rlm_perl and empty user name variable
I have freeradius 1.05 configured with rlm_perl to handle authentication, and the problem seems to be that the $RAD_REQUEST{'User-Name'} variable is an empty string within the perl script I have set up. The perl script is based on the example.pl script provided with freeradius. My users file has one line: DEFAULT Auth-Type := Perl_Auth The applicable sections of radiusd.conf are: modules section: perl { module = "/home/rpm/test_rad.pl" func_authenticate = authenticate func_authorize = authorize } authorize { files } authenticate { Auth-Type Perl_Auth { perl } } The perl script itself has the variables toward the top uncommented, and the authenticate sub is: sub authenticate { # For debugging purposes only &log_request_attributes; if ($RAD_REQUEST{'User-Name'} =="") { return RLM_MODULE_REJECT; } if ($RAD_REQUEST{'User-Name'} =~ /^fred/i) { # Reject user and tell him why $RAD_REPLY{'Reply-Message'} = "Denied access by rlm_perl function"; return RLM_MODULE_REJECT; } else { # Accept user and set some attribute $RAD_REPLY{'h323-credit-amount'} = "100"; return RLM_MODULE_OK; } } All authentication attempts get caught with the empty string check in the code above. Below is the radiusd debug: rad_recv: Access-Request packet from host 127.0.0.1:43349, id=196, length=55 User-Name = "gus" User-Password = "123" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 users: Matched entry DEFAULT at line 1 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Perl_Auth auth: type "Perl_Auth" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_perl: Added pair Auth-Type = Perl_Auth modcall[authenticate]: module "perl" returns reject for request 0 modcall: group Auth-Type returns reject for request 0 auth: Failed to validate the user.
On Wednesday 26 October 2005 21:52, Gustave Nylander wrote:
sub authenticate { # For debugging purposes only &log_request_attributes;
if ($RAD_REQUEST{'User-Name'} =="") {
Use if ($RAD_REQUEST{'User-Name'} eq "" -- Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002
Ah yes, the 'eq' operator. But it still matches the variable with the empty string, which means I'm still not seeing the user name in the authentication portion of the process. thanks for the help so far! Boyan Jordanov wrote:
On Wednesday 26 October 2005 21:52, Gustave Nylander wrote:
sub authenticate { # For debugging purposes only &log_request_attributes;
if ($RAD_REQUEST{'User-Name'} =="") {
Use if ($RAD_REQUEST{'User-Name'} eq ""
participants (2)
-
Boyan Jordanov -
Gustave Nylander