Fwd: final rlm_perl question, hopefully...

FreeRadius-ML freeradius at zap2link.com
Thu Jul 26 17:41:21 CEST 2007


Hi All,

  Ok, after reviewing all the information that was received, I've setup my FreeRadius
as following:

1. The authorize and authenticate sections are setup to activate digest and perl.
2. My rlm_perl script utilizes the following lines in order to return the unencrypted 
   user password back to FreeRadius for digest authentication:

   $RAD_CHECK{'Cleartext-Password'} = "xxxxxx";   # Remove this line for production
   $RAD_CHECK{'User-Password'}="xxxxxx";          # Remove this line for production

   I just put these inside my script for checking, later on this information will be
retrieved from an external source.

  Now, FreeRadius activates my rlm_perl module, no problem, as I can see the various 
reply fields being setup, however, I'm still getting the following error:


rlm_perl: RAD_REQUEST: Client-IP-Address = 192.168.2.80
rlm_perl: RAD_REQUEST: Digest-Response = 632905a2325f672f049800eda7df9ee4
rlm_perl: RAD_REQUEST: User-Name = z2l at 192.168.2.80
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: Sip-Uri-User = z2l
rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0xbbc93f0)
rlm_perl: RAD_REPLY: Reply-Message = User accepted by z2l WSDL
rlm_perl: RAD_REPLY: z2l-Duration = 60
rlm_perl: RAD_REPLY: z2l-Status = 2
rlm_perl: RAD_REPLY: z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d
rlm_perl: Added pair Reply-Message = User accepted by z2l
rlm_perl: Added pair z2l-Duration = 60
rlm_perl: Added pair z2l-Status = 2
rlm_perl: Added pair z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d
rlm_perl: Added pair Cleartext-Password = z2l
rlm_perl: Added pair User-Password = z2l
rlm_perl: Added pair Auth-Type = digest
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0xb933260
  modcall[authorize]: module "perl" returns ok for request 5
    rlm_realm: Looking up realm "192.168.2.80" for User-Name = "z2l at 192.168.2.80"
    rlm_realm: No such realm "192.168.2.80"
  modcall[authorize]: module "suffix" returns noop for request 5
modcall: leaving group authorize (returns ok) for request 5
  rad_check_password:  Found Auth-Type DIGEST
auth: type "digest"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication.
  modcall[authenticate]: module "digest" returns invalid for request 5
modcall: leaving group authenticate (returns invalid) for request 5
auth: Failed to validate the user.
Login incorrect: [z2l at 192.168.2.80/<no User-Password attribute>] (from client 192.168.2.80 port 5060)
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 3 seconds...

  Now, my configuration is very very simple. In the authorize I have digest and perl 
enabled, in authenticate I have only digest enabled. If I read the debug correctly, the 
authorization is going ok:

  modcall[authorize]: module "perl" returns ok for request 5
    rlm_realm: Looking up realm "192.168.2.80" for User-Name = "z2l at 192.168.2.80"
    rlm_realm: No such realm "192.168.2.80"
  modcall[authorize]: module "suffix" returns noop for request 5
  modcall: leaving group authorize (returns ok) for request 5

  However, the authentication section fails: 

    rad_check_password:  Found Auth-Type DIGEST
  auth: type "digest"
    Processing the authenticate section of radiusd.conf
  modcall: entering group authenticate for request 5
  rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication.
    modcall[authenticate]: module "digest" returns invalid for request 5
  modcall: leaving group authenticate (returns invalid) for request 5
  auth: Failed to validate the user.
  Login incorrect: [z2l at 192.168.2.80/<no User-Password attribute>] (from client 192.168.2.80 port 5060)

  So, I'm either returning something in the wrong way, or I've broken something again.
Any pointers on the issue would be highly appreciated.

Regards,
  Z2L




More information about the Freeradius-Users mailing list