependency is NOT recorded in time.so. That dependency is also NOT built into FreeRADIUS (or rlm_python), as it as no idea which Python library depends on which other Python library. I suggesting finding out out which library contains that symbol, and then re-building rlm_python to link to that library. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_Python - PyExc_IOError
Hi All I'm happy to say I have fixed this issue. I'm not totally happy with the way I did it because it would not be portable if python was installed a different location. If some with a little more knowledge could add this correctly that would be great. # # $Id: Makefile.in,v 1.2.10.1 2006/02/10 19:47:17 nbk Exp $ # TARGET = @targetname@ SRCS = rlm_python.c HEADERS= /usr/include/python2.4/pyerrors.h - RLM_LIBS = @python_ldflags@ RLM_CFLAGS = @python_cflags@ include ../rules.mak $(LT_OBJS): $(HEADERS) Mike Mike O'Connor wrote: Hi All I have look at this problem and I can not see how to fix it How much is it going to cost me to have someone login to a virtual machine I'll setup and fix this issue ASAP ? The fix would need to be done in such away that the standard Debian build scripts would be used and the patch sent back to the project. I'll like the patch for both 1.1.x and for current head. If someone is interested please contact me privately. Thanks Mike Alan DeKok wrote: Mike O'Connor wrote: I decided to try freeradius-2.0.0-pre2 and its give a much clear idea of the problem. The issue seems to be that the rlm_python module is having trouble loading dynamic code. I suspect it's a shared library problem. The time.so library depends on another one that contains PyExc_IOError. However, that dependency is NOT recorded in time.so. That dependency is also NOT built into FreeRADIUS (or rlm_python), as it as no idea which Python library depends on which other Python library. I suggesting finding out out which library contains that symbol, and then re-building rlm_python to link to that library. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_Python - PyExc_IOError
Hi All Again I have not fixed it, with all the playing around with FreeRadius versions I had not got rlm_python loading when I believed I had fixed it. Mike :( Mike O'Connor wrote: Hi All I'm happy to say I have fixed this issue. I'm not totally happy with the way I did it because it would not be portable if python was installed a different location. If some with a little more knowledge could add this correctly that would be great. # # $Id: Makefile.in,v 1.2.10.1 2006/02/10 19:47:17 nbk Exp $ # TARGET = @targetname@ SRCS = rlm_python.c HEADERS= /usr/include/python2.4/pyerrors.h - RLM_LIBS = @python_ldflags@ RLM_CFLAGS = @python_cflags@ include ../rules.mak $(LT_OBJS): $(HEADERS) Mike Mike O'Connor wrote: Hi All I have look at this problem and I can not see how to fix it How much is it going to cost me to have someone login to a virtual machine I'll setup and fix this issue ASAP ? The fix would need to be done in such away that the standard Debian build scripts would be used and the patch sent back to the project. I'll like the patch for both 1.1.x and for current head. If someone is interested please contact me privately. Thanks Mike Alan DeKok wrote: Mike O'Connor wrote: I decided to try freeradius-2.0.0-pre2 and its give a much clear idea of the problem. The issue seems to be that the rlm_python module is having trouble loading dynamic code. I suspect it's a shared library problem. The time.so library depends on another one that contains PyExc_IOError. However, that dependency is NOT recorded in time.so. That dependency is also NOT built into FreeRADIUS (or rlm_python), as it as no idea which Python library depends on which other Python library. I suggesting finding out out which library contains that symbol, and then re-building rlm_python to link to that library. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_Python - PyExc_IOError
Hi Guys
Got a problem with rlm_python using 1.1.7 on Debian etch with no changes
to source other than to move rlm_python in to the stable modules file.
The module is in the path and an strace shows the file being found.
rlm_python:python_load_function: module 'radiusd_test' is not found
rlm_python:EXCEPT:exceptions.ImportError:
/usr/lib/python2.4/lib-dynload/time.so: undefined symbol: PyExc_IOError
rlm_python:python_load_function: failed to import python function
'radiusd_test.instantiate'
radiusd.conf[1]: python: Module instantiation failed.
