Greetings,
Firstly, thanks for freeradius, it's very good, and getting better all the time.
I'm using the 0.9.3 tar ball, compiled locally and have included rlm_perl in the standard list of modules to build.
I'm trying to use my own hand rolled perl module as my authentication and authorization and accounting. I have a mixed environment where I need to look at an Active Directory with LDAP, a local mysql database... and I think I should be able to do it all in a perl module. My initial program is based on the example.pl from the src/modules/rlm_perl/ directory. I've got my code responding with 'return RLM_MODULE_OK;' after each authenticate, authorize section, but writing some data to debugging logs as an initial test.
What I want to know, is how the rlm_ldap, rlm_pam etc set the 'Auth-Type' variable, to tell freeradius, that this authentication method is available. I've tried adding the line 'authtype=PERL' to the modules config, similar to the chap example config... but am I missing something fundamental about the process that freeradius is following.
Sorry for such an inane question, but I've tried to figure this out myself. I realise that if I could use sql and ldap modules.. but I think the rlm_perl module should be able to do this for me as well. So what to do?
This is my config:
radiusd.config: ---------------------- modules { perl { module = "/usr/local/freeradius/perl/murdoch.pl" func_accounting = "accounting" func_authorization = "authorization" func_authentication = "authentication" } authorize { perl } authenticate { perl } preacct { preprocess suffix } accounting { detail perl radutmp } session { radutmp } post-auth { } pre-proxy { } post-proxy { } ----------------------
Debug output:
parrot:/usr/local/freeradius/lib# ../sbin/radiusd -xxxx
Mon Feb 16 09:56:26 2004 : Info: Starting - reading configuration files ...
Mon Feb 16 09:56:26 2004 : Debug: reread_config: reading radiusd.conf
Mon Feb 16 09:56:26 2004 : Debug: Config: including file: /usr/local/freeradius/etc/raddb/proxy.conf
Mon Feb 16 09:56:26 2004 : Debug: Config: including file: /usr/local/freeradius/etc/raddb/clients.conf
Mon Feb 16 09:56:26 2004 : Debug: Config: including file: /usr/local/freeradius/etc/raddb/snmp.conf
Mon Feb 16 09:56:26 2004 : Debug: main: prefix = "/usr/local/freeradius"
Mon Feb 16 09:56:26 2004 : Debug: main: localstatedir = "/usr/local/freeradius/var"
Mon Feb 16 09:56:26 2004 : Debug: main: logdir = "/usr/local/freeradius/var/log/radius"
Mon Feb 16 09:56:26 2004 : Debug: main: libdir = "/usr/local/freeradius/lib"
Mon Feb 16 09:56:26 2004 : Debug: main: radacctdir = "/usr/local/freeradius/var/log/radius/radacct"
Mon Feb 16 09:56:26 2004 : Debug: main: hostname_lookups = no
Mon Feb 16 09:56:26 2004 : Debug: main: max_request_time = 30
Mon Feb 16 09:56:26 2004 : Debug: main: cleanup_delay = 5
Mon Feb 16 09:56:26 2004 : Debug: main: max_requests = 1024
Mon Feb 16 09:56:26 2004 : Debug: main: delete_blocked_requests = 0
Mon Feb 16 09:56:26 2004 : Debug: main: port = 0
