<font><font face="verdana,sans-serif">Fajar. Thanks for the tip.</font></font><div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">This indeed works. In fact as Alan alluded to, placing the configuration in either users or the module will work. Here are the configurations that worked:</font></font></div>
<div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">/etc/raddb/users:</font></font></div><div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">DEFAULT Auth-Type = Perl</font></font></div>
<div><font><font face="verdana,sans-serif"> Fall-Through = yes</font></font></div><div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">OR</font></font></div>
<div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">/etc/raddb/example:</font></font></div><div><font><font face="verdana,sans-serif"><br></font></font></div><div>
<font><font face="verdana,sans-serif"><div># Function to handle authorize</div><div>sub authorize {</div><div> # For debugging purposes only</div><div> &log_request_attributes;</div><div><br></div><div> # Here's where your authorization code comes</div>
<div> # You can call another function from here:</div><div> &test_call;</div><div><br></div><div> $RAD_CHECK{'Auth-Type'} = "Perl";</div><div> $RAD_CHECK{'Fall-Through'} = "yes";</div>
<div><br></div><div> return RLM_MODULE_OK;</div><div>}</div><div><br></div><div>Cheers and thanks!</div><div><br></div><div>Diego</div></font></font><br><div class="gmail_quote">On Tue, Jun 12, 2012 at 10:16 PM, Fajar A. Nugraha <span dir="ltr"><<a href="mailto:list@fajar.net" target="_blank">list@fajar.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Wed, Jun 13, 2012 at 6:01 AM, Diego Matute <<a href="mailto:dmatute@cyphercor.com">dmatute@cyphercor.com</a>> wrote:<br>
<br>
>> > 2/ How does Auth-Type get set? I've read a bunch of forum threads and it<br>
>> > looks like best practice nowadays is to let the server figure it out and<br>
>> > not set it explicitly in /etc/raddb/users, however it isn't being set.<br>
>><br>
>> It isn't being set because the default distribution doesn't use rlm_perl.<br>
>><br>
>> If you want to *force* usage of rlm_perl, you need to set Auth-Type.<br>
>> If you want to let the server just do the right thing, leave everything<br>
>> alone.<br>
>><br>
><br>
> What is the best practice for this? Should the Auth-Type be set in<br>
> /etc/raddb/users, within the module, /etc/raddb/sites-available/*?<br>
<br>
</div>Why do you want to set Auth-Type? As Alan already said, if you want<br>
<div class="im">to let the server just do the right thing, leave everything alone.<br>
</div>Meaning, you leave auth-type alone, use rlm_perl to supply user data<br>
(e.g. cleartext-password) as needed during authorization, and let the<br>
default authentication methods (pap, mschap, etc) does its job. If you<br>
force set auth-type, then you're not following best practice.<br>
<br>
That being said, from within rlm_perl you could probably set the<br>
attribute on %RAD_CHECK (or is it %RAD_CONFIG?). If ALL your users<br>
will use perl to authenticate then something like the default section<br>
on /etc/raddb/users should do.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Fajar<br>
</font></span><div class="HOEnZb"><div class="h5">-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br></div>