Re: rlm_perl error
"JUND, Aurélien" writes: > example.pl: > > sub authorize { > if ($RAD_REQUEST{'Service-Type'} = "Framed-User"){ This isn't a perl boolean expression... >$RAD_CHECK{'Cleartext-Password'} = "1"; >$RAD_REPLY{'Callback-Number'} = "Number"; > > return RLM_MODULE_OK } But it will always be true, so these should be evaluated anyway. However, I don't see you defining RLM_MODULE_OK anywhere which means that we either don't see the complet script or that the script will fail. Please see the example.pl script in freeradius. Adding items to these lists *does* work. Example: This script: use constantRLM_MODULE_REJECT=>0;# /* immediately reject the request */ use constantRLM_MODULE_FAIL=> 1;# /* module failed, don't reply */ use constantRLM_MODULE_OK=>2;# /* the module is OK, continue */ use constantRLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */ use constantRLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */ use constantRLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */ use constantRLM_MODULE_NOTFOUND=> 6;# /* user not found */ use constantRLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */ use constantRLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */ use constantRLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */ sub authorize { print "Here\n"; $RAD_CHECK{'Cleartext-Password'} = "foo"; return RLM_MODULE_UPDATED; } results in: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 55297, id=90, length=44 User-Name = "test" User-Password = "foo" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop GOT CLONE 1554668288 0x267ae10 Here rlm_perl: Added pair User-Name = test rlm_perl: Added pair User-Password = foo rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair Cleartext-Password = foo ++[perl] returns updated ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "foo" [pap] Using clear text password "foo" [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 90 to 127.0.0.1 port 55297 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 90 with timestamp +4 Ready to process requests. Do also note that you can add print's while debugging the script. This is very useful when trying to figure out what happens while the server run the script. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_perl error
I'd like to put a value in Cleartext-Password (for chap authentifiaction) and add a reply attribute Callback-Number. I get these data from a ldap server, my script work well to get the data but I have trouble for using them outside the script. For troubleshooting I use a simplified version with fix values, I call the perl module again for authenticate in order to see if the request is well updated: example.pl: sub authorize { if ($RAD_REQUEST{'Service-Type'} = "Framed-User"){ $RAD_CHECK{'Cleartext-Password'} = "1"; $RAD_REPLY{'Callback-Number'} = "Number"; return RLM_MODULE_OK } else {return RLM_MODULE_REJECT} } sub authenticate { if ($RAD_REQUEST{'Service-Type'} = "Framed-User"){ return RLM_MODULE_OK } else {return RLM_MODULE_REJECT} } Here is the output in freeradius log: Ready to process requests. rad_recv: Access-Request packet from host 172.16.0.11 port 60818, id=88, length=127 User-Name = "testuser" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Identifier = "203.63.154.1" NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async CHAP-Password = 0x3511b30139b6c14a8147fdfa0e39141b75 CHAP-Challenge = 0x31323334353637383930313233343536 +- entering group authorize {...} [suffix] No '@' in User-Name = "testuser", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [chap] Setting 'Auth-Type := CHAP' ++[chap] returns ok GOT CLONE 873921248 0x1d0e030 rlm_perl: Added pair NAS-Port-Type = Async rlm_perl: Added pair CHAP-Password = 0x3511b30139b6c14a8147fdfa0e39141b75 rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Calling-Station-Id = 987654321 rlm_perl: Added pair Called-Station-Id = 123456789 rlm_perl: Added pair CHAP-Challenge = 0x31323334353637383930313233343536 rlm_perl: Added pair User-Name = testuser rlm_perl: Added pair NAS-Identifier = 203.63.154.1 rlm_perl: Added pair NAS-IP-Address = 203.63.154.1 rlm_perl: Added pair NAS-Port = 1234 rlm_perl: Added pair Auth-Type = CHAP ++[perl] returns ok [attr_filter.pre-auth] expand: %{Realm} -> ++[attr_filter.pre-auth] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = CHAP +- entering group CHAP {...