Hi Alan, Of course I updated the PERL script. I simply modified the debug function to be:
sub log_request_attributes { # This shouldn't be done in production environments! # This is only meant for debugging! for (keys %RAD_REQUEST) { &radiusd::radlog(1, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}"); } for (keys %RAD_CHECK) { &radiusd::radlog(1, "RAD_CHECK: $_ = $RAD_CHECK{$_}"); } for (keys %RAD_REPLY) { &radiusd::radlog(1, "RAD_REPLY: $_ = $RAD_REPLY{$_}"); } } I hadn't set Auth-Type in radiusd.conf, according to references I've recieved, the only Auth-Type directive I've added in the users.conf file. Just for checking, I've removed the directive from the users.conf file, and now I'm getting the following in the debug: rad_recv: Access-Request packet from host 192.168.2.80:43824, id=122, length=194 User-Name = "[EMAIL PROTECTED]" Digest-Attributes = 0x0a05313031 Digest-Attributes = 0x010e3139322e3136382e322e3830 Digest-Attributes = 0x022a34366130353033393832656466366336633065373730373531633335383536346266646632346562 Digest-Attributes = 0x04127369703a3139322e3136382e322e3830 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "897c22eebf92577a23d3d2e91a360d67" Service-Type = IAPP-Register Sip-Uri-User = "101" NAS-Port = 5060 NAS-IP-Address = 192.168.2.80 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 radius_xlat: '/usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070720' rlm_detail: /usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/freeradius/var/log/radius/radacct/192.168.2.80/auth-detail-20070720 modcall[authorize]: module "auth_log" returns ok for request 8 rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 8 perl_pool: item 0xa587328 asigned new request. Handled so far: 1 found interpetator at address 0xa587328 rlm_perl: RAD_REQUEST: Client-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: Digest-Response = 897c22eebf92577a23d3d2e91a360d67 rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED] rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: NAS-Port = 5060 rlm_perl: RAD_REQUEST: Sip-Uri-User = 101 rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0xa64592c) perl_pool total/active/spare [32/0/32] Unreserve perl at address 0xa587328 modcall[authorize]: module "perl" returns ok for request 8 modcall: leaving group authorize (returns ok) for request 8 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [EMAIL PROTECTED]/<no User-Password attribute>] (from client 192.168.2.80 port 5060) Delaying request 8 for 1 seconds Finished request 8 Going to the next request Cleaning up request 7 ID 121 with timestamp 46a03e12 As a reference, I'm uploading my configuration files to pastebin.com, according to the following: radiusd.conf - http://pastebin.com/f31b5226b rlm_perl.pl - http://pastebin.com/f15f198ca users.conf - Everything is commented in, which means basically an empty file Alan, i'm asking these questions as I want to understand the possibilities and the various options that exist. I'm fully aware of the configuration of Digest and how to make digest work with a MySQL backend, that worked without a problem and I was able to understand how to start playing around with it to make do what I want it to do. My only problem here is that I'm now playing around with rlm_perl, which appears to be a bit more complex in the way it does things. For example, I've looked into the documentation, I hadn't seen any document explaining the information transfer between the rlm_perl script and the digest mechanism. The documentation describes how to work with rlm_perl, how to write your own script and so on. But that little piece of information is missing from it. The general information in the documentation is much better than in most OSS projects I know, however, the lack of examples and the fact that most people tend to work with some form of SQL/LDAP backend, makes any other usage beyond that a bit more complicated for the novice FreeRadius user. Alan, just to make something clear, I think FreeRadius is a wonderful tool. I've used it in conjunction with GnuGK to build a multi-million minute H323 routing switch back in 2003, which is still working till today (switching over 25 million minutes a month). I've used in conjunction with Cisco Access Servers to create various Dial-IN PPP access routers, and I've used it as a backend for Cisco L2TP/PPTP services, which were all working off of MySQL, and work to this day - in other words, I know my way around FreeRadius fairly well. The first time I ran into a situation I actually needed to talk to someone on the list is now. I'm currently in the process of writing a document explaining my findings, and maybe also help others use rlm_perl, but you have to understand that while I may seem a little nagging, it is purely due to my Israeli nature that tends to get the better of me - and my general desire to understand what I'm doing. Regards, Z2L ----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Tuesday, July 24, 2007 6:22:27 PM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question FreeRadius-ML wrote: > Yes, that was the initial idea. However, $RAD_CHECK{User-Password}, at > least according to > my log file doesn't exist: I don't understand. Did you update the Perl script to set that? Or are you just looking at the debug output, and expecting to see $RAD_CHECK{User-Password} somehow magically appear? So... what Perl script are you using? Post it. > rlm_perl: RAD_CHECK: Auth-Type = perl I'm about ready to stop answering your messages. Every single thing in the documentation, and what you've been told here has said DO NOT SET AUTH-TYPE. Yet... there you go setting it. Honestly, I just don't understand why you're so insistent on ignoring the advice you're given here. Damn near all of the problems you're running into are because you're working hard to break things. If you're not going to follow the advice given here, stop asking questions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html