hi,<br> I am using free Radius 2.0. I want to try to authenticate with the perl module, I've done all the necessary configurations in sites-enabled/default directory and in radiusd.conf and it reads my perl script when running my radius, unfortunately my radius server rejects all the time no matter what i've put the return value rlm_module_ok in my perl script. Please tell me is there any other things what i've to do to authenticate the username from perl module.<br>
<br>Here is the output after running the radius server in debugging mode<br><br>FreeRADIUS Version 2.0.2, for host i686-pc-linux-gnu, built on Feb 25 2008 at 09:51:36<br>Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.<br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A<br>PARTICULAR PURPOSE.<br>You may redistribute copies of FreeRADIUS under the terms of the<br>GNU General Public License.<br>Starting - reading configuration files ...<br>
including configuration file /usr/local/etc/raddb/radiusd.conf<br>including configuration file /usr/local/etc/raddb/proxy.conf<br>including configuration file /usr/local/etc/raddb/clients.conf<br>including configuration file /usr/local/etc/raddb/snmp.conf<br>
including configuration file /usr/local/etc/raddb/eap.conf<br>including configuration file /usr/local/etc/raddb/sql.conf<br>including configuration file /usr/local/etc/raddb/policy.conf<br>including files in directory /usr/local/etc/raddb/sites-enabled/<br>
including configuration file /usr/local/etc/raddb/sites-enabled/default<br>including dictionary file /usr/local/etc/raddb/dictionary<br>main {<br> prefix = "/usr/local"<br> localstatedir = "/usr/local/var"<br>
logdir = "/usr/local/var/log/radius"<br> libdir = "/usr/local/lib"<br> radacctdir = "/usr/local/var/log/radius/radacct"<br> hostname_lookups = no<br> max_request_time = 30<br>
cleanup_delay = 5<br> max_requests = 1024<br> allow_core_dumps = no<br> pidfile = "/usr/local/var/run/radiusd/radiusd.pid"<br> checkrad = "/usr/local/sbin/checkrad"<br>
debug_level = 0<br> proxy_requests = yes<br> security {<br> max_attributes = 200<br> reject_delay = 1<br> status_server = yes<br> }<br>}<br> client localhost {<br> ipaddr = <a href="http://127.0.0.1">127.0.0.1</a><br>
require_message_authenticator = no<br> secret = "testing123"<br> nastype = "other"<br> }<br>radiusd: #### Loading Realms and Home Servers ####<br> proxy server {<br> retry_delay = 5<br>
retry_count = 3<br> default_fallback = no<br> dead_time = 120<br> wake_all_if_all_dead = no<br> }<br> home_server localhost {<br> ipaddr = <a href="http://127.0.0.1">127.0.0.1</a><br> port = 1812<br>
type = "auth"<br> secret = "testing123"<br> response_window = 20<br> max_outstanding = 65536<br> zombie_period = 40<br> status_check = "status-server"<br>
ping_check = "none"<br> ping_interval = 30<br> check_interval = 30<br> num_answers_to_alive = 3<br> num_pings_to_alive = 3<br> revive_interval = 120<br> status_check_timeout = 4<br>
}<br> home_server_pool my_auth_failover {<br> type = fail-over<br> home_server = localhost<br> }<br> realm <a href="http://example.com">example.com</a> {<br> auth_pool = my_auth_failover<br> }<br> realm LOCAL {<br>
}<br>radiusd: #### Instantiating modules ####<br> instantiate {<br> Module: Linked to module rlm_exec<br> Module: Instantiating exec<br> exec {<br> wait = yes<br> input_pairs = "request"<br> shell_escape = yes<br>
}<br> Module: Linked to module rlm_expr<br> Module: Instantiating expr<br> Module: Linked to module rlm_expiration<br> Module: Instantiating expiration<br> expiration {<br> reply-message = "Password Has Expired "<br>