Anyidea would be great
Thanks
Mike
--- File is found and loaded
open(/usr/lib/python2.4/site-packages/radiusd_test.py,
O_RDONLY|O_LARGEFILE) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=497, ...}) = 0
open(/usr/lib/python2.4/site-packages/radiusd_test.pyc,
O_RDONLY|O_LARGEFILE) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=1408, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7b67000
read(6, m\362\r\n[EMAIL PROTECTED]...,
4096) = 1408
fstat64(6, {st_mode=S_IFREG|0644, st_size=1408, ...}) = 0
read(6, , 4096) = 0
close(6)= 0
munmap(0xb7b67000, 4096)
--
= 0
stat64(/usr/lib/python24.zip/time, 0xbfa8422c) = -1 ENOENT (No such
file or directory)
open(/usr/lib/python24.zip/time.so, O_RDONLY|O_LARGEFILE) = -1 ENOENT
(No such file or directory)
open(/usr/lib/python24.zip/timemodule.so, O_RDONLY|O_LARGEFILE) = -1
ENOENT (No such file or directory)
open(/usr/lib/python24.zip/time.py, O_RDONLY|O_LARGEFILE) = -1 ENOENT
(No such file or directory)
open(/usr/lib/python24.zip/time.pyc, O_RDONLY|O_LARGEFILE) = -1 ENOENT
(No such file or directory)
stat64(/usr/lib/python2.4/time, 0xbfa8422c) = -1 ENOENT (No such file
or directory)
open(/usr/lib/python2.4/time.so, O_RDONLY|O_LARGEFILE) = -1 ENOENT (No
such file or directory)
open(/usr/lib/python2.4/timemodule.so, O_RDONLY|O_LARGEFILE) = -1
ENOENT (No such file or directory)
open(/usr/lib/python2.4/time.py, O_RDONLY|O_LARGEFILE) = -1 ENOENT (No
such file or directory)
open(/usr/lib/python2.4/time.pyc, O_RDONLY|O_LARGEFILE) = -1 ENOENT
(No such file or directory)
stat64(/usr/lib/python2.4/plat-linux2/time, 0xbfa8422c) = -1 ENOENT
(No such file or directory)
open(/usr/lib/python2.4/plat-linux2/time.so, O_RDONLY|O_LARGEFILE) =
-1 ENOENT (No such file or directory)
open(/usr/lib/python2.4/plat-linux2/timemodule.so,
O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open(/usr/lib/python2.4/plat-linux2/time.py, O_RDONLY|O_LARGEFILE) =
-1 ENOENT (No such file or directory)
open(/usr/lib/python2.4/plat-linux2/time.pyc, O_RDONLY|O_LARGEFILE) =
-1 ENOENT (No such file or directory)
stat64(/usr/lib/python2.4/lib-tk/time, 0xbfa8422c) = -1 ENOENT (No
such file or directory)
open(/usr/lib/python2.4/lib-tk/time.so, O_RDONLY|O_LARGEFILE) = -1
ENOENT (No such file or directory)
open(/usr/lib/python2.4/lib-tk/timemodule.so, O_RDONLY|O_LARGEFILE) =
-1 ENOENT (No such file or directory)
open(/usr/lib/python2.4/lib-tk/time.py, O_RDONLY|O_LARGEFILE) = -1
ENOENT (No such file or directory)
open(/usr/lib/python2.4/lib-tk/time.pyc, O_RDONLY|O_LARGEFILE) = -1
ENOENT (No such file or directory)
stat64(/usr/lib/python2.4/lib-dynload/time, 0xbfa8422c) = -1 ENOENT
(No such file or directory)
open(/usr/lib/python2.4/lib-dynload/time.so, O_RDONLY|O_LARGEFILE) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=15860, ...}) = 0
open(/usr/lib/python2.4/lib-dynload/time.so, O_RDONLY) = 7
read(7, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\22\0...,
512) = 512
fstat64(7, {st_mode=S_IFREG|0644, st_size=15860, ...}) = 0
mmap2(NULL, 19072, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 7, 0)
= 0xb79a6000
mmap2(0xb79a9000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 7, 0x2) = 0xb79a9000
close(7)= 0
munmap(0xb79a6000, 19072) = 0
close(6)= 0
close(5)= 0
futex(0x8010a620, FUTEX_WAKE, 1)= 0
time(NULL) = 1191313703
write(1, rlm_python:python_load_function:...,
68rlm_python:python_load_function: module 'radiusd_test' is not found
) = 68
futex(0x801083f8, FUTEX_WAKE, 1)= 0
time(NULL) = 1191313703
write(1, rlm_python:EXCEPT:exceptions.Imp...,
114rlm_python:EXCEPT:exceptions.ImportError:
/usr/lib/python2.4/lib-dynload/time.so: undefined symbol: PyExc_IOError
) = 114
futex(0x801083f8, FUTEX_WAKE, 1)= 0
time(NULL) = 1191313703
write(1, rlm_python:python_load_function:...,
93rlm_python:python_load_function: failed to import python function
'radiusd_test.instantiate'
) = 93
futex(0x801083f8, FUTEX_WAKE, 1)= 0
futex(0x801083f8, FUTEX_WAKE, 1)= 0
futex(0x801083f8, FUTEX_WAKE, 1)= 0
time(NULL) = 1191313703
write(1, radiusd.conf[1]: python: Module ..., 55radiusd.conf[1
Re: rlm_Python - PyExc_IOError
Mike O'Connor wrote: Got a problem with rlm_python using 1.1.7 on Debian etch with no changes to source other than to move rlm_python in to the stable modules file. The module is in the path and an strace shows the file being found. Is radiusd.py in the path? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_Python - PyExc_IOError
