Perl script error when testing locally

HORMAZABAL PI�ONES BARBARA FRANCISCA bhp001 at alumnos.ucn.cl
Fri Sep 25 03:26:28 CEST 2020 

>   If you have a Perl script which does pop3 authentication, it should be
straightforward to run it in FreeRADIUS.
Sorry, I don't know what you meant by that.
> But the Perl script rejected the user.

Ok so I was testing some things in a virtual machine and realized
something. I did the exact same configuration that in the server and
radtest locally was sucessful in the VM but not in the server. And that's
when I noticed that whenever I used radtest [gmail acc] [password]
localhost 0 testing123 the output I recieved had the localhost IP address
as NAS-IP-Address and this was successful without adding the user to the
users file. However when running the same command in the server the
NAS-IP-Address was the IP of the server and not localhost (the same happens
with user bob) and gets rejected, but it's successful if you add the mail
and password in the users file.

Basically, in VM: $radtest wifi at ucn.cl password localhost 0 testing123

Sent Access-Request Id 28 from 0.0.0.0:48005 to 127.0.0.1:1812 length 81
        User-Name = "wifi at ucn.cl"
        User-Password = "password"
        NAS-IP-Address = *127.0.0.1*
        NAS-Port = 0
        Message-Authenticator = 0x00
        Cleartext-Password = "password"
Received Access-Accept Id 28 from 127.0.0.1:1812 to 0.0.0.0:0 length 31

In the server:  $radtest wifi at ucn.cl password localhost 0 testing123

Sent Access-Request Id 113 from 0.0.0.0:41244 to 127.0.0.1:1812 length 81
        User-Name = "wifi at ucn.cl"
        User-Password = "password"
        NAS-IP-Address = *146.83.124.26*
        NAS-Port = 0
        Message-Authenticator = 0x00
        Cleartext-Password = "password"
Received Access-Reject Id 113 from 127.0.0.1:1812 to 0.0.0.0:0 length 20

This might be a dumb question but why does this happen and how can I change
it? I tried adding the server as a client but it doesn't work. Or how can I
edit the users file so it accept all request from any gmail account without
having to add all the accounts?





El mié., 23 sept. 2020 a las 8:42, Alan DeKok (<aland at deployingradius.com>)
escribió:

>
> > On Sep 22, 2020, at 5:40 PM, HORMAZABAL PI�ONES BARBARA FRANCISCA <
> bhp001 at alumnos.ucn.cl> wrote:
> >
> > Hello again, I'm trying to follow the tutorial from this site
> > <https://kerker.website/freeradiusgmail802-1x%E8%A8%AD%E5%AE%9Apop3s/>
> (it's
> > in chinese but it's pretty understandable if you translate it) basically
> > using a perl script for authentication against gmail accounts using POP3.
>
>   If you have a Perl script which does pop3 authentication, it should be
> straightforward to run it in FreeRADIUS.
>
> > So far I have reached to the part where it tests the script locally and
> the
> > error occurs, I haven't yet reached to the part where it configures the
> eap
> > file to EAP-GTC for the 802.1X.
> >
> > Even though it's not in the tutorial I still added the user in the users
> > file anyway and the error is still there.
>
>   OK...
>
> > This is the output I get when doing radtest locally:
> > ...
> > (0) Found Auth-Type = Perl
> > (0) # Executing group from file /etc/freeradius/3.0/sites-enabled/default
> > (0)   Auth-Type Perl {
> > (0) perl:   $RAD_REQUEST{'User-Name'} = &request:User-Name -> '
> > pruebaucnperl at gmail.com'
> > (0) perl:   $RAD_REQUEST{'User-Password'} = &request:User-Password ->
> > 'password'
> > (0) perl:   $RAD_REQUEST{'NAS-IP-Address'} = &request:NAS-IP-Address ->
> > '146.83.124.26'
> > (0) perl:   $RAD_REQUEST{'NAS-Port'} = &request:NAS-Port -> '0'
> > (0) perl:   $RAD_REQUEST{'Event-Timestamp'} = &request:Event-Timestamp ->
> > 'sep 22 2020 18:33:00 -03'
> > (0) perl:   $RAD_REQUEST{'Message-Authenticator'} =
> > &request:Message-Authenticator -> '0xf081ea4e44b9ed006a1316a93828157f'
> > (0) perl:   $RAD_REQUEST{'Realm'} = &request:Realm -> 'gmail.com'
> > (0) perl:   $RAD_CHECK{'Auth-Type'} = &control:Auth-Type -> 'Perl'
> > (0) perl:   $RAD_CONFIG{'Auth-Type'} = &control:Auth-Type -> 'Perl'
> > POP3 <- +OK Gpop ready for requests from 146.83.124.26 d17mb25011424qvc
> > at /etc/freeradius/3.0/mods-config/perl/pop3.pl line 149.
> > POP3 -> QUIT
> > at /etc/freeradius/3.0/mods-config/perl/pop3.pl line 149.
> > POP3 <- +OK Bye d17mb25011424qvc
> > at /etc/freeradius/3.0/mods-config/perl/pop3.pl line 149.
>
>    And that doesn't show anything about what the Perl script did.
>
> > (0)     [perl] = reject
>
>   But the Perl script rejected the user.
>
>   You have to add debugging to the Perl script, so it tells you what it's
> doing, and why things are going wrong.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list