rlm_perl and dynamic_clients
Steven Eksteen
steve at saoirse.co.za
Sat Sep 1 18:09:09 CEST 2012
Sorry. I wasn't paying attention and resent the initial question mail
by accident instead of the following:
I followed your instructions and the Packet-Src-IP-Address came
through into the Perl script, thank you. I did however use
Packet-Src-IP-Address-0 instead of Tmp-IP-Address-0 for ease of
understanding, for anyone else looking at the script. I hope this is
not what's affecting the operation.
I hope the output below is enough information your you to see how I am
adding to RAD_REPLY. I am returning RLM_MODULE_OK at the end of the
script. I did try to use RLM_MODULE_UPDATED but that returned a result
as if I was returning RLM_MODULE_FAIL, module failure.
I also did try to use "directory = ${confdir}/dynamic-clients/" in the
virtual server in case the failure might have been coming from
somewhere not shown in the output, like the SQL module maybe
---
client dynamic {
ipaddr = 0.0.0.0
netmask = 0
dynamic_clients = dynamic_client_server
lifetime = 3600
}
server dynamic_client_server {
authorize {
update request {
Packet-Src-IP-Address-0 := "%{Packet-Src-IP-Address}"
}
dynamic-clients-pl
}
}
---
rad_recv: Access-Request packet from host 192.168.0.200 port 58738,
id=36, length=212
server dynamic_client_server {
rlm_perl: RAD_REQUEST: Packet-Src-IP-Address-0 = 192.168.0.200
rlm_perl: RAD_REPLY: FreeRADIUS-Client-Shortname = Internal
rlm_perl: RAD_REPLY: FreeRADIUS-Client-Secret = 123456
rlm_perl: RAD_REPLY: FreeRADIUS-Client-NAS-Type = other
rlm_perl: RAD_REPLY: FreeRADIUS-Client-IP-Address = 192.168.0.200
rlm_perl: Added pair Packet-Src-IP-Address-0 = 192.168.0.200
rlm_perl: Added pair FreeRADIUS-Client-Shortname = Internal
rlm_perl: Added pair FreeRADIUS-Client-Secret = 123456
rlm_perl: Added pair FreeRADIUS-Client-NAS-Type = other
rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 192.168.0.200
} # server dynamic_client_server
- Cannot add client 192.168.0.200: Required attribute
"FreeRADIUS-Client-Secret" is missing.
Ignoring request to authentication address * port 1812 as server r9
from unknown client 192.168.0.200 port 58738
On Fri, Aug 31, 2012 at 8:52 AM, Steven Eksteen <steven at rad9.net> wrote:
>
> I am pretty sure I might be missing something here, or having a giant blonde
> moment. I followed your instructions and the Packet-Src-IP-Address came
> through into the Perl script, thank you. I did however use
> Packet-Src-IP-Address-0 instead of Tmp-IP-Address-0 for ease of
> understanding. I hope this is not what's affecting the operation.
>
> I hope the output below is enough information your you to see how I am
> adding to RAD_REPLY. I am returning RLM_MODULE_OK at the end of the script.
> I did try to use RLM_MODULE_UPDATED but that returned a result as if I was
> returning RLM_MODULE_FAIL, module failure.
>
> I also did try to use "directory = ${confdir}/dynamic-clients/" in the
> virtual server in case the failure might have been coming from somewhere not
> shown in the output, like the SQL module
>
> ---
>
> client dynamic {
> ipaddr = 0.0.0.0
> netmask = 0
> dynamic_clients = dynamic_client_server
> lifetime = 3600
> }
>
> server dynamic_client_server {
> authorize {
> update request {
> Packet-Src-IP-Address-0 :=
> "%{Packet-Src-IP-Address}"
> }
> dynamic-clients-pl
> }
> }
>
> ---
>
> rad_recv: Access-Request packet from host 192.168.0.200 port 58738, id=36,
> length=212
> server dynamic_client_server {
> rlm_perl: RAD_REQUEST: Packet-Src-IP-Address-0 = 192.168.0.200
> rlm_perl: RAD_REPLY: FreeRADIUS-Client-Shortname = Internal
> rlm_perl: RAD_REPLY: FreeRADIUS-Client-Secret = 123456
> rlm_perl: RAD_REPLY: FreeRADIUS-Client-NAS-Type = other
> rlm_perl: RAD_REPLY: FreeRADIUS-Client-IP-Address = 192.168.0.200
> rlm_perl: Added pair Packet-Src-IP-Address-0 = 192.168.0.200
> rlm_perl: Added pair FreeRADIUS-Client-Shortname = Internal
> rlm_perl: Added pair FreeRADIUS-Client-Secret = 123456
> rlm_perl: Added pair FreeRADIUS-Client-NAS-Type = other
> rlm_perl: Added pair FreeRADIUS-Client-IP-Address = 192.168.0.200
> } # server dynamic_client_server
> - Cannot add client 192.168.0.200: Required attribute
> "FreeRADIUS-Client-Secret" is missing.
> Ignoring request to authentication address * port 1812 as server r9 from
> unknown client 192.168.0.200 port 58738
> Ready to process requests.
>
> ---
>
>
> On Tue, Aug 28, 2012 at 4:21 PM, Steven Eksteen <steve at saoirse.co.za> wrote:
>>
>> Thank you. Much appreciated
>>
>>
>> On Tue, Aug 28, 2012 at 4:14 PM, Alan DeKok <aland at deployingradius.com>
>> wrote:
>> > Steven Eksteen wrote:
>> >> I was wondering how would I use "Packet-Src-IP-Address" using Perl for
>> >> Dynamic Clients. I thought it might be part of the RAD_REQUEST hash.
>> >
>> > It's not, but you can do:
>> >
>> > server dynamic_client_server {
>> > authorize {
>> > update request {
>> > Tmp-IP-Address-0 := "%{Packet-Src-IP-Address}"
>> > }
>> >
>> > dynamic-clients-pl
>> > }
>> > }
>> >
>> >
>> > And then use the Tmp-IP-Address-0 in the Perl code.
>> >
>> >> If some direction could be made as to setting
>> >> "FreeRADIUS-Client-Shortname", "FreeRADIUS-Client-Secret", etc. too I
>> >> would be very grateful.
>> >
>> > You just set them in the RAD_REPLY hash.
>> >
>> >> I already have Perl working for the normal AAA
>> >> functions. This just doesn't appear to work the same way. I am not a
>> >> Perl developer in the slightest so apologies in advance if this is a
>> >> monumentally stupid question.
>> >
>> > Nope. It's a complicated system.
>> >
>> > Alan DeKok.
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list