Hi Alan Is radiusd.py in the path? Yep in the same place as my own code /usr/lib/python2.4/site-packages/ Strace never shows that file being requested for loading. Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_Python - PyExc_IOError
Hi Guys I decided to try freeradius-2.0.0-pre2 and its give a much clear idea of the problem. The issue seems to be that the rlm_python module is having trouble loading dynamic code. Mike write(1, exceptions.ImportError: /usr/lib..., 97exceptions.ImportError: /usr/lib/python2.4/lib-dynload/time.so: undefined symbol: PyExc_IOError ) = 97 write(1, Failed to import python module \..., 47Failed to import python module radiusd_test ) = 47 write(1, /etc/freeradius/rlmpython.conf[1..., 76/etc/freeradius/rlmpython.conf[1]: Instantiation failed for module python ) = 76 write(1, /etc/freeradius/sites-enabled/de..., 76/etc/freeradius/sites-enabled/default[126]: Failed to find module python. ) = 76 write(1, /etc/freeradius/sites-enabled/de..., 79/etc/freeradius/sites-enabled/default[35]: Failed to parse authorize section. ) = 79 write(1, }\n, 3 } ) = 3 write(1, }\n, 2} ) = 2 write(1, Errors setting up modules\n, 26Errors setting up modules ) = 26 exit_group(1) = ? Process 1212 detached - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rlm_python - need documentation
Peter, thank you for your fast response. Can u also provide me some example of script, so I could understand how the module works? Again, it is bit difficult for me to find it out from the documentation which comes with freeradius. Ta, Dan On Mon 28 May 2007, UriCALL Support wrote: Hi All, I am in need of developing my own application using rlm_python. Can anybody inform me about some documentation available? From what I have found on Internet it looks like an isolate project with lack of users ... Anybody able to share the experience with me? Is it stable for production? Some patches went in recently to make it better based on code that reportedly has been running in production for over 12 months. YMMV. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rlm_python - need documentation
Hi All, I am in need of developing my own application using rlm_python. Can anybody inform me about some documentation available? From what I have found on Internet it looks like an isolate project with lack of users ... Anybody able to share the experience with me? Is it stable for production? Thxs in advance, Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Rlm_python - need documentation
On Mon 28 May 2007, UriCALL Support wrote: Hi All, I am in need of developing my own application using rlm_python. Can anybody inform me about some documentation available? From what I have found on Internet it looks like an isolate project with lack of users ... Anybody able to share the experience with me? Is it stable for production? Some patches went in recently to make it better based on code that reportedly has been running in production for over 12 months. YMMV. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl/rlm_python adding extra value pairs
Mike O'Connor wrote: I wish to add some extra valid pairs to accounting packets which are being proxied to other radius servers. If in the 'preacct' or the 'accounting' stage I was to add using rlm_python or rlm_perl value pairs would they be sent thought to the other radius servers ? Yes. It doesn't take too long to try it and see. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl/rlm_python adding extra value pairs
Hi All I wish to add some extra valid pairs to accounting packets which are being proxied to other radius servers. If in the 'preacct' or the 'accounting' stage I was to add using rlm_python or rlm_perl value pairs would they be sent thought to the other radius servers ? Thanks Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : rlm_python
Hi Guys Is anyone actually using rlm_python in production? We do. But with a home-made module, based on corrected module stored in bugzilla. We made adjustments in it to meet our customer needs, and it is therefore not reusable. Nevertheless, we did correct memory leaks, threading issues and accents problems in it, but I don't think it would be easy to retrofit inside standard module. Geoff. ___ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python
