Fajar. Thanks for the tip. This indeed works. In fact as Alan alluded to, placing the configuration in either users or the module will work. Here are the configurations that worked: /etc/raddb/users: DEFAULT Auth-Type = Perl Fall-Through = yes OR /etc/raddb/example: # Function to handle authorize sub authorize { # For debugging purposes only &log_request_attributes; # Here's where your authorization code comes # You can call another function from here: &test_call; $RAD_CHECK{'Auth-Type'} = "Perl"; $RAD_CHECK{'Fall-Through'} = "yes"; return RLM_MODULE_OK; } Cheers and thanks! Diego On Tue, Jun 12, 2012 at 10:16 PM, Fajar A. Nugraha <list@fajar.net> wrote:
On Wed, Jun 13, 2012 at 6:01 AM, Diego Matute <dmatute@cyphercor.com> wrote:
2/ How does Auth-Type get set? I've read a bunch of forum threads and it looks like best practice nowadays is to let the server figure it out and not set it explicitly in /etc/raddb/users, however it isn't being set.
It isn't being set because the default distribution doesn't use rlm_perl.
If you want to *force* usage of rlm_perl, you need to set Auth-Type. If you want to let the server just do the right thing, leave everything alone.
What is the best practice for this? Should the Auth-Type be set in /etc/raddb/users, within the module, /etc/raddb/sites-available/*?
Why do you want to set Auth-Type? As Alan already said, if you want to let the server just do the right thing, leave everything alone. Meaning, you leave auth-type alone, use rlm_perl to supply user data (e.g. cleartext-password) as needed during authorization, and let the default authentication methods (pap, mschap, etc) does its job. If you force set auth-type, then you're not following best practice.
That being said, from within rlm_perl you could probably set the attribute on %RAD_CHECK (or is it %RAD_CONFIG?). If ALL your users will use perl to authenticate then something like the default section on /etc/raddb/users should do.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html