<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'><div dir='ltr'>
<br><br><div><hr id="stopSpelling"><br>
<meta http-equiv="Content-Type" content="text/html; charset=unicode">
<meta name="Generator" content="Microsoft SafeHTML">
<style>
.ExternalClass .ecxhmmessage P
{padding:0px;}
.ExternalClass body.ecxhmmessage
{font-size:10pt;font-family:Tahoma;}
</style>
<div dir="ltr">
Ok,<br>openSLL is installed on my server. No more issue on EAP. However, my debug line in sub authenticate still is not being called:<br><br><br>#example.pl<br># Function to handle authorize<br>sub authorize {<br> <font style="" color="#FF0000"> print "TEST-authorize: username=$RAD_REQUEST{'User-Name'}\n";</font><br> # For debugging purposes only<br># &log_request_attributes;<br><br> # Here's where your authorization code comes<br> # You can call another function from here:<br> &test_call;<br><br> return RLM_MODULE_OK;<br>}<br><br># Function to handle authenticate<br>sub authenticate {<br> <font style="" color="#FF0000"> print "TEST-authenticate\n";</font><br> # For debugging purposes only<br># &log_request_attributes;<br><br> if ($RAD_REQUEST{'User-Name'} =~ /^baduser/i) {<br> # Reject user and tell him why<br> $RAD_REPLY{'Reply-Message'} = "Denied access by rlm_perl function";<br> return RLM_MODULE_REJECT;<br> } else {<br> # Accept user and set some attribute<br> $RAD_REPLY{'h323-credit-amount'} = "100";<br> return RLM_MODULE_OK;<br> }<br>}<br><br><br>and here is the debug:<br><br>Cleaning up request 9 ID 9 with timestamp +7<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 10.0.0.31 port 50071, id=19, length=169<br> User-Name = "abc"<br> NAS-IP-Address = 10.0.0.31<br> NAS-Identifier = "belair"<br> NAS-Port = 0<br> Called-Station-Id = "00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x"<br> Calling-Station-Id = "5C-59-48-F0-34-8B"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0200000801616263<br> Message-Authenticator = 0xb952dcdfcec1e39a79c029ccdc94c2ca<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "abc", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 0 length 8<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br>[sql] expand: %{User-Name} -> abc<br>[sql] sql_set_user escaped user --> 'abc'<br>rlm_sql (sql): Reserving sql socket id: 1<br>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'abc' ORDER BY id<br>[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'abc' ORDER BY priority<br>rlm_sql (sql): Released sql socket id: 1<br>[sql] User abc not found<br>++[sql] returns notfound<br><font style="" color="#FF0000">TEST-authorize: username=abc</font><br>rlm_perl: Added pair NAS-Port-Type = Wireless-802.11<br>rlm_perl: Added pair Calling-Station-Id = 5C-59-48-F0-34-8B<br>rlm_perl: Added pair Called-Station-Id = 00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x<br>rlm_perl: Added pair Message-Authenticator = 0xb952dcdfcec1e39a79c029ccdc94c2ca<br>rlm_perl: Added pair User-Name = abc<br>rlm_perl: Added pair NAS-Identifier = belair<br>rlm_perl: Added pair EAP-Message = 0x0200000801616263<br>rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b<br>rlm_perl: Added pair EAP-Type = Identity<br>rlm_perl: Added pair NAS-IP-Address = 10.0.0.31<br>rlm_perl: Added pair NAS-Port = 0<br>rlm_perl: Added pair Framed-MTU = 1400<br>rlm_perl: Added pair Auth-Type = EAP<br>++[perl] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type md5<br>rlm_eap_md5: Issuing Challenge<br>++[eap] returns handled<br>Sending Access-Challenge of id 19 to 10.0.0.31 port 50071<br> EAP-Message = 0x0101001604108bc56309ea2103957c2aee6450696f68<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x2c81558c2c8051de6687486c2848c067<br>Finished request 10.