%RAD_REPLY hash problem

Ana Gallardo ana.gallardo.77 at gmail.com
Mon Nov 8 12:56:33 CET 2010


Hello,

I've tested adding my vendor specific attributes to check list, and the
problem persist.

Here is the debug info:

rad_recv: Access-Request packet from host x.x.x.x port 32880, id=4,
length=75
    User-Name = "ana at unex.es"
    User-Password = "1111111"
    Calling-Station-Id = "..."
...

[ldap1] performing user authorization for ana
[ldap1]     expand: %{Stripped-User-Name} -> ana
[ldap1]     expand: (cn=%{%{Stripped-User-Name}:-%{User-Name}}) -> (cn=ana)
...
  [ldap1] Bind was successful
...
[ldap1] looking for check items in directory...
  [ldap1] Relaciones -> Relaciones += "06"
  [ldap1] Relaciones -> Relaciones += "01"
  [ldap1] ntPassword -> NT-Password == 0x44...
[ldap1] looking for reply items in directory...
  [ldap1] sn -> Nombre-Completo = "Ana Gllardo"
...
[ldap1] user ana authorized to use remote access
...
rlm_perl: RAD_REQUEST: User-Name = ana at unex.es
rlm_perl: RAD_REQUEST: User-Password = 1111111
rlm_perl: RAD_REQUEST: Intentos-Reject = 0
rlm_perl: RAD_REQUEST: SQL-User-Name = ana
rlm_perl: RAD_REQUEST: Realm = unex.es
rlm_perl: RAD_REQUEST: Stripped-User-Name = ana
rlm_perl: RAD_REQUEST: Calling-Station-Id = ...
rlm_perl: RAD_CHECK: NT-Password = 0x44...
rlm_perl: RAD_CHECK: Simultaneous-Use = 1
rlm_perl: RAD_CHECK: Relaciones = ARRAY(0x1d59618)
rlm_perl: RAD_CHECK: Ldap-UserDn = ...
rlm_perl: RAD_REREPLY: Nombre-Completo = Ana Gallardo
rlm_perl: relacion: 06
rlm_perl: relacion: 01
rlm_perl: relacion: 0x44...

...

Finally, my solution was delete the undesired member from the hash.

# cat /etc/freeradius/perl/checkRelaciones.pm
#!/usr/bin/perl
use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);

use constant    RLM_MODULE_REJECT=>    0;#  /* immediately reject the
request */
use constant    RLM_MODULE_OK=>        2;#  /* the module is OK, continue */

sub authorize {

   &solucion_bug;
   return &check_relaciones;
}

sub solucion_bug {
   my $r;
   my @array;

   if (exists  $RAD_CHECK{'Relaciones'} && defined
$RAD_CHECK{'Relaciones'}){
      $r=$RAD_CHECK{'Relaciones'};
      if (ref($r) eq "ARRAY") {
         foreach (@{$r}) {
            #&radiusd::radlog(1, "relacion: $_");
            if ($_ =~ /^[0-9]{2}/) {
                 push(@array, $_);
            }
         }
         if ($#array > 0){
            $RAD_REPLY{'Relaciones'}=\@array;
         }
         elsif ($#array == 0){
            $RAD_REPLY{'Relaciones'}=$array[0];
         }
      }
      unless (ref($r)) {
         #&radiusd::radlog(1, "relacion: $r");
         if ($r =~ /^[0-9]{2}/) {
            $RAD_REPLY{'Relaciones'}=$r;
         }
      }
      delete($RAD_CHECK{'Relaciones'});
   }
}

sub check_relaciones {
   my $r;

   if (exists  $RAD_REPLY{'Relaciones'} && defined
$RAD_REPLY{'Relaciones'}){
      return RLM_MODULE_OK;
   }
   else{
      $RAD_REPLY{'Codigo-Reject'}=11; #Sin-Relacion-UEX
      return RLM_MODULE_REJECT;
   }
}


Thank you very much.



++++++++++++++++++++
++ Ana Gallardo Gómez ++
++++++++++++++++++++
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101108/fc692348/attachment.html>


More information about the Freeradius-Users mailing list