perl_rlm and differences FR 1 and 2
Thanks to some handy hints in here, I've had some success with rlm_perl. But
(and there is always a but)
I've been happily developing against 2.x but have just discovered I need to
actually use 1.x because of RHEL. The rlm_perl link of both version 1 and
version 2 points to the same documentation page, so I made the assumption that
although theres much different under the covers of FR, by the time you get to
perl its all hidden, and I could just take a perl script that works on V2 and
run it on V1.
But it doesn't. There seems to be different handling of the module return
values, and of $RAD_CHECK{'Response-Packet-Type'} = "Access-Challenge". FR V1
seems quite unkeen to send out responses.
So, and finally the question; Are there supposed to be differences in behaviour
for rlm_perl between V1 and V2?
Thanks, Davey.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE: Davey Jones
A product of being called David Jones; I normally get the locker jokes first :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[no subject]
Hello, from first time poster. Is there anyone on the list who has an actual working example of two factor authentication coded in perl using rlm_perl they would be willing to share? There are a number of incomplete examples, and a some hints as to errors in them, and I've taken all this on board and as a result can pass the challenge response back to the NAS. What I'm having difficulty with is keeping state, so I can determine if an Authorize request is the first hit (real password) or the second (the second factor). Thanks. Davey Jones. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: No response from Radius server
You need to check to make sure that your Windows box is listed in your clients.conf. It has to be listed in there with a secret before the radius server will even start to authenticate requests from it. Take a look at this site and it should help you out a bit… http://www.frontios.com/freeradius.html David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shawn Xu Sent: Friday, April 22, 2005 7:04 AM To: freeradius-users@lists.freeradius.org Cc: [EMAIL PROTECTED] Subject: RE: No response from Radius server When I ran radiusd -X, I still got no response from server (time out) on Windows machine, but what I can see on the Radius machine is : Ignoring request from unknown client 192.168.107.115:2043 --Walking the entire request list-- Nothing to do. Sleeping until we see a request. rad-recv: Access-Request packet from host 192.168.107.115:2443, id=2, length=44 At least, I can see the Windows is talking with the Radius. Further assistance will be appreciated. Shawn David Jones <[EMAIL PROTECTED]> wrote: Start radiusd like this radiusd X and you should see it read the config files and it will run in the foreground. The X is extended debug mode. Equivalent to -sfxx. This should let you see where the failure is occurring. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shawn Xu Sent: Thursday, April 21, 2005 2:02 PM To: freeradius-users@lists.freeradius.org Subject: No response from Radius server I installed Freeradius server on FreeBSD. The installation went well, but I tried to test it, I got no response from Radius server. After I ran radiusd, I got "The Apr 21 14:29:23 2005: Info: Starting-reading configuration files... ", then back to radius# If I ran ps, it seems Radius is not running, because it doesn't show Radiusd. If I ran ps -aux | grep radiusd, it shows root 798 0.0 0.7 4764 3368 ?? ss 2:29pm 0:00:00 radiusd If I tested on another Windows machine with NTRadPing Test Utility, I got no response from server. Any help will be appreciated. Shawn Post your free ad now! Yahoo! Canada Personals Post your free ad now! Yahoo! Canada Personals
RE: No response from Radius server
Start radiusd like this radiusd –X and you should see it read the config files and it will run in the foreground. The –X is extended debug mode. Equivalent to -sfxx. This should let you see where the failure is occurring. David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shawn Xu Sent: Thursday, April 21, 2005 2:02 PM To: freeradius-users@lists.freeradius.org Subject: No response from Radius server I installed Freeradius server on FreeBSD. The installation went well, but I tried to test it, I got no response from Radius server. After I ran radiusd, I got "The Apr 21 14:29:23 2005: Info: Starting-reading configuration files... ", then back to radius# If I ran ps, it seems Radius is not running, because it doesn't show Radiusd. If I ran ps -aux | grep radiusd, it shows root 798 0.0 0.7 4764 3368 ?? ss 2:29pm 0:00:00 radiusd If I tested on another Windows machine with NTRadPing Test Utility, I got no response from server. Any help will be appreciated. Shawn Post your free ad now! Yahoo! Canada Personals
Radrelay stops sending data
Good day all, I fired up radrelay yesterday morning and it begin to send accounting data to by usage accounting server like it but for some reason there is no more data being passed from my FR 1.0.1 server. Radrelay has ran the entire time and my FR server is still righting to my detail-combined file but no data passes. Both servers are on the same box so I run radrelay like so… /usr/local/bin/radrelay -a /var/log/radius/radacct/ -d /etc/raddb -S /etc/raddb/relayserv -r localhost:1646 detail-combined I have a cronjob to check to see if radrelay is running every hour and if not restart it, so far it has never failed. Both radius server are alive an well so I am at a loss. Since I am new to radrelay any hints or gotchas would be greatly appreciated. Thanks, David
RE: Radrelay error
Thanks for the help! Once I created the file and just add the secret my command executed and is now populating my secondary accounting server with data. The key for me was finding out that I need the file with the secret in it instead of trying to pull it from a clients.conf file on either server. I wish the docs has spoke more to this instead of implying that you could just pull it from the clients file. Maybe I am just too thick headed and read a little too deeply. Thanks Kevin David --- On Monday 18 April 2005 16:35, David Jones wrote: > So I end up with a command looking like this.. > /usr/local/bin/radrelay -a /var/log/radius/raddact -d /etc/raddb/ \ -S > /path/to/clients.conf -r localhost:1646 detail combined > > And I get. Secret in /path/toMerit/clients is to short. David, The file holding the secret for radrelay to use must only have that secret in it. Something like this... /usr/bin/radrelay -a /var/log/radius/radacct -d /etc/raddb -S /etc/raddb/secret.localhost -r localhost:1646 detail /etc/raddb/secret.localhost: testing123 Kevin Bonner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radrelay error
Hello everyone, I am having an issue with radrelay and wanted to run it through the list. I have googled the list but not found anything with an error like this. First off I would like to go over what I am trying to do on the box to see if I am close on this one. I have FreeRadius 1.0.1 Running on a server “ports 1812-13” that has a second radius daemon “Merit radius ports 1645-46” running on it for the sole purpose of receiving accounting data for my billing application that also runs on the same box. I could tell all of my NAS gear to send accounting to the second daemon running on 1646 but I want to get all of the auth and accounting data into Freeradius so I can use Dialup Admin. What I want to do is run radrelay to send the accounting data from the Freeradius daemon to the Merit daemon but I keep getting a secret too short error. I declare the base freeradius accounting directory with the –a and my base freeradius config directory with the –d, I then issue a –S to read the secret from the clients file. So I end up with a command looking like this…. /usr/local/bin/radrelay -a /var/log/radius/raddact -d /etc/raddb/ \ -S /path/to/clients.conf –r localhost:1646 detail combined And I get… Secret in /path/toMerit/clients is to short. Any Ideas? I was unaware of any length requirement. Thanks, David
