FW: "authentication" sub in perl
Alex rsm
alex-rsm at hotmail.com
Mon Oct 3 22:45:22 CEST 2011
Ok,
openSLL is installed on my server. No more issue on EAP. However, my debug line in sub authenticate still is not being called:
#example.pl
# Function to handle authorize
sub authorize {
print "TEST-authorize: username=$RAD_REQUEST{'User-Name'}\n";
# For debugging purposes only
# &log_request_attributes;
# Here's where your authorization code comes
# You can call another function from here:
&test_call;
return RLM_MODULE_OK;
}
# Function to handle authenticate
sub authenticate {
print "TEST-authenticate\n";
# For debugging purposes only
# &log_request_attributes;
if ($RAD_REQUEST{'User-Name'} =~ /^baduser/i) {
# Reject user and tell him why
$RAD_REPLY{'Reply-Message'} = "Denied access by rlm_perl function";
return RLM_MODULE_REJECT;
} else {
# Accept user and set some attribute
$RAD_REPLY{'h323-credit-amount'} = "100";
return RLM_MODULE_OK;
}
}
and here is the debug:
Cleaning up request 9 ID 9 with timestamp +7
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.31 port 50071, id=19, length=169
User-Name = "abc"
NAS-IP-Address = 10.0.0.31
NAS-Identifier = "belair"
NAS-Port = 0
Called-Station-Id = "00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x"
Calling-Station-Id = "5C-59-48-F0-34-8B"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200000801616263
Message-Authenticator = 0xb952dcdfcec1e39a79c029ccdc94c2ca
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "abc", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> abc
[sql] sql_set_user escaped user --> 'abc'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'abc' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'abc' ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
[sql] User abc not found
++[sql] returns notfound
TEST-authorize: username=abc
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair Calling-Station-Id = 5C-59-48-F0-34-8B
rlm_perl: Added pair Called-Station-Id = 00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x
rlm_perl: Added pair Message-Authenticator = 0xb952dcdfcec1e39a79c029ccdc94c2ca
rlm_perl: Added pair User-Name = abc
rlm_perl: Added pair NAS-Identifier = belair
rlm_perl: Added pair EAP-Message = 0x0200000801616263
rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = 10.0.0.31
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 19 to 10.0.0.31 port 50071
EAP-Message = 0x0101001604108bc56309ea2103957c2aee6450696f68
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2c81558c2c8051de6687486c2848c067
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.31 port 50071, id=20, length=185
User-Name = "abc"
NAS-IP-Address = 10.0.0.31
NAS-Identifier = "belair"
NAS-Port = 0
Called-Station-Id = "00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x"
Calling-Station-Id = "5C-59-48-F0-34-8B"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100060319
State = 0x2c81558c2c8051de6687486c2848c067
Message-Authenticator = 0x959b11a51401f767f5b52bc58298d730
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "abc", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[sql] expand: %{User-Name} -> abc
[sql] sql_set_user escaped user --> 'abc'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'abc' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'abc' ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
[sql] User abc not found
++[sql] returns notfound
TEST-authorize: username=abc
rlm_perl: Added pair NAS-Port-Type = Wireless-802.11
rlm_perl: Added pair State = 0x2c81558c2c8051de6687486c2848c067
rlm_perl: Added pair Calling-Station-Id = 5C-59-48-F0-34-8B
rlm_perl: Added pair Called-Station-Id = 00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x
rlm_perl: Added pair Message-Authenticator = 0x959b11a51401f767f5b52bc58298d730
rlm_perl: Added pair User-Name = abc
rlm_perl: Added pair NAS-Identifier = belair
rlm_perl: Added pair EAP-Message = 0x020100060319
rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
rlm_perl: Added pair EAP-Type = NAK
rlm_perl: Added pair NAS-IP-Address = 10.0.0.31
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair Framed-MTU = 1400
rlm_perl: Added pair Auth-Type = EAP
++[perl] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 20 to 10.0.0.31 port 50071
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2c81558c2d834cde6687486c2848c067
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.0.31 port 50071, id=21, length=315
User-Name = "abc"
NAS-IP-Address = 10.0.0.31
