Fwd: final rlm_perl question, hopefully...
Hi All, Ok, after reviewing all the information that was received, I've setup my FreeRadius as following: 1. The authorize and authenticate sections are setup to activate digest and perl. 2. My rlm_perl script utilizes the following lines in order to return the unencrypted user password back to FreeRadius for digest authentication: $RAD_CHECK{'Cleartext-Password'} = "xxxxxx"; # Remove this line for production $RAD_CHECK{'User-Password'}="xxxxxx"; # Remove this line for production I just put these inside my script for checking, later on this information will be retrieved from an external source. Now, FreeRadius activates my rlm_perl module, no problem, as I can see the various reply fields being setup, however, I'm still getting the following error: rlm_perl: RAD_REQUEST: Client-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: Digest-Response = 632905a2325f672f049800eda7df9ee4 rlm_perl: RAD_REQUEST: User-Name = z2l@192.168.2.80 rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: NAS-Port = 5060 rlm_perl: RAD_REQUEST: Sip-Uri-User = z2l rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0xbbc93f0) rlm_perl: RAD_REPLY: Reply-Message = User accepted by z2l WSDL rlm_perl: RAD_REPLY: z2l-Duration = 60 rlm_perl: RAD_REPLY: z2l-Status = 2 rlm_perl: RAD_REPLY: z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d rlm_perl: Added pair Reply-Message = User accepted by z2l rlm_perl: Added pair z2l-Duration = 60 rlm_perl: Added pair z2l-Status = 2 rlm_perl: Added pair z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d rlm_perl: Added pair Cleartext-Password = z2l rlm_perl: Added pair User-Password = z2l rlm_perl: Added pair Auth-Type = digest perl_pool total/active/spare [32/0/32] Unreserve perl at address 0xb933260 modcall[authorize]: module "perl" returns ok for request 5 rlm_realm: Looking up realm "192.168.2.80" for User-Name = "z2l@192.168.2.80" rlm_realm: No such realm "192.168.2.80" modcall[authorize]: module "suffix" returns noop for request 5 modcall: leaving group authorize (returns ok) for request 5 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 5 modcall: leaving group authenticate (returns invalid) for request 5 auth: Failed to validate the user. Login incorrect: [z2l@192.168.2.80/<no User-Password attribute>] (from client 192.168.2.80 port 5060) Delaying request 5 for 1 seconds Finished request 5 Going to the next request Waking up in 3 seconds... Now, my configuration is very very simple. In the authorize I have digest and perl enabled, in authenticate I have only digest enabled. If I read the debug correctly, the authorization is going ok: modcall[authorize]: module "perl" returns ok for request 5 rlm_realm: Looking up realm "192.168.2.80" for User-Name = "z2l@192.168.2.80" rlm_realm: No such realm "192.168.2.80" modcall[authorize]: module "suffix" returns noop for request 5 modcall: leaving group authorize (returns ok) for request 5 However, the authentication section fails: rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 5 modcall: leaving group authenticate (returns invalid) for request 5 auth: Failed to validate the user. Login incorrect: [z2l@192.168.2.80/<no User-Password attribute>] (from client 192.168.2.80 port 5060) So, I'm either returning something in the wrong way, or I've broken something again. Any pointers on the issue would be highly appreciated. Regards, Z2L
Hi all, Please disregard, I've solved the thing ;-) Silly typo in the return. Z2L ----- Original Message ----- From: "FreeRadius-ML" <freeradius@zap2link.com> To: "freeradius-users" <freeradius-users@lists.freeradius.org> Sent: Thursday, July 26, 2007 6:41:21 PM (GMT+0200) Asia/Jerusalem Subject: Fwd: final rlm_perl question, hopefully... Hi All, Ok, after reviewing all the information that was received, I've setup my FreeRadius as following: 1. The authorize and authenticate sections are setup to activate digest and perl. 2. My rlm_perl script utilizes the following lines in order to return the unencrypted user password back to FreeRadius for digest authentication: $RAD_CHECK{'Cleartext-Password'} = "xxxxxx"; # Remove this line for production $RAD_CHECK{'User-Password'}="xxxxxx"; # Remove this line for production I just put these inside my script for checking, later on this