CHAP Authentication with rlm_perl module
Alan DeKok
aland at deployingradius.com
Fri May 15 17:00:08 CEST 2020
On May 14, 2020, at 7:00 PM, Imdad Hasan <imdadalikadiwala0 at gmail.com> wrote:
> i am using perl module, its working all like exec module but no doubt its
> increased the performance on high load. But i have some queries when i use
> CHAP authentication method with perl module.
The answer is "don't do CHAP with Perl". Instead, let FreeRADIUS do the authentication.
>
> In CHAP authentication i can't verify the password with Cleartext-Password,
> right?
You can. The CHAP module takes care of this.
> That's why i set RADCHECK attribute Cleartext-Password="password" and after
> that freeradius verify them with authenticator and all. and if password
> doesn't matched than its return Reject.
Yes, that works.
> But if i want to accept those user ( who have wrong password ) with special
> disabled framed-ip than how can i??
It's easy, but a little weird. In the "authenticate" section, do:
Auth-Type CHAP {
chap {
reject = 1
}
if (reject) {
update reply {
Framed-IP-Address := 192.0.2.128
}
ok
}
}
And that should do it.
Then, make sure that you're not over-writing that Framed-IP-Address later.
Alan DeKok.
More information about the Freeradius-Users
mailing list