RLM_PERL Simultaneous-Use RLM_MODULE_REJECT
Hello everybody! I am using rlm_perl for checking Simultaneous-Use. But this not work... :-( FreeRadius 2.1.1 session { perl } I see, that module is work. But if I return RLM_MODULE_REJECT the user is not REJECTED!!! What I do wrong? In debug mode (radiusd -X): Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "**************" [pap] Using CRYPT encryption. [pap] User authenticated successfully ++[pap] returns ok +- entering group session {...} Using perl at 0xa6b40 rlm_perl: RLM_PERL => sub checksimul rlm_perl: RAD_REQUEST: NAS-Port-Type = Virtual rlm_perl: RAD_REQUEST: Service-Type = Framed-User rlm_perl: RAD_REQUEST: Framed-Protocol = PPP rlm_perl: RAD_REQUEST: User-Name = s_1295737 rlm_perl: RAD_REQUEST: User-Password = ****************** rlm_perl: RAD_REQUEST: Realm = DEFAULT rlm_perl: RAD_REQUEST: NAS-Port = 0 rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.0.1 rlm_perl: RAD_REQUEST: NAS-Port-Id = 0/0/1/500 rlm_perl: RAD_REPLY: Framed-Protocol = PPP rlm_perl: RAD_REPLY: Session-Timeout = 90000 rlm_perl: RAD_REPLY: Service-Type = Framed-User rlm_perl: RAD_CONFIG: Crypt-Password = ***************** rlm_perl: RAD_CONFIG: Simultaneous-Use = 1 rlm_perl: RAD_CONFIG: Auth-Type = PAP rlm_perl: RAD_CHECK: Crypt-Password = **************** rlm_perl: RAD_CHECK: Simultaneous-Use = 1 rlm_perl: RAD_CHECK: Auth-Type = PAP rlm_perl: CHECK: send [s_1295737] to [194.186.47.51:6795] is ok rlm_perl: CHECK: Multiple logins (hits 3) (max 1) : [s_1295737] (from client 192.168.0.1 port 0) rlm_perl: Added pair NAS-Port-Type = Virtual rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Framed-Protocol = PPP rlm_perl: Added pair User-Name = s_1295737 rlm_perl: Added pair User-Password = **************** rlm_perl: Added pair Realm = DEFAULT rlm_perl: Added pair NAS-Port = 0 rlm_perl: Added pair NAS-IP-Address = 192.168.0.1 rlm_perl: Added pair NAS-Port-Id = 0/0/1/500 rlm_perl: Added pair Framed-Protocol = PPP rlm_perl: Added pair Session-Timeout = 90000 rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Crypt-Password = *************** rlm_perl: Added pair Simultaneous-Use = 1 rlm_perl: Added pair Auth-Type = PAP ++[perl] returns reject Login OK: [s_1295737] (from client cisco1 port 0) Also I attempted: RLM_MODULE_REJECT RLM_MODULE_FAIL RLM_MODULE_HANDLED RLM_MODULE_INVALID RLM_MODULE_USERLOCK and response still "Login OK: [s_1295737] (from client cisco1 port 0)".... P.S. authorize section work very good. Thanks a lot!
Hello again. =) I am found workaround! Using post-auth section. If anybody know how I may do it without post-auth. Please mail me. Thanks a lot.
Hello everybody! I am using rlm_perl for checking Simultaneous-Use. But this not work... :-( FreeRadius 2.1.1 session { perl } I see, that module is work. But if I return RLM_MODULE_REJECT the user is not REJECTED!!! What I do wrong? In debug mode (radiusd -X):
Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "**************" [pap] Using CRYPT encryption. [pap] User authenticated successfully ++[pap] returns ok +- entering group session {...} Using perl at 0xa6b40 rlm_perl: RLM_PERL => sub checksimul rlm_perl: RAD_REQUEST: NAS-Port-Type = Virtual rlm_perl: RAD_REQUEST: Service-Type = Framed-User rlm_perl: RAD_REQUEST: Framed-Protocol = PPP rlm_perl: RAD_REQUEST: User-Name = s_1295737 rlm_perl: RAD_REQUEST: User-Password = ****************** rlm_perl: RAD_REQUEST: Realm = DEFAULT rlm_perl: RAD_REQUEST: NAS-Port = 0 rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.0.1 rlm_perl: RAD_REQUEST: NAS-Port-Id = 0/0/1/500 rlm_perl: RAD_REPLY: Framed-Protocol = PPP rlm_perl: RAD_REPLY: Session-Timeout = 90000 rlm_perl: RAD_REPLY: Service-Type = Framed-User rlm_perl: RAD_CONFIG: Crypt-Password = ***************** rlm_perl: RAD_CONFIG: Simultaneous-Use = 1 rlm_perl: RAD_CONFIG: Auth-Type = PAP rlm_perl: RAD_CHECK: Crypt-Password = **************** rlm_perl: RAD_CHECK: Simultaneous-Use = 1 rlm_perl: RAD_CHECK: Auth-Type = PAP rlm_perl: CHECK: send [s_1295737] to [194.186.47.51:6795] is ok rlm_perl: CHECK: Multiple logins (hits 3) (max 1) : [s_1295737] (from client 192.168.0.1 port 0) rlm_perl: Added pair NAS-Port-Type = Virtual rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Framed-Protocol = PPP rlm_perl: Added pair User-Name = s_1295737 rlm_perl: Added pair User-Password = **************** rlm_perl: Added pair Realm = DEFAULT rlm_perl: Added pair NAS-Port = 0 rlm_perl: Added pair NAS-IP-Address = 192.168.0.1 rlm_perl: Added pair NAS-Port-Id = 0/0/1/500 rlm_perl: Added pair Framed-Protocol = PPP rlm_perl: Added pair Session-Timeout = 90000 rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Crypt-Password = *************** rlm_perl: Added pair Simultaneous-Use = 1 rlm_perl: Added pair Auth-Type = PAP ++[perl] returns reject Login OK: [s_1295737] (from client cisco1 port 0)
Also I attempted: RLM_MODULE_REJECT RLM_MODULE_FAIL RLM_MODULE_HANDLED RLM_MODULE_INVALID RLM_MODULE_USERLOCK
and response still "Login OK: [s_1295737] (from client cisco1 port 0)"....
P.S. authorize section work very good.
Thanks a lot! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
participants (1)
-
Anatoly S. Zimin