Re: [RADIATOR] AuthBy External under Windows hangs

2016-12-16 Thread Heikki Vatiainen 

On 15.12.2016 20.59, Víktu Pons i Colomer wrote:


The issue is that I see in the logs that it runs the script, but then it
never returns to radiator, and the daemon will stop processing requests.
Basically, it hangs waiting for the response of the script.

I am running Server 2012 R2 with Strawberry Perl 5.18

Am I doing something wrong? Is this a bug?


Thanks for reporting this. I think your approach is correct and this is 
a problem that shows on Windows platform and is caused by the way 
Radiator calls the script. After a quick look it might be that we need 
to change how the call is done on Windows to make it reliable.


My suggestion is to consider AuthBy INTERNAL and its hooks to process 
the request. You might even be able to do it more easily since you don't 
have to prepare an external script if you can do everything with a hook. 
See goodies/logformat.cfg for an example of how to create a module for 
the hooks. This might be useful if the hook starts to become large and 
it would be useful, for example, to split it in separate functions.


If you want to stay with AuthBy EXTERNAL, you should change to a 
unix-like host. There the current way of running external commands works 
better since it uses very unix-like methods for inter process 
communications.


Thanks,
Heikki

--
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, 
NetWare etc.

___
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

[RADIATOR] AuthBy External under Windows hangs

2016-12-15 Thread Víktu Pons i Colomer 
Hi all, I am trying to configure an  that will get VLAN 
information from our JIRA inventory using MAC authentication.

I am trying to achieve this using a perl script, but I am starting from the 
first as it does not work for me.

I just configured this Handler:


 
   Command "C:\perl\perl\bin\perl.exe C:\PROGRA~1\Radiator\MACAuth.pl"
   ResultInOutput
 


The "MACAuth.pl" script is by now the perl sample found in the goodies 
directory, but slightly modified (code follows)

The issue is that I see in the logs that it runs the script, but then it never 
returns to radiator, and the daemon will stop processing requests. Basically, 
it hangs waiting for the response of the script.

I am running Server 2012 R2 with Strawberry Perl 5.18

Am I doing something wrong? Is this a bug?

This is the code of the script. Thank you!

#
# testcommand
# Example to demonstrate how to handle AuthBy EXTERNAL, using
# a perl script
#
# The incoming attributes are on stdin, one per line in to format
# attribute-name = value
# Some will have quoted values, and some wont
#
my $log = "C:\\Program Files\\Radiator\\log.txt";
while (<>)
{
chomp;
open(my $fh, '>>', $log);

if ($_ =~ /^\s*([^\s=]+)\s*=\s*"((\\"|[^"])*)"/)
{
# Quoted value
$input{$1} = $2;
}
elsif ($_ =~ /^([^\s=]+)\s*=\s*(.*)/)
{
# Unquoted value
$input{$1} = $2;
}
print $fh "$1 = $2\n";
close $fh;
}

# Now have all the incoming attributes in %input
# As a test we will see if User-Name is fred. If so,
# we will accept, else reject with a suitable Reply-Message
# You can set other reply attributes too, if you like.
# The exit value indicates accept or reject:
# 0 = Accept
# 1 = Reject
# 2 = Ignore
# 3 = Challenge
# Alternatively you can print one of the strings ACCEPT, REJECT
# IGNORE CHALLENGE or REJECT_IMMEDIATE on the first line if
# you are using ResultInOutput
if ($input{'User-Name'} eq '0022411fdeba')
{
print "ACCEPT\n"; # If you are using ResultInOutput
print "Tunnel-Type = VLAN\n";
print "Tunnel-Medium-Type = Ether_802\n";
print "Tunnel-Private-Group-ID = 15\n";
sleep 1;
exit 0; # accept, if not using ResultInOutput
}
else
{
print "REJECT\n"; # If you are using ResultInOutput
sleep 1;
exit 1; # reject, if not using ResultInOutput
}





-
Viktu Pons i Colomer
-

___
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator