Hi Peter, Thanks, that was the missing part for me - I think. Just let me verify that I got you correctly:
1. My OpenSER will send a request to FreeRadius including the full digest information. 2. Once the request in intercepted by FreeRadius, my rlm_perl will simply need to ask the TCP server for the password of the user. 3. Once that password had been retrieved, I'll simply set the RAD_REPLY{'Cleartext-ssword'} to the password that was retrieved from the TCP server. 4. Once the rlm_perl script returns with the OK setting, the rest will be handled by the digest module. Have I got it right this time? sorry for being a bit of a pain. Z2L ----- Original Message ----- From: "Peter Nixon" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Wednesday, July 25, 2007 5:05:02 PM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question Several people have already told you this, but I am going to have another go at it. You want to do Digest Authentication. That great. FreeRADIUS knows how to do it. All you have to do is supply the Cleartext-Password. You tell us that you have some propriatary system which holds your passwords that you need to access over a TCP socket. Great. Feel free to do so. Basically you need to: a) Have the digest module enabled in the _authorize_ AND _authenticate_ sections of radiusd.conf b) Get the password from your backend using perl and return it to FreeRADIUS in the _authorize_ section as: PaCleartext-ssword := "yoursupersecretpassword" This is ALL you should have to do! Do not do anything else! Please. Just dont! Cheers Peter On Wed 25 Jul 2007, FreeRadius-ML wrote: > Ok, > > What I'm trying to do is have FreeRadius perform its AAA functions again > a PERL based backend, which reads the user information from a proprietary > system - via a TCP interface. > > The authorization section and the authenticate section both have PERL > enabled in them. > > (I removed the remarks for easier reading) - the first digest is > commented, but right after perl there is another one. > ---------- SNIP ------------ > authorize { > preprocess > auth_log > # attr_filter > # chap > # mschap > # digest > # IPASS > # suffix > # ntdomain > # eap > # files > digest > perl > # sql > # etc_smbpasswd > # ldap > # daily > # checkval > # pap > } > --------------------------- > You are correct in regards to the authentication section (see below), I > missed that one: --------- SNIP ------------ > authenticate { > # Auth-Type PAP { > # > # pap > # > # } > # Auth-Type CHAP { > # > # chap > # > # } > # Auth-Type MS-CHAP { > # > # mschap > # > # } > # digest > # pam > unix > # Auth-Type LDAP { > # > # ldap > # > # } > # eap > perl > } > --------------------------- > > I may be going about it all wrong, which I'm not ruling out. If you have > something specific to point me at, please do. > > Regards, > Z2L > ----- Original Message ----- > From: "A L M Buxey" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED], "FreeRadius users mailing list" > <freeradius-users@lists.freeradius.org> Sent: Wednesday, July 25, 2007 > 2:12:55 PM (GMT+0200) Asia/Jerusalem Subject: Re: rml_perl question > > Hi, > > you dont have perl enabled in the authorise section of your config...you > dont have digest enabled in your authorise or authenticate sections > either. what are you trying to acheive? -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html