<div dir="ltr">Hi Alan,<div><br></div><div>Thank your for the response.</div><div><br></div><div>All the RADIUS PDU's need to be ammped to the HTTP API of a AAA server. So we're using the Perl module to do the HTTP calls. That's why we're using perl in authenticate. If there is another way to proxy HTTP calls please advise.</div>
<div><br></div><div>Regards,</div><div>Shurbann Martes</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jan 3, 2014 at 10:47 AM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Shurbann Martes wrote<br>
<div class="im">> Just wondering if there is a way to enable the Perl module to work<br>
> without changing the users files as described<br>
> here <a href="http://wiki.freeradius.org/modules/Rlm_perl" target="_blank">http://wiki.freeradius.org/modules/Rlm_perl</a>.<br>
<br>
</div> Yes. Just list "perl" in "authorize". Each section is independent.<br>
You do NOT need to run "perl" in "authenticate"<br>
<div class="im"><br>
> In many places (<a href="http://wiki.freeradius.org/config/Auth%20Type" target="_blank">http://wiki.freeradius.org/config/Auth%20Type</a>) I'm<br>
> reading that it is not a good idea to intervene by setting the Auth-Type<br>
> manually, but still on the wiki page of rlm_perl this is being described<br>
> as the way to enable the Perl module to work.<br>
<br>
</div> No, that's the way to get "perl" run in the "authenticate" section.<br>
<div class="im"><br>
> Until now I've been using the Perl module alone to<br>
> authenticate/authorize and changing the users file works great.<br>
<br>
</div> I would VERY much suggest that you don't run "perl" in "authenticate".<br>
There is almost always no need for it.<br>
<div class="im"><br>
> But now<br>
> I need to combine EAP/SIM module with Perl module. So when the message<br>
> contains EAP/SIM attributes it needs to authenticate using EAP module,<br>
> else it needs to fallback to the Perl one.<br>
<br>
</div> You can key off of EAP-Message. If it exists, don't set Auth-Type = Perl.<br>
<br>
This probably should be done in "unlang", instead of in the "users" file.<br>
<div class="im"><br>
> With the users script changed as described on the perl_module page the<br>
> EAP module won't work and if I don't change the users it will use<br>
> EAP/SIM module, but Perl module will fail. So intervening here looks<br>
> like is causing modules not to work properly<br>
<br>
</div> Delete that entry from the "users" file.<br>
<div class="im"><br>
> Which strategy needs one to follow when using the Perl script in<br>
> combination with EAP/SIM. Just want to be sure that I'm using the proper<br>
> way to enable the Perl module, without intervening in the Auth-Type.<br>
<br>
</div> There is no "proper" way. It all depends on what you need. If you<br>
don't need "perl" in "authenticate", don't set Auth-Type.<br>
<span class="HOEnZb"><font color="#888888"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</font></span></blockquote></div><br></div>