Peter Nixon wrote: Hi Guys Is anyone actually using rlm_python in production? Unlike rlm_perl we don't seem to have any example code or any decent documentation. I am looking at using it myself and just looking for some feedback.. Apply the patches from bugs.freeradius.org. They've been sitting there for a while. I think as-is, the module isn't that useful. It definitely needs attention before production use. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python
On Sat 27 Jan 2007 09:38, Alan DeKok wrote: Peter Nixon wrote: Hi Guys Is anyone actually using rlm_python in production? Unlike rlm_perl we don't seem to have any example code or any decent documentation. I am looking at using it myself and just looking for some feedback.. Apply the patches from bugs.freeradius.org. They've been sitting there for a while. I think as-is, the module isn't that useful. It definitely needs attention before production use. Hmm.. the only open bug I see against rlm_python is: http://bugs.freeradius.org/show_bug.cgi?id=182 Are there some others that I didn't manage to find? Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpravRImuG1l.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_python
Peter Nixon wrote: Hmm.. the only open bug I see against rlm_python is: http://bugs.freeradius.org/show_bug.cgi?id=182 Are there some others that I didn't manage to find? I recall someone re-writing much of the module to make it work. But I didn't have time to look over the patches, and so it didn't go anywhere. I'll see if I can dig up the code. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python
Hi Guys Is anyone actually using rlm_python in production? Unlike rlm_perl we don't seem to have any example code or any decent documentation. I am looking at using it myself and just looking for some feedback.. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpgEsy01iPRi.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous-Use implementation in rlm_python
Hi, I have noticed that more recent rlm_python versions have function bindings for implementing Simultaneous-Use checking in python module. Something like this ... python_init done Module: Loaded python python: mod_instantiate = pppoe python: func_instantiate = instantiate python: mod_authorize = pppoe python: func_authorize = authorize python: mod_authenticate = pppoe python: func_authenticate = authenticate python: mod_preacct = pppoe python: func_preacct = preacct python: mod_accounting = pppoe python: func_accounting = accounting python: mod_checksimul = pppoe python: func_checksimul = checksimul python: mod_detach = pppoe python: func_detach = detach Module: Instantiated python (PPPoE) ... What should func_checksimul return to signify that user is already logged on / not loged on ? Is it safe to use this feature in production ? Regards, Flamur Rogova - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_python question...
why radius say :
authorize: function call failedexceptions.TypeError: unsubscriptable object
belowis a modify radius_test.py
=
# Miguel A.L. Paraz [EMAIL PROTECTED]
import radiusdimport MySQLdb
def instantiate(p): print *** instantiate *** print p
def authorize(p): print *** authorize *** print radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***') print print p
dbHandle = MySQLdb.connect(db=radius, host=localhost, user=radius, passwd=radius)
userName = None userPasswd = None
for t in p: if t[0] == 'User-Name': userName = t[1] elif t[0] == 'Password': userPasswd = t[1]
sql = 'select value from radcheck where username = ' + userName + ' limit 1'
dbCursor = dbHandle.cursor() dbCursor.execute(sql) result = dbCursor.fetchone()
if not result: dbCursor.close() return radiusd.RLM_MODULE_NOTFOUND
if result[0] != userPasswd[1:-1]: return radiusd.RLM_MODULE_REJECT
dbCursor.close()
return (radiusd.RLM_MODULE_OK, (('Reply-Message', 'ok'),), (('Auth-Type', 'python'),))
def preacct(p): print *** preacct *** print p return radiusd.RLM_MODULE_OK
def accounting(p): print *** accounting *** radiusd.radlog(radiusd.L_INFO, '*** radlog call in accounting (0) ***') print print p return radiusd.RLM_MODULE_OK
def detach(): print *** goodbye from radiusd_test.py *** return radiusd.RLM_MODULE_OK
==
and my python.conf
==
python { mod_instantiate = radiusd_test func_instantiate = instantiate
mod_authorize = radiusd_test func_authorize = authorize
mod_accounting = radiusd_test func_accounting = accounting
mod_preacct = radiusd_test func_preacct = preacct
mod_detach = radiusd_test func_detach = detach
}
==
i had test original radiusd_test ,it's work well,
but i add the sql query,it's dont work...