Mon Feb 16 09:56:26 2004 : Debug: main: allow_core_dumps = no
Mon Feb 16 09:56:26 2004 : Debug: main: log_stripped_names = no
Mon Feb 16 09:56:26 2004 : Debug: main: log_file = "/usr/local/freeradius/var/log/radius/radius.log"
Mon Feb 16 09:56:26 2004 : Debug: main: log_auth = no
Mon Feb 16 09:56:26 2004 : Debug: main: log_auth_badpass = no
Mon Feb 16 09:56:26 2004 : Debug: main: log_auth_goodpass = no
Mon Feb 16 09:56:26 2004 : Debug: main: pidfile = "/usr/local/freeradius/var/run/radiusd/radiusd.pid"
Mon Feb 16 09:56:26 2004 : Debug: main: user = "(null)"
Mon Feb 16 09:56:26 2004 : Debug: main: group = "(null)"
Mon Feb 16 09:56:26 2004 : Debug: main: usercollide = no
Mon Feb 16 09:56:26 2004 : Debug: main: lower_user = "no"
Mon Feb 16 09:56:26 2004 : Debug: main: lower_pass = "no"
Mon Feb 16 09:56:26 2004 : Debug: main: nospace_user = "no"
Mon Feb 16 09:56:26 2004 : Debug: main: nospace_pass = "no"
Mon Feb 16 09:56:26 2004 : Debug: main: checkrad = "/usr/local/freeradius/sbin/checkrad"
Mon Feb 16 09:56:26 2004 : Debug: main: proxy_requests = yes
Mon Feb 16 09:56:26 2004 : Debug: proxy: retry_delay = 5
Mon Feb 16 09:56:26 2004 : Debug: proxy: retry_count = 3
Mon Feb 16 09:56:26 2004 : Debug: proxy: synchronous = no
Mon Feb 16 09:56:26 2004 : Debug: proxy: default_fallback = yes
Mon Feb 16 09:56:26 2004 : Debug: proxy: dead_time = 120
Mon Feb 16 09:56:26 2004 : Debug: proxy: post_proxy_authorize = yes
Mon Feb 16 09:56:26 2004 : Debug: proxy: wake_all_if_all_dead = no
Mon Feb 16 09:56:26 2004 : Debug: security: max_attributes = 200
Mon Feb 16 09:56:26 2004 : Debug: security: reject_delay = 1
Mon Feb 16 09:56:26 2004 : Debug: security: status_server = no
Mon Feb 16 09:56:26 2004 : Debug: main: debug_level = 0
Mon Feb 16 09:56:26 2004 : Debug: read_config_files: reading dictionary
Mon Feb 16 09:56:26 2004 : Debug: read_config_files: reading naslist
Mon Feb 16 09:56:26 2004 : Info: Using deprecated naslist file. Support for this will go away soon.
Mon Feb 16 09:56:26 2004 : Debug: read_config_files: reading clients
Mon Feb 16 09:56:26 2004 : Info: Using deprecated clients file. Support for this will go away soon.
Mon Feb 16 09:56:26 2004 : Debug: read_config_files: reading realms
Mon Feb 16 09:56:26 2004 : Info: Using deprecated realms file. Support for this will go away soon.
Mon Feb 16 09:56:26 2004 : Debug: radiusd: entering modules setup
Mon Feb 16 09:56:26 2004 : Debug: Module: Library search path is /usr/local/freeradius/lib
Mon Feb 16 09:56:26 2004 : Debug: Module: Loaded expr
Mon Feb 16 09:56:26 2004 : Debug: Module: Instantiated expr (expr)
Mon Feb 16 09:56:26 2004 : Debug: Module: Loaded perl
Mon Feb 16 09:56:26 2004 : Debug: perl: module = "/usr/local/freeradius/perl/murdoch.pl"
Mon Feb 16 09:56:26 2004 : Debug: perl: func_authorize = "authorize"
Mon Feb 16 09:56:26 2004 : Debug: perl: func_authenticate = "authenticate"
Mon Feb 16 09:56:26 2004 : Debug: perl: func_accounting = "accounting"
Mon Feb 16 09:56:26 2004 : Debug: perl: func_preacct = "preacct"
