Re: rlm_perl and dynamic_clients
Steven Eksteen wrote: > Sorry. I wasn't paying attention and resent the initial question mail > by accident instead of the following: > > I followed your instructions and the Packet-Src-IP-Address came > through into the Perl script, thank you. I did however use > Packet-Src-IP-Address-0 instead of Tmp-IP-Address-0 for ease of > understanding, for anyone else looking at the script. I hope this is > not what's affecting the operation. If you've added it as an attribute, as documented in the raddb/dictionary. > I also did try to use "directory = ${confdir}/dynamic-clients/" in the > virtual server in case the failure might have been coming from > somewhere not shown in the output, like the SQL module maybe That doesn't work. You can't just add random things in random places and expect them to do something. > server dynamic_client_server { Did you look at the example file in raddb/sites-available? It contains *extensive* documentation and examples. > rlm_perl: RAD_REPLY: FreeRADIUS-Client-Shortname = Internal You didn't read the documentation. Go do that. This is WELL DOCUMENTED. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and dynamic_clients
Sorry. I wasn't paying attention and resent the initial question mail by accident instead of the following: I followed your instructions and the Packet-Src-IP-Address came through into the Perl script, thank you. I did however use Packet-Src-IP-Address-0 instead of Tmp-IP-Address-0 for ease of understanding, for anyone else looking at the script. I hope this is not what's affecting the operation. I hope the output below is enough information your you to see how I am adding to RAD_REPLY. I am returning RLM_MODULE_OK at the end of the script. I did try to use RLM_MODULE_UPDATED but that returned a result as if I was returning RLM_MODULE_FAIL, module failure. I also did try to use "directory = ${confdir}/dynamic-clients/" in the virtual server in case the failure might have been coming from somewhere not shown in the output, like the SQL module maybe --- client dynamic { ipaddr = 0.0.0.0 netmask = 0 dynamic_clients = dynamic_client_server lifetime = 3600 } server dynamic_client_server { authorize { update request { Packet-Src-IP-Address-0 := "%{Packet-Src-IP-Address}" } dynamic-clients-pl } } --- rad_recv: Access-Request packet from host 192.168.0.200 port 58738, id=36, length=212 server dynamic_client_server { rlm_perl: RAD_REQUEST: Packet-Src-IP-Address-0 = 192.168.0.200 rlm_perl: RAD_REPLY: FreeRADIUS-Client-Shortname = Internal rlm_perl: RAD_REPLY: FreeRADIUS-Client-Secret = 123456 rlm_perl: RAD_REPLY: FreeRADIUS-Client-NAS-Type = other rlm_perl: RAD_REPLY: FreeRADIUS-Client-IP-Address = 192.168.0.200 rlm_perl: Added pair Packet-Src-IP-Address-0 = 192.168.0.200 rlm_perl: Added pair FreeRADIUS-Client-Shortname = Internal rlm_perl: Added pair FreeRADIUS-Client-Secret = 123456 rlm_perl: Added pair FreeRADIUS-Client-NAS-Type = other rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 192.168.0.200 } # server dynamic_client_server - Cannot add client 192.168.0.200: Required attribute "FreeRADIUS-Client-Secret" is missing. Ignoring request to authentication address * port 1812 as server r9 from unknown client 192.168.0.200 port 58738 On Fri, Aug 31, 2012 at 8:52 AM, Steven Eksteen wrote: > > I am pretty sure I might be missing something here, or having a giant blonde > moment. I followed your instructions and the Packet-Src-IP-Address came > through into the Perl script, thank you. I did however use > Packet-Src-IP-Address-0 instead of Tmp-IP-Address-0 for ease of > understanding. I hope this is not what's affecting the operation. > > I hope the output below is enough information your you to see how I am > adding to RAD_REPLY. I am returning RLM_MODULE_OK at the end of the script. > I did try to use RLM_MODULE_UPDATED but that returned a result as if I was > returning RLM_MODULE_FAIL, module failure. > > I also did try to use "directory = ${confdir}/dynamic-clients/" in the > virtual server in case the failure might have been coming from somewhere not > shown in the output, like the SQL module > > --- > > client dynamic { > ipaddr = 0.0.0.0 > netmask = 0 > dynamic_clients = dynamic_client_server > lifetime = 3600 > } > > server dynamic_client_server { > authorize { > update request { > Packet-Src-IP-Address-0 := > "%{Packet-Src-IP-Address}" > } > dynamic-clients-pl > } > } > > --- > > rad_recv: Access-Request