information will be retrieved from an external source. Now, FreeRadius activates my rlm_perl module, no problem, as I can see the various reply fields being setup, however, I'm still getting the following error: rlm_perl: RAD_REQUEST: Client-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: Digest-Response = 632905a2325f672f049800eda7df9ee4 rlm_perl: RAD_REQUEST: User-Name = z2l@192.168.2.80 rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register rlm_perl: RAD_REQUEST: NAS-IP-Address = 192.168.2.80 rlm_perl: RAD_REQUEST: NAS-Port = 5060 rlm_perl: RAD_REQUEST: Sip-Uri-User = z2l rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0xbbc93f0) rlm_perl: RAD_REPLY: Reply-Message = User accepted by z2l WSDL rlm_perl: RAD_REPLY: z2l-Duration = 60 rlm_perl: RAD_REPLY: z2l-Status = 2 rlm_perl: RAD_REPLY: z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d rlm_perl: Added pair Reply-Message = User accepted by z2l rlm_perl: Added pair z2l-Duration = 60 rlm_perl: Added pair z2l-Status = 2 rlm_perl: Added pair z2l-Session = 833abb3d-d047-4d0d-a40e-2e147049f96d rlm_perl: Added pair Cleartext-Password = z2l rlm_perl: Added pair User-Password = z2l rlm_perl: Added pair Auth-Type = digest perl_pool total/active/spare [32/0/32] Unreserve perl at address 0xb933260 modcall[authorize]: module "perl" returns ok for request 5 rlm_realm: Looking up realm "192.168.2.80" for User-Name = "z2l@192.168.2.80" rlm_realm: No such realm "192.168.2.80" modcall[authorize]: module "suffix" returns noop for request 5 modcall: leaving group authorize (returns ok) for request 5 rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 5 modcall: leaving group authenticate (returns invalid) for request 5 auth: Failed to validate the user. Login incorrect: [z2l@192.168.2.80/<no User-Password attribute>] (from client 192.168.2.80 port 5060) Delaying request 5 for 1 seconds Finished request 5 Going to the next request Waking up in 3 seconds... Now, my configuration is very very simple. In the authorize I have digest and perl enabled, in authenticate I have only digest enabled. If I read the debug correctly, the authorization is going ok: modcall[authorize]: module "perl" returns ok for request 5 rlm_realm: Looking up realm "192.168.2.80" for User-Name = "z2l@192.168.2.80" rlm_realm: No such realm "192.168.2.80" modcall[authorize]: module "suffix" returns noop for request 5 modcall: leaving group authorize (returns ok) for request 5 However, the authentication section fails: rad_check_password: Found Auth-Type DIGEST auth: type "digest" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_digest: Configuration item "User-Password" or Digest-HA1 is required for authentication. modcall[authenticate]: module "digest" returns invalid for request 5 modcall: leaving group authenticate (returns invalid) for request 5 auth: Failed to validate the user. Login incorrect: [z2l@192.168.2.80/<no User-Password attribute>] (from client 192.168.2.80 port 5060) So, I'm either returning something in the wrong way, or I've broken something again. Any pointers on the issue would be highly appreciated. Regards, Z2L - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu 26 Jul 2007, FreeRadius-ML wrote:
Hi all,
Please disregard, I've solved the thing ;-) Silly typo in the return.
Z2L
----- Original Message ----- From: "FreeRadius-ML" <freeradius@zap2link.com> To: "freeradius-users" <freeradius-users@lists.freeradius.org> Sent: Thursday, July 26, 2007 6:41:21 PM (GMT+0200) Asia/Jerusalem Subject: Fwd: final rlm_perl question, hopefully...
Hi All,
Ok, after reviewing all the information that was received, I've setup my FreeRadius as following:
1. The authorize and authenticate sections are setup to activate digest and perl. 2. My rlm_perl script utilizes the following lines in order to return the unencrypted user password back to FreeRadius for digest authentication:
$RAD_CHECK{'Cleartext-Password'} = "xxxxxx"; # Remove this line for production $RAD_CHECK{'User-Password'}="xxxxxx"; # Remove this line for production
In any case you should not need to use both 'User-Password' and 'Cleartext-Password'. In newer versions of FreeRADIUS 'Cleartext-Password' has replaced 'User-Password'... Cheers -- Peter Nixon http://peternixon.net/
participants (2)
-
FreeRadius-ML -
Peter Nixon