Mon Feb 16 09:56:26 2004 : Debug: perl: func_checksimul = "checksimul"
Mon Feb 16 09:56:26 2004 : Debug: perl: func_detach = "detach"
Mon Feb 16 09:56:26 2004 : Debug: perl: func_xlat = "xlat"
Mon Feb 16 09:56:26 2004 : Debug: perl: perl_flags = "(null)"
Mon Feb 16 09:56:26 2004 : Debug: perl: func_start_accounting = "(null)"
Mon Feb 16 09:56:26 2004 : Debug: perl: func_stop_accounting = "(null)"
Mon Feb 16 09:56:26 2004 : Debug: perl: max_clones = 32
Mon Feb 16 09:56:26 2004 : Debug: perl: start_clones = 5
Mon Feb 16 09:56:26 2004 : Debug: perl: min_spare_clones = 3
Mon Feb 16 09:56:26 2004 : Debug: perl: max_spare_clones = 3
Mon Feb 16 09:56:26 2004 : Debug: perl: cleanup_delay = 5
Mon Feb 16 09:56:26 2004 : Debug: perl: max_request_per_clone = 0
Mon Feb 16 09:56:26 2004 : Debug: Module: Instantiated perl (perl)
Mon Feb 16 09:56:26 2004 : Debug: Module: Loaded preprocess
Mon Feb 16 09:56:26 2004 : Debug: preprocess: huntgroups = "/usr/local/freeradius/etc/raddb/huntgroups"
Mon Feb 16 09:56:26 2004 : Debug: preprocess: hints = "/usr/local/freeradius/etc/raddb/hints"
Mon Feb 16 09:56:26 2004 : Debug: preprocess: with_ascend_hack = no
Mon Feb 16 09:56:26 2004 : Debug: preprocess: ascend_channels_per_line = 23
Mon Feb 16 09:56:26 2004 : Debug: preprocess: with_ntdomain_hack = no
Mon Feb 16 09:56:26 2004 : Debug: preprocess: with_specialix_jetstream_hack = no
Mon Feb 16 09:56:26 2004 : Debug: preprocess: with_cisco_vsa_hack = no
Mon Feb 16 09:56:26 2004 : Debug: Module: Instantiated preprocess (preprocess)
Mon Feb 16 09:56:26 2004 : Debug: Module: Loaded realm
Mon Feb 16 09:56:26 2004 : Debug: realm: format = "suffix"
Mon Feb 16 09:56:26 2004 : Debug: realm: delimiter = "@"
Mon Feb 16 09:56:26 2004 : Debug: Module: Instantiated realm (suffix)
Mon Feb 16 09:56:26 2004 : Debug: Module: Loaded Acct-Unique-Session-Id
Mon Feb 16 09:56:26 2004 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
Mon Feb 16 09:56:26 2004 : Debug: Module: Instantiated acct_unique (acct_unique)
Mon Feb 16 09:56:26 2004 : Debug: Module: Loaded detail
Mon Feb 16 09:56:26 2004 : Debug: detail: detailfile = "/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Mon Feb 16 09:56:26 2004 : Debug: detail: detailperm = 384
Mon Feb 16 09:56:26 2004 : Debug: detail: dirperm = 493
Mon Feb 16 09:56:26 2004 : Debug: detail: locking = no
Mon Feb 16 09:56:26 2004 : Debug: Module: Instantiated detail (detail)
Mon Feb 16 09:56:26 2004 : Debug: Module: Loaded radutmp
Mon Feb 16 09:56:26 2004 : Debug: radutmp: filename = "/usr/local/freeradius/var/log/radius/radutmp"
Mon Feb 16 09:56:26 2004 : Debug: radutmp: username = "%{User-Name}"
Mon Feb 16 09:56:26 2004 : Debug: radutmp: case_sensitive = yes
Mon Feb 16 09:56:26 2004 : Debug: radutmp: check_with_nas = yes
Mon Feb 16 09:56:26 2004 : Debug: radutmp: perm = 384
Mon Feb 16 09:56:26 2004 : Debug: radutmp: callerid = yes
Mon Feb 16 09:56:26 2004 : Debug: Module: Instantiated radutmp (radutmp)
Mon Feb 16 09:56:26 2004 : Debug: Initializing the thread pool...