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.0.0.31 port 50071, id=20, length=185<br> User-Name = "abc"<br> NAS-IP-Address = 10.0.0.31<br> NAS-Identifier = "belair"<br> NAS-Port = 0<br> Called-Station-Id = "00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x"<br> Calling-Station-Id = "5C-59-48-F0-34-8B"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020100060319<br> State = 0x2c81558c2c8051de6687486c2848c067<br> Message-Authenticator = 0x959b11a51401f767f5b52bc58298d730<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "abc", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 1 length 6<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br>[sql] expand: %{User-Name} -> abc<br>[sql] sql_set_user escaped user --> 'abc'<br>rlm_sql (sql): Reserving sql socket id: 0<br>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'abc' ORDER BY id<br>[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'abc' ORDER BY priority<br>rlm_sql (sql): Released sql socket id: 0<br>[sql] User abc not found<br>++[sql] returns notfound<br><font style="" color="#FF0000">TEST-authorize: username=abc</font><br>rlm_perl: Added pair NAS-Port-Type = Wireless-802.11<br>rlm_perl: Added pair State = 0x2c81558c2c8051de6687486c2848c067<br>rlm_perl: Added pair Calling-Station-Id = 5C-59-48-F0-34-8B<br>rlm_perl: Added pair Called-Station-Id = 00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x<br>rlm_perl: Added pair Message-Authenticator = 0x959b11a51401f767f5b52bc58298d730<br>rlm_perl: Added pair User-Name = abc<br>rlm_perl: Added pair NAS-Identifier = belair<br>rlm_perl: Added pair EAP-Message = 0x020100060319<br>rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b<br>rlm_perl: Added pair EAP-Type = NAK<br>rlm_perl: Added pair NAS-IP-Address = 10.0.0.31<br>rlm_perl: Added pair NAS-Port = 0<br>rlm_perl: Added pair Framed-MTU = 1400<br>rlm_perl: Added pair Auth-Type = EAP<br>++[perl] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP NAK<br>[eap] EAP-NAK asked for EAP-Type/peap<br>[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 20 to 10.0.0.31 port 50071<br> EAP-Message = 0x010200061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x2c81558c2d834cde6687486c2848c067<br>Finished request 11.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.0.0.31 port 50071, id=21, length=315<br> User-Name = "abc"<br> NAS-IP-Address = 10.0.0.31<br> NAS-Identifier = "belair"<br> NAS-Port = 0<br> Called-Station-Id = "00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x"<br> Calling-Station-Id = "5C-59-48-F0-34-8B"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0202008819800000007e16030100790100007503014e8a158f57cc1fc7dc587b4d0f71db7fe7535bd8d558d366554b98ffea94d54e00003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100<br> State = 0x2c81558c2d834cde6687486c2848c067<br> Message-Authenticator = 0xbc890b747815cfe2a522b36ce4298072<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "abc", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 2 length 136<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 126<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br>[peap] (other): before/accept initialization <br>[peap] TLS_accept: before/accept initialization <br>[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello <br>[peap] TLS_accept: SSLv3 read client hello A <br>[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello <br>[peap] TLS_accept: SSLv3 write server hello A <br>[peap] >>> TLS 1.0 Handshake [length 035d], Certificate <br>[peap] TLS_accept: SSLv3 write certificate A <br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone <br>[peap] TLS_accept: SSLv3 write server done A <br>[peap] TLS_accept: SSLv3 flush data <br>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>In SSL Handshake Phase <br>In SSL Accept mode <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 21 to 10.0.0.31 port 50071<br> EAP-Message = 0x010303a01900160301002a0200002603014e8a15900e786bf596f3aacf0a8613466bde700fd2039caa47f40e4e6ff7eebf00002f00160301035d0b0003590003560003533082034f308202b8020900c4503b0d3db1eb6a300d06092a864886f70d01010505003081eb310b3009060355040613025858312a3028060355040813215468657265206973206e6f2073756368207468696e67206f757473696465205553311330110603550407130a45766572797768657265310e300c060355040a13054f434f5341313c303a060355040b13334f666669636520666f7220436f6d706c69636174696f6e206f66204f74686572776973652053696d706c65<br> EAP-Message = 0x20416666616972733120301e060355040313176c61622d7375706572686f73742e62686e69732e6e6574312b302906092a864886f70d010901161c726f6f74406c61622d7375706572686f73742e62686e69732e6e6574301e170d3130303432323230333833355a170d3130303532323230333833355a3081eb310b3009060355040613025858312a3028060355040813215468657265206973206e6f2073756368207468696e67206f757473696465205553311330110603550407130a45766572797768657265310e300c060355040a13054f434f5341313c303a060355040b13334f666669636520666f7220436f6d706c69636174696f6e206f66<br> EAP-Message = 0x204f74686572776973652053696d706c6520416666616972733120301e060355040313176c61622d7375706572686f73742e62686e69732e6e6574312b302906092a864886f70d010901161c726f6f74406c61622d7375706572686f73742e62686e69732e6e657430819f300d06092a864886f70d010101050003818d0030818902818100a8095e7a92fe7feabe7940d9ba51310a55bba6c96949d67a1798a515961ab951cfe04d4234251d36e6854920ced26224b1d6ae09fa4e793c14d464b53e2faa9606b4f785c63f270a3c1a18fee3abfc1985e86e19d86fbe775c6171c952b3bd88dc6659099d07a84ac6d360d7cd23745031635d9093ea91d4<br> EAP-Message = 0x8108b36edcb15eb10203010001300d06092a864886f70d0101050500038181002ac5e5a95601c5d650cf06ab8b89bde90ff4435de070cb80076e7f0e25411dc2826996807af37acccfe9ada9a1f41c90be7301fda6bf6f1e9282c57e4a4923ae6c33b827032b0691cf516299f084f128c6631e3e80a6b7e77bc214ee36b3861a39819fae257557a2a023482750e50a19755919348bcb32d83e6cf0be37e0281716030100040e000000<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x2c81558c2e824cde6687486c2848c067<br>Finished request 12.<br>Going to the next request<br>Waking up in 4.7 seconds.<br>rad_recv: Access-Request packet from host 10.0.0.31 port 50071, id=22, length=387<br> User-Name = "abc"<br> NAS-IP-Address = 10.0.0.31<br> NAS-Identifier = "belair"<br> NAS-Port = 0<br> Called-Station-Id = "00-0D-67-12-15-80:SSO_BelAir-PMIP-8021x"<br> Calling-Station-Id = "5C-59-48-F0-34-8B"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020300d01980000000c61603010086100000820080371b287b2a288bb51773c591b925c51dc9dd35e78e31ca6572ba50103ff255b33f8f8d50222d2a360a84f9a626651502fce20b21dd5fd14a59094f2b1655bb2a2d11332b186fc5a94438859f67ec287724f63519e5cc82820cf91b5a9a9c4c26f33e31a74bddb88d1cb3b0b64ebf82e98fa1c5d1bd12b88a6774889fd868140d14030100010116030100304dcd33a4d2301013eb09a3e10798b8b1f5a6321a50a5b0ca6bd7c16c43fa7f1a4d442c1d5b5ab7421a7aa42b715abce2<br> State = 0x2c81558c2e824cde6687486c2848c067<br> Message-Authenticator = 0xa0a47b0b334f107a54ff4e9abac2969a<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "abc", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 3 length 208<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 198<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br>[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange <br>[peap] TLS_accept: SSLv3 read client key exchange A <br>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] <br>[peap] <<< TLS 1.0 Handshake [length 0010], Finished <br>[peap] TLS_accept: SSLv3 read finished A <br>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] <br>[peap] TLS_accept: SSLv3 write change cipher spec A <br>[peap] >>> TLS 1.0 Handshake [length 0010], Finished <br>[peap] TLS_accept: SSLv3 write finished A <br>[peap] TLS_accept: SSLv3 flush data <br>[peap] (other): SSL negotiation finished successfully <br>SSL Connection Established <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 22 to 10.0.0.31 port 50071<br> EAP-Message = 0x0104004119001403010001011603010030b7da9f1ff65aa82945313f6e0b13f88565316368755ae23680a9a60583941b0aacfc3e71103a1e5eec9da651ae5a9d2d<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x2c81558c2f854cde6687486c2848c067<br>Finished request 13.<br>Going to the next request<br>Waking up in 4.6 seconds.<br><br><br><br><br><div>> Date: Mon, 3 Oct 2011 18:55:42 +0100<br>> From: A.L.M.Buxey@lboro.ac.uk<br>> To: alex-rsm@hotmail.com<br>> Subject: Re: "authentication" sub in perl<br>> <br>> Hi,<br>> <br>> hint: https://help.ubuntu.com/community/OpenSSL<br>> <br>> <br>> alan<br></div> </div></div> </div></body>
</html>