You need to concatenate the value of the $RAD_REQUEST variable into the query. It's plain text like this. Ivan Kalik Kalik Informatika ISP -----Original Message----- From: freeradius-users-bounces+tnt=kalik.net@lists.freeradius.org [mailto:freeradius-users-bounces+tnt=kalik.net@lists.freeradius.org] On Behalf Of rsg Sent: 09 April 2008 17:24 To: FreeRadius users mailing list Subject: Re: ENV variables in external scripts Hi, it's 1.1.7 If this cannot bypass CHAP, will have to do it using the same perl script then. My next query is when I tried to retrieve the CallerId from a Mysql DB using the same perl script with, --------- use Mysql; : : $status = $db->Mysql::query("SELECT IF(EXISTS(SELECT callerid FROM auth WHERE callerid='$RAD_REQUEST{/'Calling-Station-Id'/}'),'y','n')"); ($callerid)=$status->FetchRow(); : : --------- it gives no CallerId leading to $status = "n". Is '$RAD_REQUEST{/'Calling-Station-Id'/}' correct ? Thanks, rg 2008/4/9 Ivan Kalik <tnt@kalik.net>:
What freeradius version? I don't think that you can bypass chap in 1.1.x but it can be done in 2.0 with unlang. pap is listed last, so it will be bypassed in both versions.
Ivan Kalik Kalik Informatika ISP
Dana 9/4/2008, "rsg" <ranil.santhish@gmail.com> piše:
Hi,
Thanks a lot for the suggestion. I have a few more queries with regard >to rlm_perl integration. > When this module is used for Calling-Station-Id based auth, would it be independent of whether it is CHAP or PAP.
I tried with
.../users
DEFAULT Auth-Type = perl Fall-Through = 1 : :
And the rlm_perl for Authentication and Authorization
Observations:
1) When a "CHAP-Password" is received the perl script used does not authenticate as it calls the CHAP module 2) When a "User-Password" is received the user authentication is successful.
Here's the test perl script that I've tried with.
------------------- use warnings; use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK); use Data::Dumper;
use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */ use constant RLM_MODULE_FAIL=> 1;# /* module failed, don't reply */ use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */ use constant RLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */ use constant RLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */ use constant RLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */ use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found */ use constant RLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */ use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */ use constant RLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */
# Function to handle authenticate sub authenticate { if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") { $RAD_REPLY{'Reply-Message'} = "OK --------->"; return RLM_MODULE_OK; }else { return RLM_MODULE_NOTFOUND; } }
# Function to handle authorize sub authorize {
if ($RAD_REQUEST{'Calling-Station-Id'} eq "4444444444") {
return RLM_MODULE_OK;
}else {
return RLM_MODULE_FAIL; } }
------------------------------------------------------------------
Could you advise how could I tackle this issue to bypass CHAP/PAP status when CallerId is allowed ?
Thanks, rg
On Tue, Apr 8, 2008 at 7:57 PM, Ivan Kalik <tnt@kalik.net> wrote:
With rlm_perl can external perl scripts be easily used as with Exec-Program-Wait ?
Easier:
http://wiki.freeradius.org/Rlm_perl
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.10/1366 - Release Date: 2008-04-08 17:03