I'd like to put a value in Cleartext-Password (for chap authentifiaction) and
add a reply attribute Callback-Number. I get these data from a ldap server, my
script work well to get the data but I have trouble for using them outside the
script.
For troubleshooting I use a simplified version with fix values, I call the perl
module again for authenticate in order to see if the request is well updated:
example.pl:
sub authorize {
if ($RAD_REQUEST{'Service-Type'} = "Framed-User"){
$RAD_CHECK{'Cleartext-Password'} = "11111";
$RAD_REPLY{'Callback-Number'} = "Number";
return RLM_MODULE_OK }
else {return RLM_MODULE_REJECT}
}
sub authenticate {
if ($RAD_REQUEST{'Service-Type'} = "Framed-User"){
return RLM_MODULE_OK }
else {return RLM_MODULE_REJECT}
}
Here is the output in freeradius log:
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.0.11 port 60818, id=88,
length=127
User-Name = "testuser"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
CHAP-Password = 0x3511b30139b6c14a8147fdfa0e39141b75
CHAP-Challenge = 0x31323334353637383930313233343536
+- entering group authorize {...}
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[chap] Setting 'Auth-Type := CHAP'
++[chap] returns ok
GOT CLONE 873921248 0x1d0e030
rlm_perl: Added pair NAS-Port-Type = Async
rlm_perl: Added pair CHAP-Password = 0x3511b30139b6c14a8147fdfa0e39141b75
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 987654321
rlm_perl: Added pair Called-Station-Id = 123456789
rlm_perl: Added pair CHAP-Challenge = 0x31323334353637383930313233343536
rlm_perl: Added pair User-Name = testuser
rlm_perl: Added pair NAS-Identifier = 203.63.154.1
rlm_perl: Added pair NAS-IP-Address = 203.63.154.1
rlm_perl: Added pair NAS-Port = 1234
rlm_perl: Added pair Auth-Type = CHAP
++[perl] returns ok
[attr_filter.pre-auth] expand: %{Realm} ->
++[attr_filter.pre-auth] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = CHAP
+- entering group CHAP {...}
rlm_perl: Added pair NAS-Port-Type = Async
rlm_perl: Added pair CHAP-Password = 0x3511b30139b6c14a8147fdfa0e39141b75
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Called-Station-Id = 123456789
rlm_perl: Added pair Calling-Station-Id = 987654321
rlm_perl: Added pair CHAP-Challenge = 0x31323334353637383930313233343536
rlm_perl: Added pair User-Name = testuser
rlm_perl: Added pair NAS-Identifier = 203.63.154.1
rlm_perl: Added pair NAS-Port = 1234
rlm_perl: Added pair NAS-IP-Address = 203.63.154.1
rlm_perl: Added pair Auth-Type = CHAP
++[perl] returns ok
[chap] login attempt by "testuser" with CHAP password
[chap] Cleartext-Password is required for authentication
++[chap] returns invalid
Failed to authenticate the user.
Login incorrect (rlm_chap: Clear text password not available):
[testuser/<CHAP-Password>] (from client ext port 1234 cli 987654321)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> testuser
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 88 to 172.16.0.11 port 60818
Waking up in 4.9 seconds.
Obviously I did something wrong, but cant figure out what. Any Idea ?
-----Message d'origine-----
De : freeradius-users-bounces+aurelien.jund=sfr....@lists.freeradius.org
[mailto:freeradius-users-bounces+aurelien.jund=sfr....@lists.freeradius.org] De
la part de Boian Jordanov
Envoyé : mercredi 25 août 2010 23:30
À : FreeRadius users mailing list
Cc : Boian Jordanov
Objet : Re: rlm_perl error
On Aug 25, 2010, at 4:47 PM, JUND, Aurélien wrote:
> I'm running freeradius-server-2.1.7. I found this information in the default
> perl module configuration file.
>
> ----------
> De : freeradius-users-bounces+aurelien.jund=sfr....@lists.freeradius.org
> [mailto:freeradius-users-bounces+aurelien.jund=sfr....@lists.freeradius.org]
> De la part de Alan DeKok
> Envoyé : mercredi 25 août 2010 14:35
> À : FreeRadius users mailing list
> Objet : Re: rlm_perl error
>
> Bjørn Mork wrote:
>> "JUND, Aurélien" <aurelien.j...@sfr.com> writes:
>>
>>> 3 hashes are given to the module and filled with value-pairs (Attribute
>>> names and values):
>>>
>>> # %RAD_CHECK Read-only Check items
>>> # %RAD_REQUEST Read-only Attributes from the request
>>> # %RAD_REPLY Read-write Attributes for the reply
modules/perl ... this have to be updated.
all hashes are read-write
>>>
>>> Why are %RAD_CHECK and %RAD_REQUEST Read-Only?
>>
>> I believe this is wrong. rlm_perl copies data back from all 5 hashes
>> (RAD_REQUEST, RAD_REPLY, RAD_CHECK, RAD_REQUEST_PROXY,
>> RAD_REQUEST_PROXY_REPLY):
>
> It may be correct if he's running a very old version of the server.
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