}<br> Module: Linked to module rlm_logintime<br> Module: Instantiating logintime<br> logintime {<br> reply-message = "You are calling outside your allowed timespan "<br> minimum-timeout = 60<br>
}<br> }<br>radiusd: #### Loading Virtual Servers ####<br>server {<br> modules {<br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_perl<br> Module: Instantiating perl<br> perl {<br>
module = "/usr/local/etc/raddb/example.pm"<br> func_authorize = "authorize"<br> func_authenticate = "authenticate"<br> func_accounting = "accounting"<br>
func_preacct = "preacct"<br> func_checksimul = "checksimul"<br> func_detach = "detach"<br> func_xlat = "xlat"<br> func_pre_proxy = "pre_proxy"<br>
func_post_proxy = "post_proxy"<br> func_post_auth = "post_auth"<br> }<br> perl {<br> max_clones = 32<br> start_clones = 32<br> min_spare_clones = 0<br> max_spare_clones = 32<br>
cleanup_delay = 5<br> max_request_per_clone = 0<br> }<br> Module: Checking authorize {...} for more modules to load<br> Module: Linked to module rlm_preprocess<br> Module: Instantiating preprocess<br> preprocess {<br>
huntgroups = "/usr/local/etc/raddb/huntgroups"<br> hints = "/usr/local/etc/raddb/hints"<br> with_ascend_hack = no<br> ascend_channels_per_line = 23<br> with_ntdomain_hack = no<br>
with_specialix_jetstream_hack = no<br> with_cisco_vsa_hack = no<br> with_alvarion_vsa_hack = no<br> }<br> Module: Linked to module rlm_realm<br> Module: Instantiating suffix<br> realm suffix {<br> format = "suffix"<br>
delimiter = "@"<br> ignore_default = no<br> ignore_null = no<br> }<br> Module: Linked to module rlm_eap<br> Module: Instantiating eap<br> eap {<br> default_eap_type = "md5"<br>
timer_expire = 60<br> ignore_unknown_eap_types = no<br> cisco_accounting_username_bug = no<br> }<br> Module: Linked to sub-module rlm_eap_md5<br> Module: Instantiating eap-md5<br> Module: Linked to sub-module rlm_eap_leap<br>
Module: Instantiating eap-leap<br> Module: Linked to sub-module rlm_eap_gtc<br> Module: Instantiating eap-gtc<br> gtc {<br> challenge = "Password: "<br> auth_type = "PAP"<br> }<br> Module: Linked to sub-module rlm_eap_tls<br>
Module: Instantiating eap-tls<br> tls {<br> rsa_key_exchange = no<br> dh_key_exchange = yes<br> rsa_key_length = 512<br> dh_key_length = 512<br> verify_depth = 0<br> pem_file_type = yes<br>
private_key_file = "/usr/local/etc/raddb/certs/server.pem"<br> certificate_file = "/usr/local/etc/raddb/certs/server.pem"<br> CA_file = "/usr/local/etc/raddb/certs/ca.pem"<br>
private_key_password = "whatever"<br> dh_file = "/usr/local/etc/raddb/certs/dh"<br> random_file = "/usr/local/etc/raddb/certs/random"<br> fragment_size = 1024<br>
include_length = yes<br> check_crl = no<br> cipher_list = "DEFAULT"<br> make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"<br> }<br> Module: Linked to sub-module rlm_eap_ttls<br>
Module: Instantiating eap-ttls<br> ttls {<br> default_eap_type = "md5"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> }<br> Module: Linked to sub-module rlm_eap_peap<br>
Module: Instantiating eap-peap<br> peap {<br> default_eap_type = "mschapv2"<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> proxy_tunneled_request_as_eap = yes<br> }<br>
Module: Linked to sub-module rlm_eap_mschapv2<br> Module: Instantiating eap-mschapv2<br> mschapv2 {<br> with_ntdomain_hack = no<br> }<br> Module: Checking preacct {...} for more modules to load<br> Module: Linked to module rlm_acct_unique<br>
Module: Instantiating acct_unique<br> acct_unique {<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br> }<br> Module: Linked to module rlm_files<br> Module: Instantiating files<br>
