RE: Difficulties with rlm_perl specifically sending mail
Dear List Finally(!) got to the bottom this... The RHEL server of interest is actually a RHEL SELinux server, and SELinux enforced that a process owned by the user radiusd should not be accessing a remote port 25. Cure was a local policy override, and for those who know as much SELinux as I do, the instructions for this (actually really easy) procedure can be found in the manpage for audit2allow. Can I just say: rlm_perl rocks. Cheers, David. -Original Message- From: freeradius-users-bounces+david.buckley=canterbury.ac...@lists.freeradius.org [mailto:freeradius-users-bounces+david.buckley=canterbury.ac...@lists.freeradius.org] On Behalf Of Nicolas Goutte Sent: Tuesday, 2 February 2010 10:19 p.m. To: FreeRadius users mailing list Subject: Re: Difficulties with rlm_perl specifically sending mail Am 02.02.2010 um 00:12 schrieb David Buckley: Greetings from New Zealand I have a two factor auth system built using rlm_perl, which is all working fine but for one problem. I have a function that sends emails for sending one-time passwords via SMS which works perfectly when FR is run as radiusd -X, but doesn't work when FR started as a service. This FR 2.1.7 RPM installation on RHEL modern and patched. When run as a service RHEL runs radiusd as user and group radiusd. Just an idea: sending emails often means starting the program sendmail. Perhaps radiusd started as service has no $PATH and therefore cannot find sendmail. [...] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This email may be confidential and subject to legal privilege, it may not reflect the views of the University of Canterbury, and it is not guaranteed to be virus free. If you are not an intended recipient, please notify the sender immediately and erase all copies of the message and any attachments. Please refer to http://www.canterbury.ac.nz/emaildisclaimer for more information. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Difficulties with rlm_perl specifically sending mail
Am 02.02.2010 um 00:12 schrieb David Buckley: Greetings from New Zealand I have a two factor auth system built using rlm_perl, which is all working fine but for one problem. I have a function that sends emails for sending one-time passwords via SMS which works perfectly when FR is run as radiusd -X, but doesn't work when FR started as a service. This FR 2.1.7 RPM installation on RHEL modern and patched. When run as a service RHEL runs radiusd as user and group radiusd. Just an idea: sending emails often means starting the program sendmail. Perhaps radiusd started as service has no $PATH and therefore cannot find sendmail. [...] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Difficulties with rlm_perl specifically sending mail
Greetings from New Zealand
I have a two factor auth system built using rlm_perl, which is all
working fine but for one problem.
I have a function that sends emails for sending one-time passwords via
SMS which works perfectly when FR is run as radiusd -X, but doesn't work
when FR started as a service. This FR 2.1.7 RPM installation on RHEL
modern and patched. When run as a service RHEL runs radiusd as user and
group radiusd.
Suspecting this might be a user permissions related issue, I whipped the
code out into a standalone test script, and it still works fine when run
under my normal non-priv'd account.
Since the module runs fine when run as radiusd -X, there seems little
point in including the debug output.
Here is the relevant code, which for the purposes of testing I put into
the accounting() function as its much smaller than authorize(). The
problem is that the $smtp thing never gets created when run in the
proper context; it is an undefined item and thus the code below doesn't
get invoked. The radlog debug message obviously doesn't appear either.
Prior to me inserting the test I just assumed that the $smtp thing would
be created, which lead to error messages such as Error: rlm_perl:
perl_embed:: module = /etc/raddb/otp.pl , func = authorize exit status=
Can't call method mail on an undefined value at /etc/raddb/otp.pl
line... the line being $smtp-mail($fromaddr);.
Can anyone suggest how I might get to the bottom of this frustration? I
should say at this point I'm not a perl expert!
use Net::SMTP;
sub accounting {
my $number = '*cellnumber*';
my $msg = 'hello, world!';
my $mailhost = '*deleted*';
my $fromaddr = '*deleted*';
my $toaddr = $number . '@*deleted*';
my $smtp = Net::SMTP-new($mailhost, Debug = 0, Timeout = 10);
if (defined($smtp)){
radiusd::radlog(RL_DEBUG, We've created $smtp);
$smtp-mail($fromaddr);
$smtp-recipient($toaddr);
$smtp-data();
$smtp-datasend(From: $fromaddr\n);
$smtp-datasend('To: ' . $toaddr . \n);
$smtp-datasend(Subject: . $msg . \n);
$smtp-datasend(\n);
$smtp-datasend(\n);
$smtp-dataend();
$smtp-quit;
}
return RLM_MODULE_OK
}
If there is a disclaimer below here, I apologize - the corporate gateway
installs it on outgoing mail. Its my opionion it's a waste of
bandwidth, and the (very expensive) lawyers agree with me, but they
don't see that there is any harm in having it, so its there, just in
case...
This email may be confidential and subject to legal privilege, it may
not reflect the views of the University of Canterbury, and it is not
guaranteed to be virus free. If you are not an intended recipient,
please notify the sender immediately and erase all copies of the message
and any attachments.
Please refer to http://www.canterbury.ac.nz/emaildisclaimer for more
information.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
