[fixed version] rlm_perl and tagged attributes problem

Alexandr Kovalenko alexandr.kovalenko at gmail.com
Tue Mar 31 09:09:25 CEST 2009


Hello

[Update: fixed script so that it won't set incorrect attributes, but
problem persist]

I'm trying to set up FreeRADIUS with rlm_perl module to have ability
to interoperate with our billing/provisioning system.

FreeRADIUS version:

# radiusd -v
radiusd: FreeRADIUS Version 1.1.7, for host amd64-portbld-freebsd6.3,
built on Jan 15 2009 at 18:36:52

Perl version:

# perl -V
Summary of my perl5 (revision 5 version 8 subversion 8) configuration:
 Platform:
   osname=freebsd, osvers=6.3-rc2, archname=amd64-freebsd


We are using Juniper ERX-310 BRAS to terminate our customers and to
configure policies and so on, he need few attributes to be tagged.

Here is what normal session should be like to:

[never at nemo ~]$ radtest admin test 127.0.0.1 2 testing123
Sending Access-Request of id 229 to 127.0.0.1 port 1812
       User-Name = "admin"
       User-Password = "test"
       NAS-IP-Address = 255.255.255.255
       NAS-Port = 2
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=127, length=126
       ERX-Qos-Profile-Name = "SP_Tele_Internet"
       ERX-Qos-Parameters = "internet_tr_value 2097152"
       Framed-IP-Address = 10.0.112.2
       Framed-IP-Netmask = 255.255.255.255
       ERX-Service-Statistics:1 = time-volume
       ERX-Service-Activate:1 = "telesys(1048576)"

Please note ERX-Service-Statistics:1 and ERX-Service-Activate:1 attributes.

I have minimized code in Perl module to achieve this, to exclude any
possibility of our system influence:

sub authorize {
   if (($RAD_REQUEST{'User-Name'} eq 'admin') and
($RAD_REQUEST{'User-Password'} eq 'test')) {
       $RAD_REPLY{'ERX-Service-Activate:1'} = 'telesys(1048576)';
       $RAD_REPLY{'ERX-Service-Statistics:1'} = 'time-volume';
       $RAD_REPLY{'ERX-Qos-Parameters'} = "internet_tr_value 2097152";
       $RAD_REPLY{'ERX-Qos-Profile-Name'} = "SP_Tele_Internet";
       $RAD_REPLY{'Framed-IP-Address'} = '10.0.112.2';
       $RAD_REPLY{'Framed-IP-Netmask'}= "255.255.255.255";
       return RLM_MODULE_OK;
   };
}

Now let me to describe what happens.
When I restart radiusd and issue 1st radius Access-Request packet, it
returns attributes as expected. But the next one returns this:

$ radtest admin test 127.0.0.1 2 testing123
Sending Access-Request of id 32 to 127.0.0.1 port 1812
       User-Name = "admin"
       User-Password = "test"
       NAS-IP-Address = 255.255.255.255
       NAS-Port = 2
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=37, length=125
       ERX-Qos-Profile-Name = "SP_Tele_Internet"
       ERX-Qos-Parameters = "internet_tr_value 2097152"
       Framed-IP-Address = 10.0.112.2
       Framed-IP-Netmask = 255.255.255.255
       ERX-Service-Statistics:0 = time-volume
       ERX-Service-Activate:0 = "telesys(1048576)"

Please note ":0" after 2 last ERX-* attributes, which is a) incorrect,
b) in perl code it is clearly written as ":1".

Please help me to resolve this issue. Thanks in advance.

Here is log of correct behavior:

------------------------------------
rad_recv: Access-Request packet from host 127.0.0.1:64032, id=52, length=57
       User-Name = "admin"
       User-Password = "test"
       NAS-IP-Address = 255.255.255.255
       NAS-Port = 2
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
 modcall[authorize]: module "preprocess" returns ok for request 0
 modcall[authorize]: module "chap" returns noop for request 0
 modcall[authorize]: module "mschap" returns noop for request 0
   rlm_realm: No '@' in User-Name = "admin", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[authorize]: module "suffix" returns noop for request 0
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module "eap" returns noop for request 0
   users: Matched entry DEFAULT at line 171
 modcall[authorize]: module "files" returns ok for request 0
Using perl at 0x592370
rlm_perl: $VAR1 = {};
rlm_perl: defined
rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
rlm_perl: Added pair ERX-Service-Activate = telesys(1048576)
rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
rlm_perl: Added pair ERX-Service-Statistics = time-volume
rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Auth-Type = Perl
 modcall[authorize]: module "perl" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
 modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
 rad_check_password:  Found Auth-Type Perl
auth: type "Perl"
 Processing the authenticate section of radiusd.conf
modcall: entering group Perl for request 0
Using perl at 0x592370
rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Auth-Type = Perl
 modcall[authenticate]: module "perl" returns ok for request 0
modcall: leaving group Perl (returns ok) for request 0
Sending Access-Accept of id 42 to 127.0.0.1 port 64032
       ERX-Qos-Parameters = "internet_tr_value 2097152"
       ERX-Service-Activate:1 = "telesys(1048576)"
       ERX-Qos-Profile-Name = "SP_Tele_Internet"
       ERX-Service-Statistics:1 = time-volume
       Framed-IP-Address = 10.0.112.2
       Framed-IP-Netmask = 255.255.255.255
Finished request 0
--------------------------------------------

Here is log of next try:

--------------------------------------------

rad_recv: Access-Request packet from host 127.0.0.1:49908, id=99, length=57
       User-Name = "admin"
       User-Password = "test"
       NAS-IP-Address = 255.255.255.255
       NAS-Port = 2
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
 modcall[authorize]: module "preprocess" returns ok for request 1
 modcall[authorize]: module "chap" returns noop for request 1
 modcall[authorize]: module "mschap" returns noop for request 1
   rlm_realm: No '@' in User-Name = "admin", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[authorize]: module "suffix" returns noop for request 1
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module "eap" returns noop for request 1
   users: Matched entry DEFAULT at line 171
 modcall[authorize]: module "files" returns ok for request 1
Using perl at 0x592370
rlm_perl: $VAR1 = {};
rlm_perl: defined
rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
rlm_perl: Added pair ERX-Service-Activate = telesys(1048576)
rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
rlm_perl: Added pair ERX-Service-Statistics = time-volume
rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Auth-Type = Perl
 modcall[authorize]: module "perl" returns ok for request 1
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
 modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
 rad_check_password:  Found Auth-Type Perl
auth: type "Perl"
 Processing the authenticate section of radiusd.conf
modcall: entering group Perl for request 1
Using perl at 0x592370
rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
rlm_perl: Added pair Auth-Type = Perl
 modcall[authenticate]: module "perl" returns ok for request 1
modcall: leaving group Perl (returns ok) for request 1
Sending Access-Accept of id 68 to 127.0.0.1 port 49908
       ERX-Qos-Parameters = "internet_tr_value 2097152"
       ERX-Service-Activate:0 = "telesys(1048576)"
       ERX-Qos-Profile-Name = "SP_Tele_Internet"
       ERX-Service-Statistics:0 = time-volume
       Framed-IP-Address = 10.0.112.2
       Framed-IP-Netmask = 255.255.255.255
Finished request 1

--
Alexandr Kovalenko
http://uafug.org.ua/



-- 
Alexandr Kovalenko
http://uafug.org.ua/




More information about the Freeradius-Users mailing list