strange behavior of checkrad and radius with Authen::Radius
I am using Authen::Radius and checkrad in order to check for duplicate connections on ASR 9901. Everything is ok when i call checkrad directly from command line: checkrad cisco_coa nas_ip nas_port username session_id It correctly checks for session using COA REQUEST and returns 44 or 45 (ACK or NAK). But, when called from freeradius Authen::Radius looses $self{'secret'} value, it becomes undef. When freeradius started with -X it prints: Use of uninitialized value in subroutine entry at /usr/local/share/perl/5.34.0/Authen/Radius.pm line 1004. If i edit line 1004 and $self->{'secret'}); replace with hardcoded secret: 'my_coa_secret' everything works, checkrad is able to do COA REQUEST and detect duplicate session. So, for some reason when checkrad called from freeradius this value becomes undef. Also, cisco_coa is new type defined in checkrad, i have created entirely new subroutine for coa call and included Authen::Radius: sub cisco_coa { return 2 unless (check_authen_radius()); my ($login, $pass) = naspasswd($ARGV[1], 1); $ro = new Authen::Radius(Host => $ARGV[1].':1700', Secret => $pass, Debug => 0); Authen::Radius->load_dictionary($radiusDictionary); $ro->add_attributes ( { Name => 'User-Name', Value => $ARGV[3]}, { Name => 'Acct-Session-Id', Value => $ARGV[4]} ); $ro->send_packet(COA_REQUEST) and $tip = $ro->recv_packet(); if ($tip == 44) { return 1; } elsif ($tip == 45) { return 0; } else { return 2; } } If anyone is able to help i will very much appreciate it, Thank you, Igor
On 14/02/2024 23:35, Igor Smitran wrote:
But, when called from freeradius Authen::Radius looses $self{'secret'} value, it becomes undef.
When freeradius started with -X it prints:
Use of uninitialized value in subroutine entry at /usr/local/share/perl/5.34.0/Authen/Radius.pm line 1004.
This sounds like an issue retrieving the client password from /etc/raddb/naspasswd
sub cisco_coa {
return 2 unless (check_authen_radius());
my ($login, $pass) = naspasswd($ARGV[1], 1);
I would add debug logging at this point to verify the values of $ARGV[1] and $pass are what you expect. -- Nick Porter
On 15. 2. 24. 10:35, Nick Porter wrote:
On 14/02/2024 23:35, Igor Smitran wrote:
But, when called from freeradius Authen::Radius looses $self{'secret'} value, it becomes undef.
When freeradius started with -X it prints:
Use of uninitialized value in subroutine entry at /usr/local/share/perl/5.34.0/Authen/Radius.pm line 1004.
This sounds like an issue retrieving the client password from /etc/raddb/naspasswd
You are absolutely right :( I am sorry everyone :( nasspasswd was owned by root. Thank you Nick
participants (2)
-
Igor Smitran -
Nick Porter