} rlm_perl: Added pair NAS-Port-Type = Async rlm_perl: Added pair CHAP-Password = 0x3511b30139b6c14a8147fdfa0e39141b75 rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Called-Station-Id = 123456789 rlm_perl: Added pair Calling-Station-Id = 987654321 rlm_perl: Added pair CHAP-Challenge = 0x31323334353637383930313233343536 rlm_perl: Added pair User-Name = testuser rlm_perl: Added pair NAS-Identifier = 203.63.154.1 rlm_perl: Added pair NAS-Port = 1234 rlm_perl: Added pair NAS-IP-Address = 203.63.154.1 rlm_perl: Added pair Auth-Type = CHAP ++[perl] returns ok [chap] login attempt by "testuser" with CHAP password [chap] Cleartext-Password is required for authentication ++[chap] returns invalid Failed to authenticate the user. Login incorrect (rlm_chap: Clear text password not available): [testuser/] (from client ext port 1234 cli 987654321) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> testuser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 88 to 172.16.0.11 port 60818 Waking up in 4.9 seconds. Obviously I did something wrong, but cant figure out what. Any Idea ? -Message d'origine- De : freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org [mailto:freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org] De la part de Boian Jordanov Envoyé : mercredi 25 août 2010 23:30 À : FreeRadius users mailing list Cc : Boian Jordanov Objet : Re: rlm_perl error On Aug 25, 2010, at 4:47 PM, JUND, Aurélien wrote: > I'm running freeradius-server-2.1.7. I found this information in the default > perl module configuration file. > > -- > De : freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org > [mailto:freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org] > De la part de Alan DeKok > Envoyé : mercredi 25 août 2010 14:35 > À : FreeRadius users mailing list > Objet : Re: rlm_perl error > > Bjørn Mork wrote: >> "JUND, Aurélien" writes: >> >>> 3 hashes are given to the module and fil
Re: rlm_perl error
Hi my sended mail is not delivered :( please help me 2010/8/27 Alan DeKok > JUND wrote: > > I get this error when I run freeradius using this piece of code in my > example.pl: > > > > Can't modify constant item in scalar assignment at /etc/freeradius_commu/ > example.pl line 60, near "NULL;" > > There is no such text in the example.pl file which is included with > FreeRADIUS. > > You have edited the file, and broken it. Please consult the Perl > documentation for how to write Perl scripts. This list cannot help you > learn Perl. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl error
JUND wrote: > I get this error when I run freeradius using this piece of code in my > example.pl: > > Can't modify constant item in scalar assignment at > /etc/freeradius_commu/example.pl line 60, near "NULL;" There is no such text in the example.pl file which is included with FreeRADIUS. You have edited the file, and broken it. Please consult the Perl documentation for how to write Perl scripts. This list cannot help you learn Perl. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_perl error
I get this error when I run freeradius using this piece of code in my example.pl: Can't modify constant item in scalar assignment at /etc/freeradius_commu/example.pl line 60, near "NULL;" Execution of /etc/freeradius_commu/example.pl aborted due to compilation errors. rlm_perl: perl_parse failed: /etc/freeradius_commu/example.pl not found or has syntax errors. /etc/freeradius_commu/modules/perl[7]: Instantiation failed for module "perl" /etc/freeradius_commu/sites-enabled/sfrwificommu[9]: Failed to find module "perl". /etc/freeradius_commu/sites-enabled/sfrwificommu[5]: Errors parsing authorize section. -Message d'origine- De : freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org [mailto:freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org] De la part de Bjørn Mork Envoyé : mercredi 25 août 2010 14:20 À : FreeRadius users mailing list Objet : Re: rlm_perl error "JUND, Aurélien" writes: > 3 hashes are given to the module and filled with value-pairs (Attribute > names and values): > > # %RAD_CHECK Read-only Check items > # %RAD_REQUEST Read-only Attributes from the request > # %RAD_REPLY Read-write Attributes for the reply > > Why are %RAD_CHECKand %RAD_REQUEST Read-Only? I believe this is wrong. rlm_perl copies data back from all 5 hashes (RAD_REQUEST, RAD_REPLY, RAD_CHECK, RAD_REQUEST_PROXY, RAD_REQUEST_PROXY_REPLY): if ((get_hv_content(rad_request_hv, &vp)) > 0 ) { pairfree(&request->packet->vps); request->packet->vps = vp; vp = NULL; /* * Update cached copies */ request->username = pairfind(request->packet->vps, PW_USER_NAME); request->password = pairfind(request->packet->vps, PW_USER_PASSWORD); if (!request->password) request->password = pairfind(request->packet->vps, PW_CHAP_PASSWORD); } if ((get_hv_content(rad_reply_hv, &vp)) > 0 ) { pairfree(&request->reply->vps); request->reply->vps = vp; vp = NULL; } if ((get_hv_content(rad_check_hv, &vp)) > 0 ) { pairfree(&request->config_items); request->config_items = vp; vp = NULL; } if (request->proxy && (get_hv_content(rad_request_proxy_hv, &vp) > 0)) { pairfree(&request->proxy->vps); request->proxy->vps = vp; vp = NULL; } if (request->proxy_reply && (get_hv_content(rad_request_proxy_reply_hv, &vp) > 0)) { pairfree(&request->proxy_reply->vps); request->proxy_reply->vps = vp; vp = NULL; } > I would like to add check item and modify le request. Is there a way > to make them Read-write? Try it and see if it works. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl error
