Separate rlm_perl in each virtual server

Alexander Shikoff minotaur at crete.org.ua
Sat Jan 29 17:29:06 CET 2011 

On Sat, Jan 29, 2011 at 06:10:49PM +0200, Alexander Shikoff wrote:
> On Sat, Jan 29, 2011 at 03:18:18PM +0100, Alan DeKok wrote:
> > Alexander Shikoff wrote:
> > > I have two virtual servers and I need to process events in these servers
> > > with different perl scripts. Is there a way to configure separate 
> > > rlm_perl instances for each virtual server? Thanks.
> > 
> > raddb/modules/perl1:
> > 
> > 	perl perl1 {
> > 		...
> > 	}
> > 
> > raddb/modules/perl2:
> > 
> > 	perl perl2 {
> > 		...
> > 	}
> > 
> >   And then use "perl1" and "perl2" instead of "perl.
> > 
> >   Alan DeKok.
> 
> Ok, I tried this way:
> 
> raddb/modules/ISG_DHCP:
> perl ISG_DHCP {
>         module = ${confdir}/dhcp.pl
> }
> 
> raddb/modules/ISG_Auth:
> perl ISG_Auth {
>         module = ${confdir}/dhcp-authorization.pl
> }
> 
> Then I add these modules to virtual servers:
> raddb/sites-enabled/dhcp:
> server dhcp {
> [...]
>         dhcp DHCP-Discover {
>                 ISG_DHCP
>                 reply_log
>                 ok
>         }
> }
> 
> raddb/sites-enabled/auth:
> server dhcp-authorization {
> [...]
>         listen {
>                 type = auth
>                 ipaddr = x.x.x.x
>                 port = 11812
>         }
> 
>         authorize {
>                 ISG_Auth
>         }
> }
> 
> But when freeradius receives DHCP packet it processes it with dhcp-authorization.pl
> script but not with dhcp.pl. Why?

More debugging information. I've written a two simple Perl scripts for each 
virtual server:
-------------------------------------------------------------------
# dhcp.pl
use strict;
use vars qw/%RAD_REQUEST %RAD_REPLY %RAD_CHECK/;

sub authenticate {
        &radiusd::radlog(L_INFO, "-dhcp.pl- : authenticate");
}

sub authorize {
        &radiusd::radlog(L_INFO, "-dhcp.pl- : authorize");
}

sub post_auth {
        &radiusd::radlog(L_INFO, "-dhcp.pl- : post_auth");
}
-------------------------------------------------------------------
# authorization.pl
use strict;
use vars qw/%RAD_REQUEST %RAD_REPLY %RAD_CHECK/;

sub authenticate {
        &radiusd::radlog(L_INFO, "-authorization.pl- : authenticate");
}

sub authorize {
        &radiusd::radlog(L_INFO, "-authorization.pl- : authorize");
}

sub post_auth {
        &radiusd::radlog(L_INFO, "-authorization.pl- : post_auth");
}
-------------------------------------------------------------------

Then I refer them in modules:

raddb/modules/ISG_DHCP:
perl ISG_DHCP {
	module = ${confdir}/dhcp.pl
}

raddb/modules/ISG_Auth:
perl ISG_Auth {
	module = ${confdir}/authorization.pl
}

radiusd after startup reads configuration in a right way:

# radiusd -X
[...]
server dhcp { # from file /usr/local/etc/raddb/sites-enabled/dhcp
 modules {
 Module: Checking dhcp DHCP-Discover {...} for more modules to load
 Module: Linked to module rlm_perl
 Module: Instantiating module "ISG_DHCP" from file /usr/local/etc/raddb/modules/ISG_DHCP
  perl ISG_DHCP {
        module = "/usr/local/etc/raddb/dhcp.pl"
        func_authorize = "authorize"
        func_authenticate = "authenticate"
        func_accounting = "accounting"
        func_preacct = "preacct"
        func_checksimul = "checksimul"
        func_detach = "detach"
        func_xlat = "xlat"
        func_pre_proxy = "pre_proxy"
        func_post_proxy = "post_proxy"
        func_post_auth = "post_auth"
        func_recv_coa = "recv_coa"
        func_send_coa = "send_coa"
  }

[...]
server dhcp-authorization { # from file /usr/local/etc/raddb/sites-enabled/dhcp-authorization.conf
 modules {
 Module: Checking authorize {...} for more modules to load
 Module: Instantiating module "ISG_Auth" from file /usr/local/etc/raddb/modules/ISG_Auth
  perl ISG_Auth {
        module = "/usr/local/etc/raddb/authorization.pl"
        func_authorize = "authorize"
        func_authenticate = "authenticate"
        func_accounting = "accounting"
        func_preacct = "preacct"
        func_checksimul = "checksimul"
        func_detach = "detach"
        func_xlat = "xlat"
        func_pre_proxy = "pre_proxy"
        func_post_proxy = "post_proxy"
        func_post_auth = "post_auth"
        func_recv_coa = "recv_coa"
        func_send_coa = "send_coa"
  }
 } # modules



Now radiusd receives a DHCP packet and:

Received DHCP-Discover of id fcb1c6c0 from 193.200.84.232:67 to 193.200.85.245:67
[...]
server dhcp {
Trying sub-section dhcp DHCP-Discover {...}
+- entering group DHCP-Discover {...}
rlm_perl: -authorization.pl- : post_auth
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


... it calls authorization.pl instead of dhcp.pl.

-- 
MINO-RIPE

More information about the Freeradius-Users mailing list