packet from host 192.168.0.200 port 58738, id=36, > length=212 > server dynamic_client_server { > rlm_perl: RAD_REQUEST: Packet-Src-IP-Address-0 = 192.168.0.200 > rlm_perl: RAD_REPLY: FreeRADIUS-Client-Shortname = Internal > rlm_perl: RAD_REPLY: FreeRADIUS-Client-Secret = 123456 > rlm_perl: RAD_REPLY: FreeRADIUS-Client-NAS-Type = other > rlm_perl: RAD_REPLY: FreeRADIUS-Client-IP-Address = 192.168.0.200 > rlm_perl: Added pair Packet-Src-IP-Address-0 = 192.168.0.200 > rlm_perl: Added pair FreeRADIUS-Client-Shortname = Internal > rlm_perl: Added pair FreeRADIUS-Client-Secret = 123456 > rlm_perl: Added pair FreeRADIUS-Client-NAS-Type = other > rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 192.168.0.200 > } # server dynamic_client_server > - Cannot add client 192.168.0.200: Required attribute > "FreeRADIUS-Client-Secret" is missing. > Ignoring request to authentication address * port 1812 as server r9 from > unknown client 192.168.0.200 port 58738 > Ready to process requests. > > --- > > > On Tue, Aug 28, 2012 at 4:21 PM, Steven Eksteen wrote: >> >> Thank you. Much appreciated >> >> >> On Tue, Aug 28, 2012 at 4:14 PM, Alan DeKok >> wrote: >> > Steven Eksteen wrote: >> >> I was wondering how would I use "Packet-Src-IP-Address" using Perl for >> >> Dynamic Clients. I thought it might be part of the RAD_REQUEST hash. >> > >> > It's not, but you can do: >> > >> > server dynamic_client_server { >> > authorize { >> > update request { >> >
Re: rlm_perl and dynamic_clients
Steven Eksteen wrote: > I was wondering how would I use "Packet-Src-IP-Address" using Perl for > Dynamic Clients. I'm wondering why you didn't read my previous message. You knowm the one you replied to, and quoted verbatim? The one that had the answer to your questions? > I thought it might be part of the RAD_REQUEST hash. I have no idea why. You were told it wasn't. What part of my message didn't you understand? Or did you simply not read it? > If some direction could be made as to setting > "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I > would be very grateful. Do you understand what a RADIUS secret is? > I already have Perl working for the normal AAA > functions. This just doesn't appear to work the same way. I am not a > Perl developer in the slightest so apologies in advance if this is a > monumentally stupid question. If you're going to ask questions on this list, it helps to read the answers. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and dynamic_clients
Hi, I was wondering how would I use "Packet-Src-IP-Address" using Perl for Dynamic Clients. I thought it might be part of the RAD_REQUEST hash. If some direction could be made as to setting "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I would be very grateful. I already have Perl working for the normal AAA functions. This just doesn't appear to work the same way. I am not a Perl developer in the slightest so apologies in advance if this is a monumentally stupid question. Thank you --- FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu --- client dynamic { ipaddr = 0.0.0.0 netmask = 0 dynamic_clients = dynamic_client_server lifetime = 3600 } server dynamic_client_server { authorize { dynamic-clients-pl } } --- use strict; use Data::Dumper; use vars qw(%RAD_REQUEST); use constant RLM_MODULE_REJECT => 0; use constant RLM_MODULE_FAIL => 1; use constant RLM_MODULE_OK => 2; use constant RLM_MODULE_HANDLED => 3; use constant RLM_MODULE_INVALID => 4; use constant RLM_MODULE_USERLOCK => 5; use constant RLM_MODULE_NOTFOUND => 6; use constant RLM_MODULE_NOOP => 7; use constant RLM_MODULE_UPDATED => 8; use constant RLM_MODULE_NUMCODES => 9; sub authorize { &log_request_attributes; return RLM_MODULE_FAIL; } sub log_request_attributes { for (keys %RAD_REQUEST) { &radiusd::radlog(1, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}"); } } --- rad_recv: Access-Request packet from host 41.132.69.140 port 51951, id=31, length=212 server dynamic_client_server { } # server dynamic_client_server Ignoring request to authentication address * port 1812 as server r9 from unknown client 41.132.69.140 port 51951 Ready to process requests. --- On Tue, Aug 28, 2012 at 4:21 PM, Steven Eksteen wrote: > Thank you. Much appreciated > > > On Tue, Aug 28, 2012 at 4:14 PM, Alan DeKok > wrote: > > Steven Eksteen wrote: > >> I was wondering how would I use "Packet-Src-IP-Address" using Perl for > >> Dynamic Clients. I thought it might be part of the