files {<br> usersfile = "/usr/local/etc/raddb/users"<br> acctusersfile = "/usr/local/etc/raddb/acct_users"<br> preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"<br>
compat = "no"<br> }<br> Module: Checking accounting {...} for more modules to load<br> Module: Linked to module rlm_detail<br> Module: Instantiating detail<br> detail {<br> detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<br>
header = "%t"<br> detailperm = 384<br> dirperm = 493<br> locking = no<br> log_packet_header = no<br> }<br> Module: Linked to module rlm_unix<br> Module: Instantiating unix<br>
unix {<br> radwtmp = "/usr/local/var/log/radius/radwtmp"<br> }<br> Module: Linked to module rlm_radutmp<br> Module: Instantiating radutmp<br> radutmp {<br> filename = "/usr/local/var/log/radius/radutmp"<br>
username = "%{User-Name}"<br> case_sensitive = yes<br> check_with_nas = yes<br> perm = 384<br> callerid = yes<br> }<br> Module: Linked to module rlm_attr_filter<br> Module: Instantiating attr_filter.accounting_response<br>
attr_filter attr_filter.accounting_response {<br> attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"<br> key = "%{User-Name}"<br> }<br> Module: Checking session {...} for more modules to load<br>
Module: Checking post-proxy {...} for more modules to load<br> Module: Checking post-auth {...} for more modules to load<br> Module: Instantiating attr_filter.access_reject<br> attr_filter attr_filter.access_reject {<br>
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"<br> key = "%{User-Name}"<br> }<br> }<br>}<br>radiusd: #### Opening IP addresses and Ports ####<br>listen {<br> type = "auth"<br>
ipaddr = *<br> port = 0<br>}<br>listen {<br> type = "acct"<br> ipaddr = *<br> port = 0<br>}<br>Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>
Listening on proxy address * port 1814<br>Ready to process requests.<br><br>And here is the output after rejecting the user<br><br>rad_recv: Access-Request packet from host <a href="http://127.0.0.1">127.0.0.1</a> port 32779, id=142, length=56<br>
User-Name = "john"<br> User-Password = "john"<br> NAS-IP-Address = <a href="http://192.168.1.227">192.168.1.227</a><br> NAS-Port = 0<br>+- entering group authorize<br>++[preprocess] returns ok<br>
perl_pool: item 0xa10bb10 asigned new request. Handled so far: 1<br>found interpetator at address 0xa10bb10<br>rlm_perl: Added pair User-Name = john<br>rlm_perl: Added pair User-Password = john<br>rlm_perl: Added pair NAS-Port = 0<br>
rlm_perl: Added pair NAS-IP-Address = <a href="http://192.168.1.227">192.168.1.227</a><br>perl_pool total/active/spare [32/0/32]<br>Unreserve perl at address 0xa10bb10<br>++[perl] returns ok<br> rlm_realm: No '@' in User-Name = "john", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: No EAP-Message, not doing EAP<br>++[eap] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<br>
auth: Failed to validate the user.<br>Login incorrect: [john/john] (from client localhost port 0)<br> Found Post-Auth-Type Reject<br>+- entering group REJECT<br> expand: %{User-Name} -> john<br> attr_filter: Matched entry DEFAULT at line 11<br>
++[attr_filter.access_reject] returns updated<br>Delaying reject of request 0 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 0<br>Sending Access-Reject of id 142 to <a href="http://127.0.0.1">127.0.0.1</a> port 32779<br>
Waking up in 4.9 seconds.<br>Cleaning up request 0 ID 142 with timestamp +3<br>Ready to process requests.<br><br><br>With Regards<br>Elangbam Johnson<br>