and i also test the pure python script ,it's work well with import MySQLdb and some sql query...
i don't know why...please help me
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: status of rlm_python in 1.1.0 release
Ilia Chipitsine wrote: When that module will become non-experimental ? It has not been changing for years, maybe it can become regular module in 1.1.0 ? The module rlm_python is still experimental. There are known issues with this module. http://bugs.freeradius.org/show_bug.cgi?id=227 in the end of that discussion there's rewritten rlm_python.c if existing rlm_python is buggy why not to use better version ? -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: status of rlm_python in 1.1.0 release
Ilia Chipitsine [EMAIL PROTECTED] wrote: if existing rlm_python is buggy why not to use better version ? Because the primary FreeRADIUS developers don't use python. Please use the updated module yourself, and if it works for you, email the list and say so. If no one says that the new module is better, it won't go in. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
status of rlm_python in 1.1.0 release
Dear Sirs, I just made diff between 1.0.4 and 1.1.0 rlm_python sources and they appear to be the same. When that module will become non-experimental ? It has not been changing for years, maybe it can become regular module in 1.1.0 ? We develop an application that uses rlm_python and we would like our customers to be able to run it against out of box compiled freeradius. It would be bad to tell each customer You know, our application uses rlm_python, which is still marked experimental and therefore You need to recompile freeradius ... We confirm that we didn't experience any problem with rlm_python. It behave quite robust and predictable. Cheers, Ilia Chipitsine - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: status of rlm_python in 1.1.0 release
Ilia Chipitsine wrote: When that module will become non-experimental ? It has not been changing for years, maybe it can become regular module in 1.1.0 ? The module rlm_python is still experimental. There are known issues with this module. http://bugs.freeradius.org/show_bug.cgi?id=227 -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl / rlm_python
Hi there, Could someone tell me what versions of freeradius have rlm_perl? I have a fedora box with freeradius 1.0.1 installed, I have downloaded the 1.0.4 version and it has references to rlm_perl in it. Do I have to install the 1.0.4 version to get rlm_perl? A very subjective question here... what is better to use rlm_perl or rlm_python? I would have to learn python, but if the general concensus is to go with python I'll do it. TIA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl / rlm_python
[EMAIL PROTECTED] wrote: Hi there, Could someone tell me what versions of freeradius have rlm_perl? All latest version have it. But it's unstable and therefore you have to compile from source using --with-experimental-modules Do I have to install the 1.0.4 version to get rlm_perl? No, but latest version is best :) A very subjective question here... what is better to use rlm_perl or rlm_python? I think that rlm_perl is likely to be supported better than rlm_python. I would have to learn python, but if the general concensus is to go with python I'll do it. Go for rlm_perl -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: [EMAIL PROTECTED] W: www.thor-spruyt.com www.salesguide.be www.telenethotspot.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_perl / rlm_python
I think there's a bug in the latest perl versions. When you are running Debian 3.1 (perl 5.8.4) and want experimental package you may want to link libperl.so into freeradius, if you don't you get an error when you start the freeradius server with rlm_perl enabled Like: /usr/sbin/freeradius: relocation error: /usr/lib/perl/5.8/auto/IO/IO.so: undefined symbol: Perl_Tstack_sp_ptr (failed! run '/usr/sbin/freeradius -x' to find out why.) I solved this with recompile configure option: --with-rlm-perl-lib-dir=/usr/lib/libperl.so.5.8.4 You also can do LD_PRELOAD=/usr/lib/libperl.so freeradius but I would suggest the first option... J. -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Thor Spruyt Verzonden: vrijdag 9 september 2005 23:19 Aan: FreeRadius users mailing list Onderwerp: Re: rlm_perl / rlm_python [EMAIL PROTECTED] wrote: Hi there, Could someone tell me what versions of freeradius have rlm_perl? All latest version have it. But it's unstable and therefore you have to compile from source using --with-experimental-modules Do I have to install the 1.0.4 version to get rlm_perl? No, but latest version is best :) A very subjective question here... what is better to use rlm_perl or rlm_python? I think that rlm_perl is likely to be supported better than rlm_python. I would have to learn python, but if the general concensus is to go with python I'll do it. Go for rlm_perl -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: [EMAIL PROTECTED] W: www.thor-spruyt.com www.salesguide.be www.telenethotspot.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