RAD_REQUEST hash. > > > > It's not, but you can do: > > > > server dynamic_client_server { > > authorize { > > update request { > > Tmp-IP-Address-0 := "%{Packet-Src-IP-Address}" > > } > > > > dynamic-clients-pl > > } > > } > > > > > > And then use the Tmp-IP-Address-0 in the Perl code. > > > >> If some direction could be made as to setting > >> "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I > >> would be very grateful. > > > > You just set them in the RAD_REPLY hash. > > > >> I already have Perl working for the normal AAA > >> functions. This just doesn't appear to work the same way. I am not a > >> Perl developer in the slightest so apologies in advance if this is a > >> monumentally stupid question. > > > > Nope. It's a complicated system. > > > > Alan DeKok. > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and dynamic_clients
Thank you. Much appreciated On Tue, Aug 28, 2012 at 4:14 PM, Alan DeKok wrote: > Steven Eksteen wrote: >> I was wondering how would I use "Packet-Src-IP-Address" using Perl for >> Dynamic Clients. I thought it might be part of the RAD_REQUEST hash. > > It's not, but you can do: > > server dynamic_client_server { > authorize { > update request { > Tmp-IP-Address-0 := "%{Packet-Src-IP-Address}" > } > > dynamic-clients-pl > } > } > > > And then use the Tmp-IP-Address-0 in the Perl code. > >> If some direction could be made as to setting >> "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I >> would be very grateful. > > You just set them in the RAD_REPLY hash. > >> I already have Perl working for the normal AAA >> functions. This just doesn't appear to work the same way. I am not a >> Perl developer in the slightest so apologies in advance if this is a >> monumentally stupid question. > > Nope. It's a complicated system. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and dynamic_clients
Steven Eksteen wrote: > I was wondering how would I use "Packet-Src-IP-Address" using Perl for > Dynamic Clients. I thought it might be part of the RAD_REQUEST hash. It's not, but you can do: server dynamic_client_server { authorize { update request { Tmp-IP-Address-0 := "%{Packet-Src-IP-Address}" } dynamic-clients-pl } } And then use the Tmp-IP-Address-0 in the Perl code. > If some direction could be made as to setting > "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I > would be very grateful. You just set them in the RAD_REPLY hash. > I already have Perl working for the normal AAA > functions. This just doesn't appear to work the same way. I am not a > Perl developer in the slightest so apologies in advance if this is a > monumentally stupid question. Nope. It's a complicated system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl and dynamic_clients
Hi, I was wondering how would I use "Packet-Src-IP-Address" using Perl for Dynamic Clients. I thought it might be part of the RAD_REQUEST hash. If some direction could be made as to setting "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I would be very grateful. I already have Perl working for the normal AAA functions. This just doesn't appear to work the same way. I am not a Perl developer in the slightest so apologies in advance if this is a monumentally stupid question. Thank you --- FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu --- client dynamic { ipaddr = 0.0.0.0 netmask = 0 dynamic_clients = dynamic_client_server lifetime = 3600 } server dynamic_client_server { authorize { dynamic-clients-pl } } --- use strict; use Data::Dumper; use vars qw(%RAD_REQUEST); use constant RLM_MODULE_REJECT => 0; use constant RLM_MODULE_FAIL => 1; use constant RLM_MODULE_OK => 2; use constant RLM_MODULE_HANDLED => 3; use constant RLM_MODULE_INVALID => 4; use constant RLM_MODULE_USERLOCK => 5; use constant RLM_MODULE_NOTFOUND => 6; use constant RLM_MODULE_NOOP => 7; use constant RLM_MODULE_UPDATED => 8; use constant RLM_MODULE_NUMCODES => 9; sub authorize { &log_request_attributes; return RLM_MODULE_FAIL; } sub log_request_attributes { for (keys %RAD_REQUEST) { &radiusd::radlog(1, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}"); } } --- rad_recv: Access-Request packet from host 41.132.69.140 port 51951, id=31, length=212 server dynamic_client_server { } # server dynamic_client_server Ignoring request to authentication address * port 1812 as server r9 from unknown client 41.132.69.140 port 51951 Ready to process requests. --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html