Re: rlm_perl and dynamic_clients
Steven Eksteen wrote:
> Sorry. I wasn't paying attention and resent the initial question mail
> by accident instead of the following:
>
> I followed your instructions and the Packet-Src-IP-Address came
> through into the Perl script, thank you. I did however use
> Packet-Src-IP-Address-0 instead of Tmp-IP-Address-0 for ease of
> understanding, for anyone else looking at the script. I hope this is
> not what's affecting the operation.
If you've added it as an attribute, as documented in the raddb/dictionary.
> I also did try to use "directory = ${confdir}/dynamic-clients/" in the
> virtual server in case the failure might have been coming from
> somewhere not shown in the output, like the SQL module maybe
That doesn't work. You can't just add random things in random places
and expect them to do something.
> server dynamic_client_server {
Did you look at the example file in raddb/sites-available? It
contains *extensive* documentation and examples.
> rlm_perl: RAD_REPLY: FreeRADIUS-Client-Shortname = Internal
You didn't read the documentation. Go do that.
This is WELL DOCUMENTED.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and dynamic_clients
Sorry. I wasn't paying attention and resent the initial question mail
by accident instead of the following:
I followed your instructions and the Packet-Src-IP-Address came
through into the Perl script, thank you. I did however use
Packet-Src-IP-Address-0 instead of Tmp-IP-Address-0 for ease of
understanding, for anyone else looking at the script. I hope this is
not what's affecting the operation.
I hope the output below is enough information your you to see how I am
adding to RAD_REPLY. I am returning RLM_MODULE_OK at the end of the
script. I did try to use RLM_MODULE_UPDATED but that returned a result
as if I was returning RLM_MODULE_FAIL, module failure.
I also did try to use "directory = ${confdir}/dynamic-clients/" in the
virtual server in case the failure might have been coming from
somewhere not shown in the output, like the SQL module maybe
---
client dynamic {
ipaddr = 0.0.0.0
netmask = 0
dynamic_clients = dynamic_client_server
lifetime = 3600
}
server dynamic_client_server {
authorize {
update request {
Packet-Src-IP-Address-0 := "%{Packet-Src-IP-Address}"
}
dynamic-clients-pl
}
}
---
rad_recv: Access-Request packet from host 192.168.0.200 port 58738,
id=36, length=212
server dynamic_client_server {
rlm_perl: RAD_REQUEST: Packet-Src-IP-Address-0 = 192.168.0.200
rlm_perl: RAD_REPLY: FreeRADIUS-Client-Shortname = Internal
rlm_perl: RAD_REPLY: FreeRADIUS-Client-Secret = 123456
rlm_perl: RAD_REPLY: FreeRADIUS-Client-NAS-Type = other
rlm_perl: RAD_REPLY: FreeRADIUS-Client-IP-Address = 192.168.0.200
rlm_perl: Added pair Packet-Src-IP-Address-0 = 192.168.0.200
rlm_perl: Added pair FreeRADIUS-Client-Shortname = Internal
rlm_perl: Added pair FreeRADIUS-Client-Secret = 123456
rlm_perl: Added pair FreeRADIUS-Client-NAS-Type = other
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 192.168.0.200
} # server dynamic_client_server
- Cannot add client 192.168.0.200: Required attribute
"FreeRADIUS-Client-Secret" is missing.
Ignoring request to authentication address * port 1812 as server r9
from unknown client 192.168.0.200 port 58738
On Fri, Aug 31, 2012 at 8:52 AM, Steven Eksteen wrote:
>
> I am pretty sure I might be missing something here, or having a giant blonde
> moment. I followed your instructions and the Packet-Src-IP-Address came
> through into the Perl script, thank you. I did however use
> Packet-Src-IP-Address-0 instead of Tmp-IP-Address-0 for ease of
> understanding. I hope this is not what's affecting the operation.
>
> I hope the output below is enough information your you to see how I am
> adding to RAD_REPLY. I am returning RLM_MODULE_OK at the end of the script.
> I did try to use RLM_MODULE_UPDATED but that returned a result as if I was
> returning RLM_MODULE_FAIL, module failure.