Mon Feb 16 09:56:26 2004 : Debug: thread: start_servers = 5
Mon Feb 16 09:56:26 2004 : Debug: thread: max_servers = 32
Mon Feb 16 09:56:26 2004 : Debug: thread: min_spare_servers = 3
Mon Feb 16 09:56:26 2004 : Debug: thread: max_spare_servers = 10
Mon Feb 16 09:56:26 2004 : Debug: thread: max_requests_per_server = 0
Mon Feb 16 09:56:26 2004 : Debug: thread: cleanup_delay = 5
Mon Feb 16 09:56:26 2004 : Debug: Thread 1 waiting to be assigned a request
Mon Feb 16 09:56:26 2004 : Debug: Thread spawned new child 1. Total threads in pool: 1
Mon Feb 16 09:56:26 2004 : Debug: Thread 2 waiting to be assigned a request
Mon Feb 16 09:56:26 2004 : Debug: Thread spawned new child 2. Total threads in pool: 2
Mon Feb 16 09:56:26 2004 : Debug: Thread spawned new child 3. Total threads in pool: 3
Mon Feb 16 09:56:26 2004 : Debug: Thread 3 waiting to be assigned a request
Mon Feb 16 09:56:26 2004 : Debug: Thread 4 waiting to be assigned a request
Mon Feb 16 09:56:26 2004 : Debug: Thread spawned new child 4. Total threads in pool: 4
Mon Feb 16 09:56:26 2004 : Debug: Thread 5 waiting to be assigned a request
Mon Feb 16 09:56:26 2004 : Debug: Thread spawned new child 5. Total threads in pool: 5
Mon Feb 16 09:56:26 2004 : Info: Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Mon Feb 16 09:56:26 2004 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 134.115.81.61:4506, id=13, length=60
Mon Feb 16 09:56:31 2004 : Debug: Thread 1 assigned request 0
Mon Feb 16 09:56:31 2004 : Debug: --- Walking the entire request list ---
Mon Feb 16 09:56:31 2004 : Debug: Thread 1 handling request 0, (1 handled so far)
Mon Feb 16 09:56:31 2004 : Debug: Threads: total/active/spare threads = 5/1/4
Mon Feb 16 09:56:31 2004 : Debug: Waking up in 5 seconds...
User-Name = "testuser"
User-Password = "testpasswd"
NAS-IP-Address = 134.115.81.61
Framed-Protocol = PPP
Mon Feb 16 09:56:31 2004 : Debug: modcall: entering group authorize for request 0
Mon Feb 16 09:56:31 2004 : Debug: modsingle[authorize]: calling perl (rlm_perl) for request 0
Mon Feb 16 09:56:31 2004 : Debug: perl_pool: item 0x8117340 asigned new request. Handled so far: 1
Mon Feb 16 09:56:31 2004 : Debug: found interpetator at address 0x8117340
Mon Feb 16 09:56:31 2004 : Debug: perl_pool total/active/spare [5/0/5]
Mon Feb 16 09:56:31 2004 : Debug: Unreserve perl at address 0x8117340
Mon Feb 16 09:56:31 2004 : Debug: modsingle[authorize]: returned from perl (rlm_perl) for request 0
Mon Feb 16 09:56:31 2004 : Debug: modcall[authorize]: module "perl" returns ok for request 0
Mon Feb 16 09:56:31 2004 : Debug: modcall: group authorize returns ok for request 0
Mon Feb 16 09:56:31 2004 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Mon Feb 16 09:56:31 2004 : Debug: auth: Failed to validate the user.
Mon Feb 16 09:56:31 2004 : Debug: Delaying request 0 for 1 seconds
Mon Feb 16 09:56:31 2004 : Debug: Finished request 0
Mon Feb 16 09:56:31 2004 : Debug: Going to the next request
Mon Feb 16 09:56:31 2004 : Debug: Thread 1 waiting to be assigned a request
(test NAS is NTRadPing)
Any ideas how to sort out the 'Auth-Type' to make freeradius use the targeted perl module? Do I need to look to a later version of rlm_perl and the copy in CVS?
Is it a setting in users? ie 'Default.Auth-Type := perl' ?
Sorry to ask this inane question, when LDAP and SQL can already do this stuff for me, I'm really trying to understand the program flow of freeradius, and how it's internals work... but without spending too much time readind the source code. :-)
Thanks Mike Groeneweg
-- -=--=--=--=--=--=--=--=--=--=--=--=--=+-=--=--=--=--=--=--=--=--=--=--=- ,-._|\ Network Administrator | Ph: (+618) 9360 2766 / .au \ IT Services | Fax: (+618) 9360 6156 x_,--._/ Murdoch University, W.A. | ICQ: 519641 v |SMTP: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature