Ubuntu FreeRadius does not recoginize some perl.so symbols and does not compile from source and is also outdated (Why is there no new version in SID? Is the package still maintained?)
Thomas Glanzmann
thomas at glanzmann.de
Sun Jul 21 18:17:48 CEST 2013
Hello Alan,
> Yes. It does. But you are compiling some random external flavour.
> Download the source from freeradius.org and report what happens
yes, you're right and I just noticed that the freeradius git tree
contains a Debian folder which build packages which not only compile,
now I try to migrate my configuration, but the hints no longer work. My
configuration is pretty simple:
(freeradius) [/etc/freeradius] cat sites-available/smsotp
server default {
listen {
ipaddr = *
type = auth
}
authenticate {
perl
}
authorize {
update control {
Auth-Type := perl
}
preprocess
}
preacct {
preprocess
acct_unique
}
accounting {
}
session {
}
}
(freeradius) [/etc/freeradius] cat hints
DEFAULT User-Name =~ "^v104\\\\([^@]+)"
User-Name := "%{1}@V104.GMVL.DE"
DEFAULT User-Name =~ "^([^@]+)@v104.gmvl.de"
User-Name := "%{1}@V104.GMVL.DE"
(freeradius) [/etc/freeradius] cat clients.conf
client 10.104.1.0 {
secret = testing123
shortname = netscaler
}
client 127.0.0.1 {
secret = testing123
shortname = cs-01
}
In freeradius-2.2.0 the v104\Administrator got rewritten in
Administrator at V104.GMVL.DE but with the curren version it does not work. Any
idea what I'm doing wrong?
(freeradius) [/etc/freeradius] freeradius -X
freeradius: FreeRADIUS Version 3.0.0 (git #adfdfe7), for host x86_64-pc-linux-gnu, built on Jul 21 2013 at 17:07:13
Copyright (C) 1999-2013 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
Starting - reading configuration files ...
including dictionary file /etc/freeradius/dictionary
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/mods-enabled/
including configuration file /etc/freeradius/mods-enabled/preprocess
including configuration file /etc/freeradius/mods-enabled/perl
including files in directory /etc/freeradius/policy.d/
including configuration file /etc/freeradius/policy.d/dhcp
including configuration file /etc/freeradius/policy.d/control
including configuration file /etc/freeradius/policy.d/accounting
including configuration file /etc/freeradius/policy.d/cui
including configuration file /etc/freeradius/policy.d/eap
including configuration file /etc/freeradius/policy.d/operator-name
including configuration file /etc/freeradius/policy.d/canonicalization
including configuration file /etc/freeradius/policy.d/filter
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/smsotp
main {
security {
allow_core_dumps = no
}
}
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client 10.104.1.0 {
require_message_authenticator = no
secret = "testing123"
shortname = "netscaler"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 127.0.0.1 {
require_message_authenticator = no
secret = "testing123"
shortname = "cs-01"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
radiusd: #### Instantiating modules ####
instantiate {
}
modules {
# Loaded module rlm_preprocess
# Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
hints = "/etc/freeradius/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
reading pairlist file /etc/freeradius/mods-config/preprocess/hints
# Loaded module rlm_perl
# Instantiating module "perl" from file /etc/freeradius/mods-enabled/perl
perl {
filename = "/etc/freeradius/smsotp_krb5_3strikes.pl"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_post_auth = "post_auth"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_recv_coa = "recv_coa"
func_send_coa = "send_coa"
}
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/radiusd.conf
} # server
server default { # from file /etc/freeradius/sites-enabled/smsotp
# Creating Auth-Type = perl
# Loading authenticate {...}
# Loading authorize {...}
# Loading preacct {...}
# Loading virtual module acct_unique
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
Listening on auth address * port 1812 as server default
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.104.1.0 port 52437, id=174, length=58
User-Name = 'v104\\Administrator'
User-Password = 'Pa$$w0rd'
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/smsotp
(0) group authorize {
(0) - entering group authorize {...}
(0) update control {
(0) Auth-Type := perl
(0) } # update control = notfound
(0) [preprocess] = ok
(0) Found Auth-Type = perl
(0) # Executing group from file /etc/freeradius/sites-enabled/smsotp
(0) group authenticate {
(0) - entering group authenticate {...}
rlm_perl: authenticate: user unknown in database
rlm_perl: Added pair User-Name = v104\\Administrator
rlm_perl: Added pair User-Password = Pa$$w0rd
rlm_perl: Added pair NAS-IP-Address = 10.104.1.0
rlm_perl: Added pair Auth-Type = perl
(0) [perl] = reject
(0) Failed to authenticate the user.
(0) Using Post-Auth-Type Reject
(0) WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action.
(0) Finished request 0.
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(0) Sending delayed reject
Sending Access-Reject of id 174 from 10.104.252.162 port 1812 to 10.104.1.0 port 52437
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 174 with timestamp +7
Ready to process requests.
Cheers,
Thomas
More information about the Freeradius-Users
mailing list