>
> I also did try to use "directory = ${confdir}/dynamic-clients/" in the
> virtual server in case the failure might have been coming from somewhere not
> shown in the output, like the SQL module
>
> ---
>
> client dynamic {
> ipaddr = 0.0.0.0
> netmask = 0
> dynamic_clients = dynamic_client_server
> lifetime = 3600
> }
>
> server dynamic_client_server {
> authorize {
> update request {
> Packet-Src-IP-Address-0 :=
> "%{Packet-Src-IP-Address}"
> }
> dynamic-clients-pl
> }
> }
>
> ---
>
> rad_recv: Access-Request packet from host 192.168.0.200 port 58738, id=36,
> length=212
> server dynamic_client_server {
> rlm_perl: RAD_REQUEST: Packet-Src-IP-Address-0 = 192.168.0.200
> rlm_perl: RAD_REPLY: FreeRADIUS-Client-Shortname = Internal
> rlm_perl: RAD_REPLY: FreeRADIUS-Client-Secret = 123456
> rlm_perl: RAD_REPLY: FreeRADIUS-Client-NAS-Type = other
> rlm_perl: RAD_REPLY: FreeRADIUS-Client-IP-Address = 192.168.0.200
> rlm_perl: Added pair Packet-Src-IP-Address-0 = 192.168.0.200
> rlm_perl: Added pair FreeRADIUS-Client-Shortname = Internal
> rlm_perl: Added pair FreeRADIUS-Client-Secret = 123456
> rlm_perl: Added pair FreeRADIUS-Client-NAS-Type = other
> rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 192.168.0.200
> } # server dynamic_client_server
> - Cannot add client 192.168.0.200: Required attribute
> "FreeRADIUS-Client-Secret" is missing.
> Ignoring request to authentication address * port 1812 as server r9 from
> unknown client 192.168.0.200 port 58738
> Ready to process requests.
>
> ---
>
>
> On Tue, Aug 28, 2012 at 4:21 PM, Steven Eksteen wrote:
>>
>> Thank you. Much appreciated
>>
>>
>> On Tue, Aug 28, 2012 at 4:14 PM, Alan DeKok
>> wrote:
>> > Steven Eksteen wrote:
>> >> I was wondering how would I use "Packet-Src-IP-Address" using Perl for
>> >> Dynamic Clients. I thought it might be part of the RAD_REQUEST hash.
>> >
>> > It's not, but you can do:
>> >
>> > server dynamic_client_server {
>> > authorize {
>> > update request {
>> >
Re: rlm_perl and dynamic_clients
Steven Eksteen wrote: > I was wondering how would I use "Packet-Src-IP-Address" using Perl for > Dynamic Clients. I'm wondering why you didn't read my previous message. You knowm the one you replied to, and quoted verbatim? The one that had the answer to your questions? > I thought it might be part of the RAD_REQUEST hash. I have no idea why. You were told it wasn't. What part of my message didn't you understand? Or did you simply not read it? > If some direction could be made as to setting > "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I > would be very grateful. Do you understand what a RADIUS secret is? > I already have Perl working for the normal AAA > functions. This just doesn't appear to work the same way. I am not a > Perl developer in the slightest so apologies in advance if this is a > monumentally stupid question. If you're going to ask questions on this list, it helps to read the answers. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and dynamic_clients
Hi,
I was wondering how would I use "Packet-Src-IP-Address" using Perl for
Dynamic Clients. I thought it might be part of the RAD_REQUEST hash.
If some direction could be made as to setting
"FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I
would be very grateful. I already have Perl working for the normal AAA
functions. This just doesn't appear to work the same way. I am not a
Perl developer in the slightest so apologies in advance if this is a
monumentally stupid question.
Thank you
---
FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu
---
client dynamic {
ipaddr = 0.0.0.0
netmask = 0
dynamic_clients = dynamic_client_server
lifetime = 3600
}
server dynamic_client_server {
authorize {
dynamic-clients-pl
}
}
---
use strict;
use Data::Dumper;
use vars qw(%RAD_REQUEST);
use constant RLM_MODULE_REJECT => 0;
use constant RLM_MODULE_FAIL => 1;
use constant RLM_MODULE_OK => 2;
use constant RLM_MODULE_HANDLED => 3;
use constant RLM_MODULE_INVALID => 4;
use constant RLM_MODULE_USERLOCK => 5;
use constant RLM_MODULE_NOTFOUND => 6;
use constant RLM_MODULE_NOOP => 7;
use constant RLM_MODULE_UPDATED => 8;
use constant RLM_MODULE_NUMCODES => 9;
sub authorize {
&log_request_attributes;
return RLM_MODULE_FAIL;
}
sub log_request_attributes {
for (keys %RAD_REQUEST) {
&radiusd::radlog(1, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}");
}
}
---
rad_recv: Access-Request packet from host 41.132.69.140 port 51951,
id=31, length=212
server dynamic_client_server {
} # server dynamic_client_server
Ignoring request to authentication address * port 1812 as server r9
from unknown client 41.132.69.140 port 51951
Ready to process requests.