On Aug 25, 2010, at 4:47 PM, JUND, Aurélien wrote: > I'm running freeradius-server-2.1.7. I found this information in the default > perl module configuration file. > > -- > De : freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org > [mailto:freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org] > De la part de Alan DeKok > Envoyé : mercredi 25 août 2010 14:35 > À : FreeRadius users mailing list > Objet : Re: rlm_perl error > > Bjørn Mork wrote: >> "JUND, Aurélien" writes: >> >>> 3 hashes are given to the module and filled with value-pairs (Attribute >>> names and values): >>> >>># %RAD_CHECK Read-only Check items >>># %RAD_REQUEST Read-only Attributes from the request >>># %RAD_REPLY Read-write Attributes for the reply modules/perl ... this have to be updated. all hashes are read-write >>> >>> Why are %RAD_CHECKand %RAD_REQUEST Read-Only? >> >> I believe this is wrong. rlm_perl copies data back from all 5 hashes >> (RAD_REQUEST, RAD_REPLY, RAD_CHECK, RAD_REQUEST_PROXY, >> RAD_REQUEST_PROXY_REPLY): > > It may be correct if he's running a very old version of the server. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_perl error
I'm running freeradius-server-2.1.7. I found this information in the default perl module configuration file. -- De : freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org [mailto:freeradius-users-bounces+aurelien.jund=sfr@lists.freeradius.org] De la part de Alan DeKok Envoyé : mercredi 25 août 2010 14:35 À : FreeRadius users mailing list Objet : Re: rlm_perl error Bjørn Mork wrote: > "JUND, Aurélien" writes: > >> 3 hashes are given to the module and filled with value-pairs (Attribute >> names and values): >> >> # %RAD_CHECK Read-only Check items >> # %RAD_REQUEST Read-only Attributes from the request >> # %RAD_REPLY Read-write Attributes for the reply >> >> Why are %RAD_CHECKand %RAD_REQUEST Read-Only? > > I believe this is wrong. rlm_perl copies data back from all 5 hashes > (RAD_REQUEST, RAD_REPLY, RAD_CHECK, RAD_REQUEST_PROXY, > RAD_REQUEST_PROXY_REPLY): It may be correct if he's running a very old version of the server. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl error
Bjørn Mork wrote: > "JUND, Aurélien" writes: > >> 3 hashes are given to the module and filled with value-pairs (Attribute >> names and values): >> >> # %RAD_CHECK Read-only Check items >> # %RAD_REQUEST Read-only Attributes from the request >> # %RAD_REPLY Read-write Attributes for the reply >> >> Why are %RAD_CHECKand %RAD_REQUEST Read-Only? > > I believe this is wrong. rlm_perl copies data back from all 5 hashes > (RAD_REQUEST, RAD_REPLY, RAD_CHECK, RAD_REQUEST_PROXY, > RAD_REQUEST_PROXY_REPLY): It may be correct if he's running a very old version of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl error
"JUND, Aurélien" writes: > 3 hashes are given to the module and filled with value-pairs (Attribute > names and values): > > # %RAD_CHECK Read-only Check items > # %RAD_REQUEST Read-only Attributes from the request > # %RAD_REPLY Read-write Attributes for the reply > > Why are %RAD_CHECKand %RAD_REQUEST Read-Only? I believe this is wrong. rlm_perl copies data back from all 5 hashes (RAD_REQUEST, RAD_REPLY, RAD_CHECK, RAD_REQUEST_PROXY, RAD_REQUEST_PROXY_REPLY): if ((get_hv_content(rad_request_hv, &vp)) > 0 ) { pairfree(&request->packet->vps); request->packet->vps = vp; vp = NULL; /* * Update cached copies */ request->username = pairfind(request->packet->vps, PW_USER_NAME); request->password = pairfind(request->packet->vps, PW_USER_PASSWORD); if (!request->password) request->password = pairfind(request->packet->vps, PW_CHAP_PASSWORD); } if ((get_hv_content(rad_reply_hv, &vp)) > 0 ) { pairfree(&request->reply->vps); request->reply->vps = vp; vp = NULL; } if ((get_hv_content(rad_check_hv, &vp)) > 0 ) { pairfree(&request->config_items); request->config_items = vp; vp = NULL; } if (request->proxy && (get_hv_content(rad_request_proxy_hv, &vp) > 0)) { pairfree(&request->proxy->vps); request->proxy->vps = vp; vp = NULL; } if (request->proxy_reply && (get_hv_content(rad_request_proxy_reply_hv, &vp) > 0)) { pairfree(&request->proxy_reply->vps); request->proxy_reply->vps = vp; vp = NULL; } > I would like to add check item and modify le request. Is there a way > to make them Read-write? Try it and see if it works. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl error
Hello In order to replace the ldap module wich can't cope with multi valued attributes (I know the ldap directory is inadequate for freeradius, but I can not change it), I am trying to use perl module. First I get a strange error when starting freeradius with the perl module, if I include the ldap library in the perl script I get this a the starting of freeradius: Can't locate loadable object for module IO in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at /usr/lib/perl/5.10/IO/Handle.pm line 9 I aml using a debian. I found a workaround by starting freeradius with : "LD_PRELOAD=/usr/lib/libperl.so.5.10 /usr/sbin/freeradius -X -d /etc/freeradius". But I can figure out why, is there a way to clean this error in a more elegant way ? 3 hashes are given to the module and filled with value-pairs (Attribute names and values): # %RAD_CHECK Read-only Check items # %RAD_REQUEST Read-only Attributes from the request # %RAD_REPLY Read-write Attributes for the reply Why are %RAD_CHECKand %RAD_REQUEST Read-Only? I would like to add check item and modify le request. Is there a way to make them Read-write? Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html