On 02/21/2011 01:30 AM, Rianto Wahyudi wrote: > I think I manage to create a simple wrapper for ntlm_auth. Please see below > for the code. > One problem with the script is that I don't know how to exit properly. > > If I don't use exit $auth, the authentication process seems to stall. > If I use exit $auth, authentication process works but it creates zombie > process. > > root 20430 0.0 1.2 19368 13224 ? Ss 10:03 0:00 > /usr/bin/perl /usr/bin/radiusd -config_file /etc/radiator/radius.cfg -daemon > root 20528 0.0 0.0 0 0 ? Z 10:06 0:00 \_ > [ltu_ntlm_auth] <defunct> > > Could you please let me know proper way to exit ? What value radiator expect > from running ntlm_auth?
Try not to exit. Keep your ntlm_auth wrapper running. This is how ntlm_auth behaves when it is called directly by Radiator. If it exists, then your wrapper should restart it. This is good for performance In case ntlm_auth exits, you should make arrangements to catch SIGCHLD to prevent zome processes. See http://perldoc.perl.org/perlipc.html and search for CHLD. I have not done this type of programming for a long while, but I suspect the zombie results from your script not being able to exit since it has not wait()ed or otherwise handled the termination of ntlm_auth it calls. If the authentication still seems to stall, you should check how to flush the socket so that the output from your script does not get buffered but is delivered completely to Radiator. I'm not completely sure, but stalling sounds like a buffer related problem. > #!/usr/bin/perl > > use FileHandle; > use IPC::Open2; > use MIME::Base64; > use strict; > my @input = @ARGV; > my $auth; > my $line; > my $username; > > > my $pid = open2(*NTLM_OUT, *NTLM_IN, "/usr/bin/ntlm_auth @input"); > while (<STDIN>) { > $line = $_; > if ( $line =~ /^Username/) > { > #rewrite username here > $username = $line; > $username =~ s/Username\:\: //g; > $line = usermap (decode_base64($username)); > } > print NTLM_IN $line; > if ($line =~ /^\.$/) > { > while (<NTLM_OUT>) { > print $_; > last if $_ =~ /^\.$/; > if ($_ =~ /Authenticated: No/) { > $auth = 1; > } > if ($_ =~ /Authenticated: Yes/ ){ > $auth = 0; > } > } > exit $auth; > } > > } > > sub usermap > { > my $uname = $_[0]; > if ( $uname =~ /r\.wahyudi/ ) > { > $uname="rwahyudi"; > } > $uname = "Username:: ".encode_base64($uname); > return "$uname"; > } > exit $auth; > -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