---
On Tue, Aug 28, 2012 at 4:21 PM, Steven Eksteen wrote:
> Thank you. Much appreciated
>
>
> On Tue, Aug 28, 2012 at 4:14 PM, Alan DeKok
> wrote:
> > Steven Eksteen wrote:
> >> I was wondering how would I use "Packet-Src-IP-Address" using Perl for
> >> Dynamic Clients. I thought it might be part of the RAD_REQUEST hash.
> >
> > It's not, but you can do:
> >
> > server dynamic_client_server {
> > authorize {
> > update request {
> > Tmp-IP-Address-0 := "%{Packet-Src-IP-Address}"
> > }
> >
> > dynamic-clients-pl
> > }
> > }
> >
> >
> > And then use the Tmp-IP-Address-0 in the Perl code.
> >
> >> If some direction could be made as to setting
> >> "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I
> >> would be very grateful.
> >
> > You just set them in the RAD_REPLY hash.
> >
> >> I already have Perl working for the normal AAA
> >> functions. This just doesn't appear to work the same way. I am not a
> >> Perl developer in the slightest so apologies in advance if this is a
> >> monumentally stupid question.
> >
> > Nope. It's a complicated system.
> >
> > Alan DeKok.
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and dynamic_clients
Thank you. Much appreciated
On Tue, Aug 28, 2012 at 4:14 PM, Alan DeKok wrote:
> Steven Eksteen wrote:
>> I was wondering how would I use "Packet-Src-IP-Address" using Perl for
>> Dynamic Clients. I thought it might be part of the RAD_REQUEST hash.
>
> It's not, but you can do:
>
> server dynamic_client_server {
> authorize {
> update request {
> Tmp-IP-Address-0 := "%{Packet-Src-IP-Address}"
> }
>
> dynamic-clients-pl
> }
> }
>
>
> And then use the Tmp-IP-Address-0 in the Perl code.
>
>> If some direction could be made as to setting
>> "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I
>> would be very grateful.
>
> You just set them in the RAD_REPLY hash.
>
>> I already have Perl working for the normal AAA
>> functions. This just doesn't appear to work the same way. I am not a
>> Perl developer in the slightest so apologies in advance if this is a
>> monumentally stupid question.
>
> Nope. It's a complicated system.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and dynamic_clients
Steven Eksteen wrote:
> I was wondering how would I use "Packet-Src-IP-Address" using Perl for
> Dynamic Clients. I thought it might be part of the RAD_REQUEST hash.
It's not, but you can do:
server dynamic_client_server {
authorize {
update request {
Tmp-IP-Address-0 := "%{Packet-Src-IP-Address}"
}
dynamic-clients-pl
}
}
And then use the Tmp-IP-Address-0 in the Perl code.
> If some direction could be made as to setting
> "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I
> would be very grateful.
You just set them in the RAD_REPLY hash.
> I already have Perl working for the normal AAA
> functions. This just doesn't appear to work the same way. I am not a
> Perl developer in the slightest so apologies in advance if this is a
> monumentally stupid question.
Nope. It's a complicated system.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl and dynamic_clients
Hi,
I was wondering how would I use "Packet-Src-IP-Address" using Perl for
Dynamic Clients. I thought it might be part of the RAD_REQUEST hash.
If some direction could be made as to setting
"FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I
would be very grateful. I already have Perl working for the normal AAA
functions. This just doesn't appear to work the same way. I am not a
Perl developer in the slightest so apologies in advance if this is a
monumentally stupid question.
Thank you
---
FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu
---
client dynamic {
ipaddr = 0.0.0.0
netmask = 0
dynamic_clients = dynamic_client_server
lifetime = 3600
}
server dynamic_client_server {
authorize {
dynamic-clients-pl
}
}
---
use strict;
use Data::Dumper;
use vars qw(%RAD_REQUEST);
use constant RLM_MODULE_REJECT => 0;
use constant RLM_MODULE_FAIL => 1;
use constant RLM_MODULE_OK => 2;
use constant RLM_MODULE_HANDLED => 3;
use constant RLM_MODULE_INVALID => 4;
use constant RLM_MODULE_USERLOCK => 5;
use constant RLM_MODULE_NOTFOUND => 6;
use constant RLM_MODULE_NOOP => 7;
use constant RLM_MODULE_UPDATED => 8;
use constant RLM_MODULE_NUMCODES => 9;
sub authorize {
&log_request_attributes;
return RLM_MODULE_FAIL;
}
sub log_request_attributes {
for (keys %RAD_REQUEST) {
&radiusd::radlog(1, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}");
}
}
---
rad_recv: Access-Request packet from host 41.132.69.140 port 51951,
id=31, length=212
server dynamic_client_server {
} # server dynamic_client_server
Ignoring request to authentication address * port 1812 as server r9
from unknown client 41.132.69.140 port 51951
Ready to process requests.
---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
