On 09/10/12 23:32, Andrew Precht wrote:
to: module = /etc/raddb/sjpl.pl
Also, in the perl file I have uncommented the line: func_authenticate = authenticate
Next, in /etc/raddb/sites-enabled/default I added perl to the authenticate {} section.
Your problem is that the script is just wrong. You're running in the "authorize" section:
Access-Request packet from host 192.168.251.93 port 50827, id=0, length=54 User-Name = "21197904090320" User-Password = "1533" # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} rlm_perl: Added pair User-Name = 21197904090320 rlm_perl: Added pair User-Password = 1533 ++[perl] returns ok
...but you're not arranging for yourself to be run in the authenticate section:
++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "21197904090320", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request:
...i.e. Auth-Type is unset, so "authenticate" never runs. There are many ways to solve this. Here's one: authorize { ... perl if (ok) { update control { Auth-Type = perl } } ... } authenticate { ... Auth-Type perl { perl } ... } Alternatively you could make your "perl" script set the "Auth-Type" item in the control list. And so on. The point is you need to set an Auth-Type, and make your "perl" script handle it.