Question regarding rlm_perl and Access-Challenge
Harry J Walsh
harry.walsh at gmail.com
Tue Aug 19 15:12:41 CEST 2008
Thanks for the swift reply Dekok. I tried what you suggested and it
doesn't work. Looking at dictionary.freeradius.internal and double
checking the values in the pair everything looks okay. I'm going to
play about with this a bit, but in the mean time here's some more
details and I would greatly appreciate it if you would scan over them
to see if there is anything obvious I am missing.
Here's my authenticate sub.
# Function to handle authenticate
sub authenticate {
# For debugging purposes only
&log_request_attributes;
if (($RAD_REQUEST{'User-Name'} =~ /^test/) &&
($RAD_REQUEST{'User-Password'} =~ /^pass/)) {
$RAD_REPLY{'State'} = "challenge";
$RAD_REPLY{'Reply-Message'} = "Challenge: ";
$RAD_REPLY{'Response-Packet-Type'} = "Access-Challenge";
&log_request_attributes;
return RLM_MODULE_HANDLED;
}
else {
# Reject user and tell him why
$RAD_REPLY{'Reply-Message'} = "Denied access by
rlm_perl function";
return RLM_MODULE_REJECT;
}
}
And here's the debug output:
perl_pool: item 0x827b1a0 asigned new request. Handled so far: 1
found interpetator at address 0x827b1a0
rlm_perl: RAD_REQUEST: User-Name = test
rlm_perl: RAD_REQUEST: User-Password = pass
rlm_perl: RAD_REQUEST: Service-Type = Login-User
rlm_perl: RAD_REQUEST: NAS-IP-Address = 10.250.0.170
rlm_perl: RAD_REQUEST: NAS-Port = 6
rlm_perl: RAD_REQUEST: User-Name = test
rlm_perl: RAD_REQUEST: User-Password = pass
rlm_perl: RAD_REQUEST: Service-Type = Login-User
rlm_perl: RAD_REQUEST: NAS-IP-Address = 10.250.0.170
rlm_perl: RAD_REQUEST: NAS-Port = 6
rlm_perl: RAD_REPLY: Reply-Message = Challenge:
rlm_perl: RAD_REPLY: Response-Packet-Type = Access-Challenge
rlm_perl: RAD_REPLY: State = challenge
rlm_perl: Added pair User-Name = test
rlm_perl: Added pair User-Password = pass
rlm_perl: Added pair Service-Type = Login-User
rlm_perl: Added pair NAS-IP-Address = 10.250.0.170
rlm_perl: Added pair NAS-Port = 6
rlm_perl: Added pair Reply-Message = Challenge:
rlm_perl: Added pair Response-Packet-Type = Access-Challenge
rlm_perl: Added pair State = challenge
rlm_perl: Added pair Auth-Type = Perl
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x827b1a0
++[perl] returns handled
There was no response configured: rejecting request 0
==
The last line here is confusing me. Looking at the code that spits
out this error, it seems to only happen when there is no
Response-Packet-Type in a request_post_handler.
switch (request->packet->code) {
case PW_AUTHENTICATION_REQUEST:
gettimeofday(&request->next_when, NULL);
if (request->reply->code == 0) {
/*
* Check if the lack of response is intentional.
*/
vp = pairfind(request->config_items,
PW_RESPONSE_PACKET_TYPE);
if (!vp) {
DEBUG2("There was no response configured: rejecting request %d",
request->number);
request->reply->code = PW_AUTHENTICATION_REJECT;
} else if (vp->vp_integer == 256) {
DEBUG2("Not responding to request %d",
request->number);
} else {
request->reply->code = vp->vp_integer;
}
}
On Tue, Aug 19, 2008 at 1:09 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Harry J Walsh wrote:
>> I want to develop some test cases for a radius client I am developing
>> and I would like to be able to use rlm_perl to simulate various
>> scenarios. The one I am having major problems with is
>> Access-Challenge. I really like rlm_perl and the flexibility it
>> provides and I would like to be able to specify the reply type. I've
>> looked through documentation and the rlm_perl code for any hints on
>> how to do this and at this stage I'm thinking I'll have to create a
>> new interface to allow my perl script to specify the correct reply
>> type to rlm_perl.
>
> Configure the reply with "Response-Packet-Type = Access-Challenge",
> and make sure that the authenticate section returns "handled". That
> should do it.
>
> And yes, this isn't documented.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Harry J Walsh
More information about the Freeradius-Users
mailing list