Hello, I'm working with Freeradius 2.1.10
I want to authorize an user usng a multivaluated attribute (Relaciones), so I use perl. The values of the attribute Relaciones are store in ldap. Nombre-Completo is another attribute store in ldap. "Relaciones" is a integer value. An user is authorize if have one attribute "Relaciones" with a positive value (no + sign). Relaciones, Nombre-Completo and Codigo-Reject are vendor specific attributes defined in /usr/share/freeradius/dictionary.rinuex My script perl is: # cat /etc/freeradius/perl/checkRelaciones.pm #!/usr/bin/perl use strict; use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK); #use Data::Dumper; use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */ use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */ sub authorize { my $refRelaciones; if (exists $RAD_REPLY{'Relaciones'} && defined $RAD_REPLY{'Relaciones'}){ $refRelaciones=$RAD_REPLY{'Relaciones'}; foreach (@{$refRelaciones}) { if ($_ =~ /^[0-9]{2}/) { return RLM_MODULE_OK; } } $RAD_REPLY{'Codigo-Reject'}=11; #Sin-Relacion } return RLM_MODULE_REJECT; } Everything works fine. My problem is that rlm_perl duplicate an attribute in %RAD_REPLY hash. Debug: rad_recv: Access-Request packet from host x.x.x.x port 56822, id=100, length=75 User-Name = "a...@unex.es" User-Password = "1111" Calling-Station-Id = "..." server rinuex { ... [ldap1] looking for check items in directory... [ldap1] ntPassword -> NT-Password == 0x3.. [ldap1] looking for reply items in directory... [ldap1] Relaciones -> Relaciones += "03" [ldap1] sn -> Nombre-Completo = "Ana Gallardo" WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? [ldap1] user ana authorized to use remote access [ldap1] ldap_release_conn: Release Id: 0 ++++[ldap1] returns ok ... rlm_perl: Added pair User-Name = a...@unex.es rlm_perl: Added pair User-Password = 1111 rlm_perl: Added pair Intentos-Reject = 0 rlm_perl: Added pair SQL-User-Name = ana rlm_perl: Added pair Realm = unex.es rlm_perl: Added pair Stripped-User-Name = ana rlm_perl: Added pair Calling-Station-Id = ... rlm_perl: Added pair Nombre-Completo = Ana Gallardo rlm_perl: Added pair Relaciones = 03 rlm_perl: Added pair Relaciones = Ana Gallardo rlm_perl: Added pair NT-Password = 0x344... rlm_perl: Added pair Simultaneous-Use = 1 rlm_perl: Added pair Ldap-UserDn = ... ++[perl] returns ok ... ++[pap] returns ok ... } # server rinuex Sending Access-Accept of id 100 to x.x.x.x port 56822 Nombre-Completo = "Ana Gallardo" Relaciones += "03" Relaciones += "Ana Gallardo" Any ideas?? Sorry for my english and thank you in advance. ____________________ Ana Gallardo Gómez ____________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html