NAS-Identifier = "belair"
NAS-Port = 0
Called-Station-Id = "00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x"
Calling-Station-Id = "5C-59-48-F0-34-8B"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0202008819800000007e16030100790100007503014e8a158f57cc1fc7dc587b4d0f71db7fe7535bd8d558d366554b98ffea94d54e00003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100
State = 0x2c81558c2d834cde6687486c2848c067
Message-Authenticator = 0xbc890b747815cfe2a522b36ce4298072
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "abc", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 136
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 126
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 035d], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 21 to 10.0.0.31 port 50071
EAP-Message = 0x010303a01900160301002a0200002603014e8a15900e786bf596f3aacf0a8613466bde700fd2039caa47f40e4e6ff7eebf00002f00160301035d0b0003590003560003533082034f308202b8020900c4503b0d3db1eb6a300d06092a864886f70d01010505003081eb310b3009060355040613025858312a3028060355040813215468657265206973206e6f2073756368207468696e67206f757473696465205553311330110603550407130a45766572797768657265310e300c060355040a13054f434f5341313c303a060355040b13334f666669636520666f7220436f6d706c69636174696f6e206f66204f74686572776973652053696d706c65
EAP-Message = 0x20416666616972733120301e060355040313176c61622d7375706572686f73742e62686e69732e6e6574312b302906092a864886f70d010901161c726f6f74406c61622d7375706572686f73742e62686e69732e6e6574301e170d3130303432323230333833355a170d3130303532323230333833355a3081eb310b3009060355040613025858312a3028060355040813215468657265206973206e6f2073756368207468696e67206f757473696465205553311330110603550407130a45766572797768657265310e300c060355040a13054f434f5341313c303a060355040b13334f666669636520666f7220436f6d706c69636174696f6e206f66
EAP-Message = 0x204f74686572776973652053696d706c6520416666616972733120301e060355040313176c61622d7375706572686f73742e62686e69732e6e6574312b302906092a864886f70d010901161c726f6f74406c61622d7375706572686f73742e62686e69732e6e657430819f300d06092a864886f70d010101050003818d0030818902818100a8095e7a92fe7feabe7940d9ba51310a55bba6c96949d67a1798a515961ab951cfe04d4234251d36e6854920ced26224b1d6ae09fa4e793c14d464b53e2faa9606b4f785c63f270a3c1a18fee3abfc1985e86e19d86fbe775c6171c952b3bd88dc6659099d07a84ac6d360d7cd23745031635d9093ea91d4
EAP-Message = 0x8108b36edcb15eb10203010001300d06092a864886f70d0101050500038181002ac5e5a95601c5d650cf06ab8b89bde90ff4435de070cb80076e7f0e25411dc2826996807af37acccfe9ada9a1f41c90be7301fda6bf6f1e9282c57e4a4923ae6c33b827032b0691cf516299f084f128c6631e3e80a6b7e77bc214ee36b3861a39819fae257557a2a023482750e50a19755919348bcb32d83e6cf0be37e0281716030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2c81558c2e824cde6687486c2848c067
Finished request 12.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 10.0.0.31 port 50071, id=22, length=387
User-Name = "abc"
NAS-IP-Address = 10.0.0.31
NAS-Identifier = "belair"
NAS-Port = 0
Called-Station-Id = "00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x"
Calling-Station-Id = "5C-59-48-F0-34-8B"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300d01980000000c61603010086100000820080371b287b2a288bb51773c591b925c51dc9dd35e78e31ca6572ba50103ff255b33f8f8d50222d2a360a84f9a626651502fce20b21dd5fd14a59094f2b1655bb2a2d11332b186fc5a94438859f67ec287724f63519e5cc82820cf91b5a9a9c4c26f33e31a74bddb88d1cb3b0b64ebf82e98fa1c5d1bd12b88a6774889fd868140d14030100010116030100304dcd33a4d2301013eb09a3e10798b8b1f5a6321a50a5b0ca6bd7c16c43fa7f1a4d442c1d5b5ab7421a7aa42b715abce2
State = 0x2c81558c2e824cde6687486c2848c067
Message-Authenticator = 0xa0a47b0b334f107a54ff4e9abac2969a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "abc", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 22 to 10.0.0.31 port 50071
EAP-Message = 0x0104004119001403010001011603010030b7da9f1ff65aa82945313f6e0b13f88565316368755ae23680a9a60583941b0aacfc3e71103a1e5eec9da651ae5a9d2d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2c81558c2f854cde6687486c2848c067
Finished request 13.
Going to the next request
Waking up in 4.6 seconds.
> Date: Mon, 3 Oct 2011 18:55:42 +0100
> From: A.L.M.Buxey at lboro.ac.uk
> To: alex-rsm at hotmail.com
> Subject: Re: "authentication" sub in perl
>
> Hi,
>
> hint: https://help.ubuntu.com/community/OpenSSL
>
>
> alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111003/3475dc95/attachment.html>
More information about the Freeradius-Users
mailing list